Where do I store sensitive information in Node.js?


I have used express-generator to create a skeleton website and a template to work on. I do not know where to store sensitive information such as Data_config key, JWT secret, Connection URI, etc. Is there a workaround?

This is my current file tree. ./bin/www has the main server.js

I have previously used the dotenv package, but this is the first time I am using express-generator. I tried the same procedure by adding a .env file, and requiring dotenv by require(‘dotenv’).config(), but it gives me an error.


A good practice regarding environment variables is storing them in an environment (.env) file, which in Node.js you can access using the dotenv npm package.

This allows to avoid pushing sensitive data to versioning systems like Git or SVN and adds flexibility to use several instances of an application, which can represent ease of deployment and configuration for development pipelines.

dotenv in npm: https://www.npmjs.com/package/dotenv

Answered By – rolivencia

Answer Checked By – Jay B. (AngularFixing Admin)

Leave a Reply

Your email address will not be published.