node.js,git,twitter,parse.com,cloud , Best Practices when using Application Keys on Server and Git Repo


Best Practices when using Application Keys on Server and Git Repo

Question:

Tag: node.js,git,twitter,parse.com,cloud

What are the best practices for using application keys (such as Twitter API keys or Parse.com keys) on a server?

We have some NodeJS code that needs to be deployed to a cloud server that will access the Twitter and Parse.com API. Is it safe to push the keys in a config.js module to a Git repo and then clone that repo on the server (or am I just being paranoid)?


Answer:

Git repos can easily leak through insecure forks, one of the developer's computer getting infected, accidential exposures, etc.

Even if git repo is fully secure (impossible), you are opening other vectors of attack: what if you expand, get more people workign on a project? You essentially have to ultimately trust each of them with the keys.

There is no point in storing the keys in any version control software, just keep them somewhere safe with back-up, and upload to the final server using SSH.

Following best practices never hurts:

  1. Have structured but unfilled config.js in repository to ease the setup.
  2. Use SSH or other secure methods to modify the config.js on the final server, inserting the values.

P.S. You are not paranoid at all (it is hardly possible to be too cautious in this time).


Related:


Socket.IO message doesn't update Angular variable


javascript,angularjs,node.js,sockets
I have a socket.io client-server setup with AngularJS running on the client. // Server.js var io = require('socket.io')(server); io.on('connection', function (socket) { socket.on('message', function (msg) { //console.log(msg); console.log(msg); io.emit('message', msg); }); }); As observed, it essentially emits a message events with the data stored in the variable msg. And then...

node ssh2 shell unable to run apt-get install on remote machine


node.js
I'm doing a program in node.js to deploy my code from git to a server (Digital Ocean). I'm connecting to the server via ssh2 module and running commands via shell, like bellow: var Client = require('ssh2').Client; var conn = new Client(); conn.on('ready', function() { console.log('Client :: ready'); conn.shell(function(err, stream) {...

NPM : how to just run post-install?


node.js,npm,package.json
Just a simple question : in my node.js project, how could I just run the postinstall script, without running install before ? FYI, this is my package.json : { "name": "gestionclientjs", ..., "dependencies": { ... }, "repository": {}, "devDependencies": { ... }, "engines": { "node": ">=0.10.0" }, "scripts": { "test":...

Error is not thrown inside a deferred method


node.js,exception-handling,deferred
Can somebody explain to me why my error is not thrown in my first example? And why it is when I use process.nextTick() ? var deferred = require('deferred'); // This code does not work. // Error seems to never been thrown and script kind of freeze without saying anything. deferred.resolve().then(function(){...

Fix git branch after another developer did a reset


git,github
We 2 developers are working on a branch. I did 2 commits, and pushed them, and we later decided we didn't want them anymore. I did git reset -i <sha> to the sha before the 2 commits, and then force pushed it to the branch on github. The other developer...

How to pull files and only override conflicts


git,github
How can I pull down a git and have it overwrite my local project ONLY where conflicts are found? E.g. I have many folders / files in my local project that are not on the git project and never will be. Ok... here is the full scenario. I used DaftMonk...

How do I view the list of commits that haven't been pushed yet?


git,git-bash
I like documenting minor changes as separate commits and finally use git interactive --rebase to combine commits and change commit messages like I deem appropriate. Is there a way to determine which commits I haven't pushed yet without manually checking Github i.e. is there a way to find out from...

How to undo a successful “git cherry-pick”?


git
On a local repo, I've just exected git cherry-pick SHA without any conflicts or problems. I then realized I didn't want to do what I just did. I have not pushed this anywhere. How can I remove just this cherry pick? I'd like to know if there's a way to...

Access Node-Webkit App from other Application


node.js,node-webkit
Is it possible to call a function in nodewebkit from an external application? For example. I would like to decide whether the window is hidden or show through a external application or with applescript. ...

choose authentication for git pull


git,github
I want to add a second form of authentication to a github remote. Here is the situation : I have ssh access to a shared server In the server, there is a git repository, with a github remote. If I run git pull, it asks for a passphrase that I...

