I’m a little confused with this project, the repo already has .env listed in the .gitignore, but is asking us to access it through ‘process.env.MONGO_URI’. If it’s ignored then glitch won’t be able to access the password, right? I’m new to this whole backend thing and don’t want to move on without understanding what I’m doing. Currently, my only solution is to remove it from .gitignore, is that the correct thing to do?
I have moved your post to a new topic, because you were asking a new question, and not answering the original poster.
.gitignore files only affect Git repository behaviour. That is, it just prevents files from being automatically added to a Git stash, on change. The file is still very much accessible.
This has (should have) essentially no effect.
I am not entirely sure what project you are referring to, but here is a rundown of the mechanics:
.envfiles hold environment variables - they are simple text files, but many systems look for that specific name
- Environment variables are also known as SECRETS, because the variables often contain passwords/tokens which should not be publicly shared
- Git repositorys can be publicly shared. So, to prevent accidentally sharing your SECRETS, it is best practice to include
- Now, if you want to share what environment variables (names) are needed for a project, it is best practice to include a
sample.envfile (not read by the system). Then, any dev wanting to work on your project will know to copy the contents of
sample.envinto a new
.envfile, and the dev will have to add their own variable values (passwords)
- Typically, in Node projects, a package called
dotenvis needed to make use of
process.env.<>- it is used to configure the environment.
- Glitch is a special system in that some functionality is built in - it looks for a
.envfile, and allows access to the variables via
process.env.<>without any further configuration.
Now, if you are still confused, I suggest you share your code, keeping in mind, if you share a link to your Glitch project, we will not be able to access/see your
.env file - built-in Glitch feature.
A final warning: Do not share your Database URI!
I hope this clarifies
This question refers to the MongoDB & Mongoose Course in the APIs and Microservices Cert. Link
So I don’t think I explained it well.
Basically, since the
.env file contains the URI which shouldn’t be public, my understanding is that it should always be included in the
But by doing so, Glitch can’t read that file from the Github repository, at least that’s my experience from using Glitch.
So, what I’m asking is, do I have to manually put the URI in Glitch’s
.env file system. Or is there a different way of reading the SECRETS in a
The main reason I’m looking for clarification on the
.gitignore system is that in a real-world project, how would the
.env file be read if it’s being ignored.
Hopefully, that was clearer
Apologies if these questions are ridiculous, it’s just very confusing.
you need to set up environment variables in glitch itself too, but do not publish the
.env file in github, glitch should have its own way to protect secrets from viewers.
Thank you, for the clarification.
I believe I answered these questions, in my previous reply, though.