Meteor Up's mup.js contains database password

jamesmad · January 14, 2018, 2:55pm

Im using Meteor Up to deploy my app to Digital Ocean and Im using mLab as a database. This is working but I’ve currently got my database password stored in the MONGO_URL:

env: {
	// TODO: Change to your app's url
	// If you are using ssl, it needs to start with https://
	ROOT_URL: 'http://www.MYSITE.com',
	// MONGO_URL: 'mongodb://localhost/meteor',
	MONGO_URL:
		'mongodb://USER:PASSWORD@URL:PORT/meteor',
},

I obviously don’t want my password saved to my source control but I would like to save the rest of this file. Is there a way of accessing a password string without having it in the file?

I tried adding it to Meteor settings and calling it like so:
MONGO_URL: Meteor.settings.private.DB,

But I get an error:
ReferenceError: Meteor is not defined

I tried importing Meteor into mup.js but then I get this error:

(function (exports, require, module, __filename, __dirname) { import { Meteor } from 'meteor/meteor';
                                                              ^^^^^^
SyntaxError: Unexpected token import

schlobot · January 15, 2018, 9:07pm

You could add your mup.js to your .gitignore file and add a new mup-example.js that you checkin into git. That example file would then only contain none sensitive data.

raphaelarias · January 17, 2018, 11:47pm

He can also encrypt the file automatically when sent to the remote.

jamesmad · January 18, 2018, 9:17am

But this way it would still be in my source control? I think I’m going to have to live with this. Maybe it was wishful thinking that they could be stored separately as my Amazon S3 credentials are.

babrahams · January 18, 2018, 10:21am

Why not just keep it outside the app directory? That’s what I do with all my deployment tool config files (for mup, pm2-meteor, or whatever).

With mup, if you have a directory called myapp that git does source control for, create another folder (at the same level as myapp) called myapp-deploy with a mup.json file in it. In the mup.json file, write:

"app": "../myapp"

Then you can deploy from the myapp-deploy folder, but not commit your deployment config along with the rest of the app.

jamesmad · January 18, 2018, 10:41am

In a perfect world the config (apart from password) would be in my source control but this is a pretty good solution, thanks!