Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I securely store the connection string when using sails.js

I have a database connection string in config\adapters.js which looks like below. I don't want to leave the connection string in plain text. What is the best way to secure that info and the service can call and connect to the DB?

module.exports.adapters = {

  // If you leave the adapter config unspecified 
  // in a model definition, 'default' will be used.
  'default': 'mssql',

    mssql: {
        connectionString: 'Driver={SQL Server Native Client 10.0};Server=foo.domain.com;Database=RODDY;Uid=jsmith;Pwd=nw0ow21',
        module: 'sails-mssql'
    }

};
like image 716
ACoder Avatar asked Feb 13 '23 23:02

ACoder


1 Answers

All the other answers are great answers, here is another approach.

Set an environment variable called something like SQL_STRING..

This assumes you're on ubuntu..

#edit /etc/profile or ~/.profile
vim /etc/profile;
#add this line to it.
export SQL_STRING=<insert your sql string>

now in your config/local.js file add this for connectionString:

connectionString: process.env.SQL_STRING

this will load the connection string as the environment variable. This will do two things,

  1. you can now commit local.js to your repo if needed, and wherever you deploy the app it will inherit whatever the env variables are set to. This is great for things like development environments and such.

  2. Removes secure data from your application files so no one can peek into them, they'd have to do some digging to get the actual data.

I currently do this in production on a sailsjs app, i have a special sails user which has a ~/.profile with all of my MAILGUN, db, and other credential data defined as environment variables. this user is restricted from sudo, ssh access, and is locked down to have access to only one or two folders.

Effectively the only people who can see those environment variables are root, and that user.

like image 55
NDBoost Avatar answered Feb 17 '23 21:02

NDBoost