CODEWITHSUNDEEP
visual-studio-code
n00b
n00b

Reputation: 6340

How can I set secret environment variables in launch.json of VSCode for debugging?

I'm using VSCode debugger and and setting environment variables via the env property. I also have database password and secrets that I need to set as env vars but I'd like to check in launch.json so the debugging settings can be shared amongst the team etc.

Is there a way I can set these sensitive environment variables for debugging without actually checking it into source control?

Upvotes: 19

Views: 8125

Answers (2)

Sam
Sam

Reputation: 27354

There are a couple of ways to reference sensitive data from Visual Studio Code (vscode) inside launch.json without including the data in the launch.json file.

  • Environment Variables
  • Input Variables : Prompt
  • Input Variables : Custom Command

The vscode Variables Reference documents these solutions nicely.

Environment Variables (docs)

You can put your sensitive variables in an environment variable (perhaps loaded via your shell profile such as in .bash_profile for example). You can then reference it "through the ${env:Name} syntax (for example, ${env:USERNAME})."

{
  "type": "node",
  "request": "launch",
  "name": "Launch Program",
  "program": "${workspaceFolder}/app.js",
  "cwd": "${workspaceFolder}",
  "args": ["${env:USERNAME}"]
}

Input Variables (docs)

Prompt for Input

You can prompt for sensitive information on launch by defining a promptString input type as seen in the below configuration extracted from the docs. Below ${input:componentName} is used as an argument and defined below in an inputs section as a promptString for prompting you for the value when you run the associated task.

{
  "version": "2.0.0",
  "tasks": [
    {
      "label": "ng g",
      "type": "shell",
      "command": "ng",
      "args": ["g", "${input:componentType}", "${input:componentName}"]
    }
  ],
  "inputs": [
    /** skipping componentType definition for brevity -- see docs for that */
    {
      "type": "promptString",
      "id": "componentName",
      "description": "Name your component.",
      "default": "my-new-component"
    }
  ]
}

The definition of a promptString is as follows:

  • description: Shown in the quick input, provides context for the input.
  • default: Default value that will be used if the user doesn't enter something else.
  • password: Set to true to input with a password prompt that will not show the typed value.

Run a Custom Command for the Input

You can also run a custom command for getting the input. The docs use the following configuration as an example. Note that like other input types that the command must be defined in the inputs section with a type.

{
  "configurations": [
    {
      "type": "node",
      "request": "launch",
      "name": "Run specific test",
      "program": "${workspaceFolder}/${input:pickTest}"
    }
  ],
  "inputs": [
    {
      "id": "pickTest",
      "type": "command",
      "command": "extension.mochaSupport.testPicker",
      "args": {
        "testFolder": "/out/tests"
      }
    }
  ]
}

The other options for the command type are:

  • command: Command being run on variable interpolation.
  • args: Optional option bag passed to the command's implementation.

Upvotes: 15

n00b
n00b

Reputation: 6340

I've used a workaround for this which is to use the dotenv package.

Thus instead of relying on VSCode to load the environment variables, they're being loaded from within the application itself.

Upvotes: 0

Related Questions