Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
IDDH2019-05-22 12:35:42
Software Deployment
IDDH, 2019-05-22 12:35:42

nodejs. Protecting production environment variables in pm2 and docker?

When passing environment variables in pm2 or docker, an attacker, once on the server, can easily access them. For example, in pm2
, variables are cached and when pm2 is restarted, they are again available (substituted) in node.js as process.env . Is there any way to protect passed variables in production so that, for example, they are only spinning in the node.js process and cannot be simply accessed through bash, or by restarting pm2, I could not get the secret variables simply by console. log(process.env); pm2 restart myapp?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
O
OnYourLips, 2019-05-22
@IDDH

In such a situation, you should restrict the attacker's access to the server.
If such access is obtained, the "protections" you proposed will not help: an attacker can interfere with the application code and obtain the necessary data.

Similar questions
D
Dill52020-12-11 11:29:37
How to organize laravel and next js on the same domain? 1Reply
L
lehha2014-12-04 11:27:23
What's trending for server management? 1Reply
O
Oleg Ilyushin2014-12-18 14:01:24
Linux Mint x64: Qt 5.3.1 plugin deployment: incompatible qt library? 1Reply
S
SoloMidPlzD2016-12-22 22:55:35
Under which user (root vs dummy_user) should I deploy (git clone, git pull)? 1Reply
C
Cguru2015-01-12 21:15:55
How to set up FTP and multiple content root folders in phpstorm? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question