New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add certs support #215
add certs support #215
Conversation
Based on this: #196 (comment)
Travis seems to have failed to identify (not camel-case) and indentation... |
have you considered keeping certs and other multiline variables in dedicated files and using their paths as the environment variables? CERT_PATH=/path/to/private.cert require('dotenv').config()
const path = require('path')
const fs = require('fs')
const certPath = path.resolve(process.env.CERT_PATH)
const cert = fs.readFileSync(certPath) If you're loading lots of multiline variables, you could come up with your own namespace to identify external content. require('dotenv').config()
const path = require('path')
const fs = require('fs')
Object.keys(process.env)
.filter(e => e.indexOf("MY_CERT_PREFIX_") === 0)
.forEach(e => {
const certPath = path.resolve(process.env[e])
process.env[e] = fs.readFileSync(certPath)
}) That approach feels simpler to me than the additional proposed parsing logic. |
I understand the succinct and straightforward aspect of a clean and minimalist code. Setting the path to the certificate was my first approach when using the module, but if the module itself does read to disk and a certificate is nothing more than a string-based structure I believe that reading (loading) the certificate from the file .env is the most natural and least redundant. Apart from the design aspect of the code, is there any counterpoint that prevents reading a certificate from the .env file being a feature? |
dotenv maintains a core set of features and encourages the community to extend it (e.g. validation and type casting). Supporting specific multiline variables such as certificates is another good extension point. I'm hesitant to add this because of the limited demand in #196, the complexity is adds to parsing, and additional test cases that'll need to be maintained. I'm very open to adding more documentation to deal with this particular use case. |
All right, I get the point. I also believe that the community should express interest after all may arise the need to test multiple certificates. Could you keep it open until you define this interest? Is it possible to open this discussion to the community (a discussion not attached to the scope of #196)? |
This seems like an oddly specific feature to have in a very generic library such as dotenv. I agree with @maxbeatty here that this adds unnecessary complexity which can be easily avoided by pointing to a filename instead of including an entire file. That being said, I've never ran into this need so maybe there's something about your use case that I'm missing. I don't develop Node on Windows but there could be an issue with very long environment variables on it, something else to keep in mind: https://superuser.com/questions/1070272/why-does-windows-have-a-limit-on-environment-variables-at-all |
@rolodato the answer on supersuser.com is very qualified thank you but, all platforms have inherent limitation on the length of Environment Variables. I can not imagine how a public or private key (certificate) can reach a maximum length within the usual platforms, however, the module itself encounters this limitation even if it is not documented. I am writing an application that uses node in windows64 using NW.js and I was able to test the limitation of 32766 characters per key using I believe that reading (loading) the certificate from the .env file is the most natural and least redundant than pointing paths to read back from the disk once the module already does a read on disk. The same application may need to store keys for external apis as well as their own authentication certificates this is a common use case and reading from |
Based on this: issue 196 comment 315537598