How do you all handle .env files? #5289
Replies: 2 comments
-
|
I haven't been using any API keys, the server does use https so there is the certificate for that. I have a setting that lets you put the certificate anywhere, in my setup script it puts it in the folder for the server component which has its own git repo and .gitignore and a script dedicated to loading the secrets. For a plugin that doesn't have the same flexibility I think that environment variables are the way to go. |
Beta Was this translation helpful? Give feedback.
-
|
Hi, Joshua I haven't use any env for my own plugin yet (I have a GoogleCalendar import plugin, but I input the secret in the config panel). But I do supply env for tiddlywiki in my TiddlyGit, when starting tiddlywiki nodejs server in a worker_thread: const { workerData, parentPort, isMainThread } = require('worker_threads');
const path = require('path');
const $tw = require('@tiddlygit/tiddlywiki').TiddlyWiki();
function startNodeJSWiki() {
const { homePath, tiddlyWikiPort = 5112, userName } = workerData;
try {
process.env.TIDDLYWIKI_PLUGIN_PATH = path.resolve(homePath, 'plugins');
process.env.TIDDLYWIKI_THEME_PATH = path.resolve(homePath, 'themes');
// add tiddly filesystem back https://github.com/Jermolene/TiddlyWiki5/issues/4484#issuecomment-596779416
$tw.boot.argv = [
'+plugins/tiddlywiki/filesystem',
'+plugins/tiddlywiki/tiddlyweb',
homePath,
'--listen',
`anon-username=${userName}`,
`port=${tiddlyWikiPort}`,
'host=0.0.0.0',
'root-tiddler=$:/core/save/lazy-images',
];
$tw.boot.boot(() => parentPort.postMessage(`Tiddlywiki booted at http://localhost:${tiddlyWikiPort}`));
} catch (error) {
console.error(error);
parentPort.postMessage(`Tiddlywiki booted failed with error ${error.message} ${error.stack}`);
}
}
module.exports = startNodeJSWiki;
if (!isMainThread) {
startNodeJSWiki();
parentPort.once('message', async message => {
if (typeof message === 'object' && message.type === 'command' && message.message === 'exit') {
process.exit(0);
}
});
}Just use This discussion space is interesting, I didn't know we have a space here. |
Beta Was this translation helpful? Give feedback.
-
@Jermolene @saqimtiaz @sukima @linonetwo and @ everyone else :)
I am going back to refactor my Oembed plugin for changes in the TW core and Bob, and thought I'd ping the dev community about an issue. This plugin calls endpoints when run in node to retrieve "embeddable" images/html/videos/etc. The new version will have to include an API authentication key for all calls to the Facebook and Instagram "oembed" endpoints. General industry practice is to host node.js "secrets", i.e. API endpoints, authentication-keys, etc, in a ".env" file and to use the "dotenv" package to read it. You can customize the path the .env file is loaded from, and I would like to keep this outside of my TiddlyWiki5 install directory.
So far I have this in my init.js file:
which loads the .env file from the parent directory where TiddlyWiki5 is installed (2 hops up from the boot path). I also thought about using a special
TIDDLYWIKI_ENV_PATHenvironment variable that would define where to load ".env" files from, to go alongside the otherTIDDLYWIKI_env vars. Maybe a folder parallel to "../plugins", "../editions", etc called "../env" would be a good default. For now, you would have to declare this super-variable when calling tiddlywiki.js from the command line, or define it in a bash script before calling tiddlywiki, or define it in VSCode's env settings, etc.I like defining it outside of the TiddlyWiki5 directory, so I don't have to mess with the default .gitignore settings, etc. Would that be something worth adopting in the core? I know that @inmysocks is planning on releasing his Secure Server plugin, that would offer a kind of TiddlySpot-replacement. How are you handling these security issues?
Beta Was this translation helpful? Give feedback.
All reactions