Conundrum: where to put sensitive env vars while in development?


#1

The aws-sdk package requires that you have AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in env vars. This is fine for a one-person project where I can just slap those into WebStorm, but what about on a multi-person project, where we securely store settings.dev.json in 1Password among a shared team? Is there some way to store env vars in a settings.json file?


#2

Interesting question! I’d love to hear what MDG’s thoughts are on this.


#3

It’s possible to put env vars in settings.json when deploying to Galaxy:

"galaxy.meteor.com": {
  "env": {
    [...]
  }
}

It would be nice if we had a similar option in a local dev environment, such as:

"local": {
  "env": {
    [...]
  }
}

What do you think, @sashko? Potential new feature?


#4

You could create a start script that also contains the env vars and starts meteor and then decide how to distribute/secure that script.


#5

That idea would definitely work, except we have devs who prefer to use WebStorm to run Meteor rather than running it in a shell.


#6

than you can place the shell script’s command in your package.json as an npm script, and webstorm users can use the npm scripts pane to run the app

by the way that’s what I do and I am a webstorm user as well :slight_smile:


#7

Ah yes, that works too! Thanks :slight_smile:


#8

I solved this for myself a long time ago by “modifying” the /usr/local/bin/meteor shell script as documented in this thread