What does a [Function] (wrapped in square brackets) mean when inside of a javascript object?


javascript,node.js,javascript-objects
When running console.log on various functions, I'll find properties on the object that have a value of [Function: someFunctionName] in the value section. What does this mean? I want to be able to view the actual code of the function. I'm confused on what's actually being logged when I see...

How can I get the last commit in all tags?


git
I've just made a commit in my project, and I was creating a tag in every step, but it seems the last commit was done in some of this tags. The thing is that I can not longer see my latest change from a minutes ago. How can I checkout...

How to tell git-svn that files are NOT binary


git,svn,migration,git-svn,gitattributes
I am converting a large SVN-repo (~28k Commits) into Git using git-svn. When the process was through (~ 1 1/2 weeks) I encountered some .ps1-files being treated as binary in the diffs. I have commited a .gitignore file on master (after the conversion of course) that tells git to treat...

Configure Git to use a .pem key from a specific location


git,ssh
Whenever I try to do a 'git pull origin master' I get (It is NOT Github): Permission denied (publickey). I am able to SSH into my AWS EC2 Linux sever, which has the bare repository, which I'm trying to pull from when I get the aforementioned permission error. I have...

How to use promises to do series without duplicate code


node.js,promise,bluebird
I need execute a code in series, I need execute the same function N times Example // execute asynFunc 4 times in series object.asynFunc() .then(function() { return object.asynFunc(); }) .then(function() { return object.asynFunc(); }) .then(function() { return object.asynFunc(); }) I want execute the same function 100 times...

How do I run C# within a Node.js server application?


c#,node.js,server
I have a node.js application and a C# algorithm. The algorithm puts out 15 numbers that represent symbols on a digital slot machine. The node server is posting and getting data from Firebase and the digital slot machine is doing the same on the same table. My question is how...

NodeJS / ExpressJS check valid token parameter before routing


node.js,express,parameters
I have the following app code: (app.js) var express = require('express') , app = express() , port = process.env.PORT || 8082 app.use(require('./controllers')) app.use(function(req, res, next) { res.send('Test') next() }) app.listen(port, function() { console.log('Listening on port ' + port) }) and two controllers: (index.js) var express = require('express') , router =...

What type of database is the best for storing array or object like data [on hold]


database,node.js,sockets
I'm just curious what the best method would be if I'm trying to have a bot running on my Node server that I could play Blackjack against. But for multiple connected clients via sockets, each connected socket will have their own bot to play against but I need some way...

Composer package not found in private repository


git,composer-php
I'm using Composer to load my private remote repository from BitBucket: { "require": { "pico/pico-core": "dev-dev" }, "repositories": [ { "type": "git", "url": "https://[email protected]/picodevelopmentteam/php-server-core.git" } ], "autoload": { "psr-0": { "PicoApi\\": "" } }, "minimum-stability": "dev" } My pico-core composer.json looks like this: { "name": "pico/pico-core", "require": { "facebook/php-sdk": "@stable",...

Replace nodejs for python?


python,node.js,webserver
i'm working in a HTML5 multiplayer game, and i need a server to sync player's movement, chat, battles, etc. So I'm looking for ways to use python instead nodejs, because i have I have more familiarity with python. The server is simple: var express = require('express'); var app = express();...

Override .gitattributes text=auto in Windows


windows,git,gitattributes,core.autocrlf
This is pretty unintuitive: C:\python-tdl\examples\termbox>git config core.autocrlf false C:\python-tdl\examples\termbox>git commit termbox.py warning: LF will be replaced by CRLF in examples/termbox/termbox.py. The file will have its original line endings in your working directory. warning: LF will be replaced by CRLF in examples/termbox/termbox.py. The file will have its original line endings in...

Is it possible to connect to remote DB while working in localhost?


php,mysql,git,phpmyadmin
I am working on a project with my developers on localhost. We are using git to collaborate but are having issues collaborating the database using git or using a remote db. Is there any possible way where I can use git or set up a remote server while working with...

git: assume unchanged bit not set


git
I have a file in my repo for which I tried setting the assume unchanged bit but it's still showing up in my unstaged file list. When I list all files for which the assumed unchanged bit is set, I get no files. Below are the steps I did. /tmp/GitIssue...

mongodb populate method not working


node.js,mongodb,model,populate,auto-populate
Here is my code for models var postSchema = new mongoose.Schema({ created_by: {type: Schema.ObjectId, ref:'User', autopopulate: true }, //should be changed to ObjectId, ref "User" created_at: {type: Date, default: Date.now}, text: String }); var userSchema = new mongoose.Schema({ username: String, password: String, //hash created from password created_at: {type: Date, default:...

