JWT: What's a good secret key, and how to store it in an Node.js/Express app? JWT: What's a good secret key, and how to store it in an Node.js/Express app? express express

JWT: What's a good secret key, and how to store it in an Node.js/Express app?


node.js security express jwt json-web-token

To generate a secret programatically you could use node's crypto.randomBytes()

var crypto = require('crypto');var jwt = require('jsonwebtoken');crypto.randomBytes(256, function(ex, buf) {  if (ex) throw ex;  var token = jwt.sign({foo: 'bar'}, buf);  var decoded = jwt.verify(token, buf);});

As for storing this, you're absolutely correct, you should definitely not store secrets in your source control. A better way would be to load such sensitive information from environment variables, eg process.env.MY_SECRET.

Another less common pattern I've seen is to load secrets from a file stored separate from your code. You could have your node app look for a JSON file in ~/.myapp/secrets.json for instance.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last