I'm connecting to a few APIs and using basic authentication like so:
this.jenkins = jenkinsapi.init('https://USERNAME:[email protected]:8080', {strictSSL: false});
I'm concerned about just having the user's password just sitting there in a variable or plain text. It is inside a 'private' method but if anybody is able to view the source on the server they would be able to view the username and password.
How can I make this more secure while still using http basic auth?
-
1use configuration file to store username/password, ideally a file that is loaded in the server not in the webapp or on build so even developpers will not know the username/password of production.Walfrat– Walfrat2016年04月26日 13:25:08 +00:00Commented Apr 26, 2016 at 13:25
1 Answer 1
Take a look at Environment Variables. These are available in Node.js.
process.env.ENV_VARIABLE
Where ENV_VARIABLE is something defined in your system running the application. For isntance, in my Node.js application running on Heroku, and hosted publically on Github, I'm using process.env.MONGOLAB_URI instead of the SQL-type string containing the database name, username, and password. I have this automatically configured because of Heroku, but I'm able to also set the variable locally in my OS (Windows in this case) so that the code will run locally, as well.
Also check out this answer about using Environment variables with Jenkins.
Comments
Explore related questions
See similar questions with these tags.