Node.js: What you might be tempted to do
This documentation is part of the Handle secrets guide. View the full guide here: How to handle secrets with Node.js.
👋 Welcome to the Stackhero documentation!
Stackhero offers a ready-to-use Node.js cloud solution that provides a host of benefits, including:
- Deploy your application in seconds with a simple
git push.- Use your own domain name and benefit from the automatic configuration of HTTPS certificates for enhanced security.
- Enjoy peace of mind with automatic backups, one-click updates, and straightforward, transparent, and predictable pricing.
- Get optimal performance and robust security thanks to a private and dedicated VM.
Save time and simplify your life: it only takes 5 minutes to try Stackhero's Node.js cloud hosting solution!
At first, you might consider writing your credentials directly in your code, like this:
// Connecting to a PostgreSQL database
const pg = new Client({
host: '<XXXXXX>.stackhero-network.com',
user: 'admin',
password: 'myPassword',
database: 'admin'
});
However, this approach is not secure. This is because your secrets could easily end up in your Git repository, making them visible to anyone with access. Even if you think only you have access, it is a bit like leaving a Post-it note with your passwords on your monitor and hoping nobody else notices. This can eventually lead to serious security issues.
In addition, hard-coding secrets makes it difficult to manage different environments, such as development and production, smoothly.