Node Server - Source Code accessible


node.js,express
I noticed that when i navigate to localhost:8080/server.js (where my server.js is the server-expressjs obviously) the code of my server is shown in the browser! Even, if i upload the application to openshift, i get the same result (you can test it): http://tickets-shkobba125.rhcloud.com/ http://tickets-shkobba125.rhcloud.com/server.js Is this a security issue? How...

Extended description text on Git


git,bitbucket
I want commit with message and Extended description text to Bitbucket server. It exists on Git-cola software and I need the command line of it. I am using ubuntu and I need terminal command for Extended description git commit -am "My commit text" "My Extended description is this. Containing break...

nodejs head request isn't triggering events


node.js,http
Here's my code: var http = require('http'); var req = http.request( { host: 'example.com', method: 'HEAD', path: '/' }, function(res){ res.on('end',function(){ console.log('Ended'); }); res.on('finish',function(){ console.log('Finished'); }); res.on('close',function(){ console.log('Closed'); }); } ); req.end(); Strange thing about it is that it doesn't print anything. Takes longer than expected and exits. Is this...

Getting CROS Error even after adding header in node.js for Angular js


javascript,angularjs,node.js
I am trying to consume REST API from NODE JS for Angular js,even after adding cors header in my server code I am getting error XMLHttpRequest cannot load http://127.0.0.1:8085/issues. Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers. I am new to both Angular JS and Node JS. Node JS...

call functions in async with node which is more recomended Q or callback


javascript,node.js,callback,promise,q
I've node app with function that inside call to to other two function,I want to use some async behavior for it,what is recommended to use in this case. example will be very helpful. function myFunction(req,res){ //from here this is the first place which I want to use warp in function...

I'd like to count the documents with the matching “name” property AND group them by “name” at the same time


node.js,mongoose,group-by
Let's say I have a User collection: schema = mongoose.Schema({ firstName: { type: String, required: true }, ... ... }); module.exports = mongoose.model("User", schema); I would like to write a mongoose query that would count how many users go by the name Mike, Andy, Jerry... In other words, I would...

Is there a way to push to a remote Git repository without having to fetch its objects?


git
Let's say I have a large Git repository stored in a server so multiple people can work with it. I want to be able to work with individual files from this repository, i.e. read, edit or insert new ones, without having to fetch all its contents, since it's a considerably...

Can git ever send your code to a repo that isn't yours?


git,github,git-commit,git-add,git-init
Can running git add . git commit -m "message" in a git repo which you've initialized using git init ever result in your code being sent to a repo that is not yours? I am concerned because I did this while not logged in to my git hub account....

node.js winston logger no colors with nohup


node.js,logging,nohup,winston
We are using winston logger in our project with the following transport settings: file: { filename: __base + '/log/server.log', colorize : true, timestamp : true, json : false, prettyPrint : true } If the application is started with nohup, log file is not colorized. It works only without nohup. nohup...

Sockets make no sense?


javascript,node.js,sockets
I'm using the 'ws' library for Node.js. I can write code that sends data from my server to my client, posting a date and time update, and closes the socket when I click a button; var wss = new WebSocketServer({server: server}); console.log("WebSocket server created"); wss.on('connection', function(socket) { // SEND DATE...

Go back before commit and push changes


git
In my local environment I made several changes, then: $ git log --oneline 2aa8998 Changes 02 5131bfe Changes 01 $ git commit -am "Commit 03" $ git push $ git log --oneline 9ca6c56 Changes 03 2aa8998 Changes 02 5131bfe Changes 01 But I noticed what I made a mistake, as...

Is express similar to grunt? what is the difference? what are the advantages of express over grunt?


node.js,express,gruntjs,mean-stack
I've been working on node,grunt,bower and yeoman from couple of months. I came across MEAN stack applications, in which expressjs is providing the server environment(my understanding). Are both grunt and express similar? Requesting for some helpful link on express and MEAN stack. ...

