In trying to deploy a Node.js server using Git to an Amazon Elastic Beanstalk instance, I started to wonder what a more secure/efficient practice might be than pushing up a config file and letting it sit on the remote disk.
The current series of actions I perform to get production code up is as follows:
Un-ignore my config.js file, which contains sensitive database information
-- Repeat below every time there is an update
This flow seems simple enough, but I was wondering if there was a more secure way, where my config file would not exist on the disk on my remote server, but rather in memory - where the sensitive information would hopefully no longer exist if the server stopped running.
The motivation behind not having this config file exist on the remote disk would be so that if the server was compromised, then at least it would be separate from the database.
Is there a flow to resolve this, or do people generally go the route of setting environment variables and/or pushing up config files using a new branch?
Any insight on this issue would be much appreciated.
I'm a frequent user of Platform-as-a-Service providers, such as, CloudFoundry, AppFog, Heroku, etc. And AFAIK, they all use env variables to support this kind of basic configuration. The env variables can be easily set or deleted through their APIs or client interfaces.