Answer the question
In order to leave comments, you need to log in
nodejs. Protecting production environment variables in pm2 and docker?
When passing environment variables in pm2 or docker, an attacker, once on the server, can easily access them.
For example, in pm2
, variables are cached and when pm2 is restarted, they are again available (substituted) in node.js as process.env
.
Is there any way to protect passed variables in production so that, for example, they are only spinning in the node.js process and cannot be simply accessed through bash, or by restarting pm2, I could not get the secret variables simply by console. log(process.env); pm2 restart myapp?
Answer the question
In order to leave comments, you need to log in
In such a situation, you should restrict the attacker's access to the server.
If such access is obtained, the "protections" you proposed will not help: an attacker can interfere with the application code and obtain the necessary data.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question