NodeJS + React env vars | cscareers.dev | Page 1

balmy rune Sep 10, 2024, 9:02 PM

#

What do you wanna know?

drifting sage Sep 10, 2024, 10:04 PM

#

trying to launch my app to production

#

im wondering how I can keep my env variables secure and not expose them

balmy rune Sep 10, 2024, 10:38 PM

#

You can store your secrets in AWS Secrets Manager, and use the AWS SDK to grab those secret values from there

#

If you're deploying your app in a Kubernetes cluster, like AWS EKS, you can create a Kubernetes secret and set up your K8s configs to pump your secret into your pods as an env var, though this isn't a great industry practice since a malicious process can easily echo the env vars if it is able to shell into your server instance

#

If you wanna be super extra, you can store your secrets in something like Hashicorp Vault on AWS, and grab the secrets from there

drifting sage Sep 11, 2024, 1:46 AM

#

Just a standard server, what do you think is the best way

#

Does AWS Secrets Manager also handle Dev Env variables?

#

and thanks for the help

#

also another question, does AWS EC2 auto scale?

balmy rune Sep 11, 2024, 1:50 AM

#

Secrets Manager can store a JSON object as a secret, so you can put all of your env vars into that JSON object, if you want.

#

EC2 autoscales if you configure it to do that

#

If you only wanna store secrets in Secrets Manager and not all your env vars, you can try having an .env-dev and/or .env-prod file in your project, and your project uses the appropriate .env file depending on the remote AWS environment you're in

#

For the hobbyist, using EC2 is probably gonna be cheapest and straightforward way to deploy your app. On an enterprise level, companies generally use bigger orchestration tools like AWS ECS or EKS to deploy the different microservices, projects, and handle scaling

drifting sage Sep 11, 2024, 2:07 AM

#

Thanks, so using standard EC2 for now is fine?

#

if my product ever grows, I can rearchteict later?

#

and just another question around security,

My front-end has a Public-Key (stripe) should i secure this too

#

or jsut the private key on the backend

balmy rune Sep 11, 2024, 3:55 AM

#

Just the secure the private key. The point of asymmetric cryptography is that all public entities can access the public key, but only you (or your allowed entities) can use your private key

balmy rune Sep 11, 2024, 3:56 AM

#

drifting sage if my product ever grows, I can rearchteict later?

Yes

#

Kubernetes can get pretty expensive, which is why companies can afford it over individuals

#NodeJS + React env vars