Reputation: 1397
Is it safe to use app.set('app_secret', data) to store secret key in nodejs
I am creating an app where, I am storing application secret key in database in 'app' table.
Is it safe to use ExpressJS app.set('app_secret', data) to store secret key in nodejs, after database connectivity? As it is only one time call, where I am setting up my values, so that I can use these secrets to authenticate user request, which I can get from req.app.get('app_secret') in express middlware
I don't think, there is any use of 'node-cache' module to store these secrets.
One way is to store in json file.
Please suggest some best practice to accomplish this task. Am I on right track?
Upvotes: 2
Views: 504
Answers (1)
Reputation: 11677
What you're asking, is if it is okay to store a secret in a process's memory, to which the answer is yes. Doing app.set('app_secret', data) would accomplish that, and there's nothing particularly incorrect with this approach. If I were you, I'd simply store it in a regular variable, or hash map, but that's a matter of code organization.
Upvotes: 2
Related Questions
- How to safely store & process secret key for JWT
- How to store only certain fields from NeDB database into an array with NodeJS
- How services generate and use public and secret API keys?
- Generate a sufficient secret for JWT NodeJS Lambda
- Is storing data on the NodeJs server reliable?
- Node-App-Architecture: where does express come into node.js
- ExpressJS sessions with MySQL data store not working
- JWT: What's a good secret key, and how to store it in an Node.js/Express app?
- Maintaining Secret key and Access Token for JWT in Express and NodeJS with Facebook in Rest API