Storing credentials within a public workspace

workspace

#1

I was using databases and the method I went with I needed to insert a username and password into my code. I had it set to ignore for posting to Github but the thing is people would still be able to see it looking up the project on Cloud9. I set my workspace to private but you can only do that with one project and I’m sure that won’t be the last database I will need to use.

Any ways to get around storing sensitive data in public workspaces?


#2

You might try putting it in an environment variable. If someone with read-only access views your workspace, they won’t have the sufficient privileges to view variables in the terminal or runners.


#3

You might also try this method of storing info outside your workspace folder.

If someone has read access to your workspace (as all do on a community workspace) but not write privileges, they can’t open a terminal in your workspace. This means they won’t be able to see any files that aren’t within your workspace folder. Because of this, you can store sensitive data in config files as long as they’re outside of your workspace folder.

For example, you can go into the terminal, change to your home directory, and create a file with sensitive data in it like this:

cd ~/
mkdir sensitive_data
cd sensitive_data
echo 'var config = { "db_username": "cloud9", "db_password": "password1234" }; module.exports = config;' > config.js

The config variable is the information I want to keep private and the module.exports part ensures that I’ll be able to access this info from another file as though it were a module.

After you’ve created a file like this, you’re free to access it in your app without other people having access to that sensitive information. To access the config file in Node, we can create a test.js file in the workspace directory and put the following code into it:

var config = require('../sensitive_data/config');

console.log(config.db_password);

That should print out “password1234” just as we input into our config.js file. Now you’re free to add other files and variables using this same method of keeping your sensitive information private.


Is hiding specific strings from the public possible?
How to store sensitive API Keys securely in Django public workspace
#4

When I do that it can’t find “…/sensitive_data/config” when trying to start the server


#5

@bradydowling is showing a relative path, which means that using that require will only work in a file in the workspace directory. Is your file directly in the workspace directory or in a subfolder? It’s also possible the relative path provided won’t work for you, so here’s how to construct a proper one:
.. means go into the parent directory
. means the current directory
Using this, figure out where you created the config file, then figure out how it is relative to the file where you require() it.


#6

To get to the folder i have to cd … from the workspace to where the terminal location just has my username. From there if i do cd sensitive-data, it’s able to go into that folder.


#7

So then it would be …/sensitive-data/whatever


#8

How do you go back more than once? Because the file that is trying to require it is in a config folder, which is inside the project folder, which is inside the workspace. I tried using the ~ in the path but that didn’t do anything.


#9

Just do …/…/…/ as many times as you want, that example goes up three folders.


#10

Finally got it holy cow. Ended up having a typo and having to remove the folder and make it again but it finally works. Thank you for all of the help this was a good learning experience for an important method.