I am doing an app in nodejs i have pushed my mongodb url in my github repo which is not safe. So how can i hide or move to somewhere where it won’t be pushed in nodejs.
I mistakenly pushed in github and it received a mail about it .
GitGuardian has detected the following MongoDB URI exposed within your GitHub account.
How to fix this by using env variable or include variables from other files which will not be pushed
2
Answers
You don’t have to push the .env file(Which may contain your credentials and your db url) to github. When you will host your repo to a hosting service they will provide you functionality to make .env file on the server.
You could also store your variables outside the repo entirely, which is how AWS commonly recommends with their
~/.aws/credentials
approach. Then, on whatever platform you use for production, leverage their built in credentials management like Azure Vault or AWS Secrets Manager.Another approach, aside from using an
.env
or credential file at all, would be to adopt a secrets manager like free and open source Hashicorp’s Vault to safely store the credentials and then programmatically call them when needed. Most platforms can integrate with such tools, making it easier to keep your credentials encrypted throughout your development and build process.Further: You can also look into tools that leverage git hooks to help keep you from adding commits that contain a credential to your git history in the first place. AWS-Labs, Trufflehog and (since you mentioned them) GitGuardian all have tools like this.