0

I uploaded my repo and it has a database string named 'dbstring' which I do not want to share with anyone. I created a repository secret on github and created a value named DBSTRING with its value but the thing is I dont know how to access it.

this is my uploaded code which reveals my dbstring.

const dbstring = mongodb+srv:/***********b.net

mongoose.connect(dbstring, { useUnifiedTopology: true, useNewUrlParser: true });

const db = mongoose.connection;

db.once('open', () => {
  console.log('Database connected:', url);
});

How can I replace dbstring with secret value I created on my github repo?

Matt
  • 11,360
  • 2
  • 23
  • 44
Samilo
  • 25
  • 3

1 Answers1

0

What you need to do is to use Environment variables, where you can have a .env ( if you use dotenv ) for each environment. Then you keep your database credentials safe on your computer and on the server, this will also make it possible to target different environments like database production, dev, test, etc... Make sure you have .env file added in the .gitignore file

It's also important that when you run this code its executed on the server-side otherwise anyone with the dev tools open will be able to see the credentials as well. Then on your client side you make a request using axios to the URL related to that database connection.

gugateider
  • 1,775
  • 1
  • 11
  • 16
  • My app does not work if I put it in env and gitignore, cuz it needs to load my database from that variable and when I ignore it it wont work. I mean what if the variable I want to hide is neccessary to run? – Samilo Mar 12 '22 at 17:07
  • You'd still have the .env files on your repo, but the one with your secret values will always be on your computer while you can just have a modified version on the git repo – gugateider Mar 13 '22 at 15:02