12factor-env 中文文档教程
12factor
用于基于 docker 的应用程序的秘密。
在引擎盖下使用 envalid,但考虑真正集成 12factor 应用程序的秘密。
default secret path
默认为 /run/secrets/
您必须设置 process.env.ENV_SECRETS_PATH
来更改它,例如,
process.env.ENV_SECRETS_PATH='/var/run/your/secrets/folder/';
或
ENV_SECRETS_PATH='/var/run/your/secrets/folder/' node yourapp.js
Recommended Usage
使用 _FILE
作为配置
const myEnv = env(
process.env
{
// put all secrets here
SECRET_NAME: str()
},
{
// all config vars here
PORT: port({ default: 10101 })
}
);
变量 如果您没有指定该值,则可以在 secret()
调用中输入它
const myEnv = env(
process.env
{
// put all secrets here
SECRET_NAME: secret('secret.txt') // will look in /run/secrets/secret.txt
},
{
// all config vars here
PORT: port({ default: 10101 })
}
);
Examples
basic usage with envalid
约定,包括 SECRET_NAME_FILE
标准:
const myEnv = cleanEnv(
process.env,
{
PORT: port({ default: 10101 }),
GITHUB_TOKEN: secret(process.env.GITHUB_TOKEN_FILE)
});
或者您可以在存储时指定秘密文件的名称
const myEnv = cleanEnv(
process.env,
{
PORT: port({ default: 10101 }),
GITHUB_TOKEN: secret('github_token.txt')
});
更好的是,只需确保您使用 env
快捷方式,它会为您处理
const myEnv = env(
{
GITHUB_TOKEN_FILE: process.env.GITHUB_TOKEN_FILE
},
{
GITHUB_TOKEN: str()
},
{
PORT: port({ default: 10101 })
}
);
const { GITHUB_TOKEN, PORT } = myEnv;
env shortcut
这里 env( )
需要 2 个参数、秘密和环境变量。
在此示例中,它将查找 /var/run/secrets/MAILGUN_KEY
,并使用一个对象中的所有内容填充最终环境。
const myEnv = env(
process.env,
{ MAILGUN_KEY: str() },
{ PORT: port({ default: 10101 }) }
);
secret field
secret
对象让您指定保存在 /var/run/secrets
文件夹中的秘密名称。
const myEnv = env(
process.env,
{ MAILGUN_KEY: secret('MAILGUN_KEY') },
{ PORT: port({ default: 10101 }) }
);
12factor
Secrets meant for usage with docker-based applications.
Uses envalid under the hood, but considers secrets for true integration of 12factor apps.
default secret path
defaults to /run/secrets/<secret_name>
You must set process.env.ENV_SECRETS_PATH
to change this, for example,
process.env.ENV_SECRETS_PATH='/var/run/your/secrets/folder/';
or
ENV_SECRETS_PATH='/var/run/your/secrets/folder/' node yourapp.js
Recommended Usage
Using _FILE
convention, include SECRET_NAME_FILE
as a config var
const myEnv = env(
process.env
{
// put all secrets here
SECRET_NAME: str()
},
{
// all config vars here
PORT: port({ default: 10101 })
}
);
If you haven't specified the value, you can enter it inside of a secret()
call
const myEnv = env(
process.env
{
// put all secrets here
SECRET_NAME: secret('secret.txt') // will look in /run/secrets/secret.txt
},
{
// all config vars here
PORT: port({ default: 10101 })
}
);
Examples
basic usage with envalid
if you use the _FILE
standard:
const myEnv = cleanEnv(
process.env,
{
PORT: port({ default: 10101 }),
GITHUB_TOKEN: secret(process.env.GITHUB_TOKEN_FILE)
});
or you can specify the name of the secret file as it is stored
const myEnv = cleanEnv(
process.env,
{
PORT: port({ default: 10101 }),
GITHUB_TOKEN: secret('github_token.txt')
});
Better yet, just ensure that you use the env
shortcut and it handles it for you
const myEnv = env(
{
GITHUB_TOKEN_FILE: process.env.GITHUB_TOKEN_FILE
},
{
GITHUB_TOKEN: str()
},
{
PORT: port({ default: 10101 })
}
);
const { GITHUB_TOKEN, PORT } = myEnv;
env shortcut
Here env()
expects 2 args, secrets and env vars.
In this example, it will look for /var/run/secrets/MAILGUN_KEY
, and populate the final env with everything in one object.
const myEnv = env(
process.env,
{ MAILGUN_KEY: str() },
{ PORT: port({ default: 10101 }) }
);
secret field
The secret
object let's you specify the secret name as it is saved in the /var/run/secrets
folder.
const myEnv = env(
process.env,
{ MAILGUN_KEY: secret('MAILGUN_KEY') },
{ PORT: port({ default: 10101 }) }
);