Emitting and receiving socket io within the same file


node.js,express,socket.io
I want to do something where I can set up a route to a link like /visit using app.get('/visit', function(req, res){}) etc. And inside that, I want to emit a message like socket.emit("event", "a message") and then inside my io.on("connection") function, be able to listen for event and return the...

Create n:m objects using json and sequelize?


javascript,json,node.js,sequelize.js
I am trying to learn sequelize, but am having trouble getting a n:m object created. So far I have my 2 models that create 3 tables (Store, Product, StoreProducts) and the models below: models/Store.js module.exports = (sequelize, DataTypes) => { return Store = sequelize.define('Store', { name: { type: DataTypes.STRING, },...

Redis: Delete user token by email ( find Key by Value )


node.js,express,redis
I have followed tutorial on how to create token-based authentication with node from this tutorial http://www.kdelemme.com/2014/08/16/token-based-authentication-with-nodejs-redis/ I got it all worked out, but I got 1 problem. The way I store token is : KEY = TOKEN VALUE = UserData (Username, email, etc.) To protect multiple devices login, I would...

What are some patterns I can look at for database implementations in JavaScript?


javascript,node.js,mongodb
I'm fairly new to JavaScript, and I'm busy playing around with a node test app and MongoDB. I'm at a point where I'd like to start with the db side of the app, but I'm not sure what patterns are most commonly used in such a stack, and more importantly,...

How to get rid of .ignore file in Git?


git,file,bitbucket,ignore
I have create an ignore file , the list included .jar files . I then merged my branch to a development branch and even though I had resolved all my conflicts , I still had a lot of errors. Most of them had something to do with support.v4 (the import...

Managing git repos


git,github
I am new to git and am unsure of a few things, would really appreciate if someone could answer the below questions. So I own 2 private git repos. Repo1 has numerous developers contributing. Repo2 is only for me. I want to be able to basically take a copy Repo1,...

websockets - reject a socket connection


node.js,sockets,websocket
I'm using ws as the socket library for my node.js library. so my question is, how can I reject a connection if the user doesn't pass the authorization process. var WebSocketServer = require('ws').Server; var wss = new WebSocketServer({port: 6969}); wss.on('connection', function(socket){ // if the socket.upgradeReq.headers.cookie doesn't exists, reject the client...

how can I import a file in node.js?


javascript,node.js
I have developed a node.js application and performing some validation with the use of a template. At the moment this 'template' is a local variable but I would like to store this in a file in my project. So this is the validation code: isvalid(req.body,template , function(err, validObj) { if...

Pull request within one project/branch?


git,github
Suppose C(=Coder) and S(=Supervisor) are working on a project. For some reasons S never contributes to the codes and just comments on the code. Instead C is the only person coding. Is it possible to send pull request by C to be reviewed by S, within one project, or they...

How to get my node.js mocha test running?


javascript,node.js,mocha,supertest
I have developed a service in node.js and looking to create my first ever mocha test for this in a seperate file test.js, so I can run the test like this: mocha test I could not figure out how to get the reference to my app, routes.js: var _ =...

Contributing to open source project on github


git,github
I want to add translation and a bugfix on open source project on github. I had installed git, forked the project, cloned the fork on my harddrive, changed the permissions of the file(needed to do so I can test the changes), then created a new branch called "Bulgarian_language", then added...

Cannot get my post-commit script to run (git)


git,hook
I want my remote git-repo to create a zip file from one folder in the master branch every time someone pushes. I renamed the post-commit.sample file and added the following: #!/bin/bash echo "creating zip" /usr/local/bin/git archive --format=zip --output=~/the-folder.zip master:the-folder echo "creating zip done" When I commit from my client I...

Waiting for promises - code hangs


javascript,node.js,promise
I am using Javascript Promises for the first time and ran into something I don't understand. What I am trying to do is create a validation phase which runs around and checks things - eventually waiting for all promises to resolve. To do this, I create a validation promise: validate...

Getting code from my forked repository


git,laravel,repository,laravel-5,composer-php
I made a fork from a repository called "chrisbjr/api-guard". the repository latest version is v2.2.2, and I made a release v2.2.3 from my fork. I have my own branch which is dev-fulluth, to get the code from my fork not from the main repo, composer has to contain the below...