Managing Environment Variables in Node.js

Discover best practices for handling configuration settings and environment variables securely in Node.js applications.

0 likes
197 views

Rule Content

{
  "title": "Managing Environment Variables in Node.js",
  "description": "Discover best practices for handling configuration settings and environment variables securely in Node.js applications.",
  "category": "Node.js Cursor Rules",
  "rules": [
    {
      "id": "node-env-vars-use-descriptive-names",
      "description": "Use descriptive and consistent naming conventions for environment variables to enhance code readability and maintainability.",
      "recommendation": "Adopt uppercase letters with underscores for separation, e.g., DATABASE_URL, API_KEY.",
      "severity": "warning"
    },
    {
      "id": "node-env-vars-avoid-hardcoding",
      "description": "Avoid hardcoding sensitive information like API keys or database credentials directly into the codebase.",
      "recommendation": "Store sensitive data in environment variables and access them via process.env.",
      "severity": "error"
    },
    {
      "id": "node-env-vars-use-dotenv",
      "description": "For local development, use a .env file to manage environment variables securely.",
      "recommendation": "Utilize the dotenv package to load environment variables from a .env file.",
      "severity": "info"
    },
    {
      "id": "node-env-vars-validate-variables",
      "description": "Validate the presence and correctness of required environment variables at application startup.",
      "recommendation": "Implement validation checks to ensure all necessary environment variables are set and valid.",
      "severity": "error"
    },
    {
      "id": "node-env-vars-avoid-logging",
      "description": "Avoid logging environment variables, especially those containing sensitive information.",
      "recommendation": "Ensure logging mechanisms exclude sensitive environment variables to prevent accidental exposure.",
      "severity": "warning"
    },
    {
      "id": "node-env-vars-use-secrets-manager",
      "description": "In production environments, use dedicated secrets management tools to store and retrieve sensitive information securely.",
      "recommendation": "Leverage services like AWS Secrets Manager, HashiCorp Vault, or Azure Key Vault for managing secrets.",
      "severity": "info"
    },
    {
      "id": "node-env-vars-set-node-env",
      "description": "Set the NODE_ENV environment variable to 'production' in production environments to enable performance optimizations.",
      "recommendation": "Ensure NODE_ENV is set appropriately to activate production-specific optimizations in npm packages.",
      "severity": "warning"
    },
    {
      "id": "node-env-vars-avoid-committing-env-files",
      "description": "Do not commit .env files containing sensitive information to version control systems.",
      "recommendation": "Add .env files to .gitignore to prevent accidental exposure of sensitive data.",
      "severity": "error"
    }
  ]
}

Categories

Node.js Cursor Rules

Tags

#configuration #environment #security