I'm using the Node-Postgres package for querying a postgresql/postgis database for an app I'm building within the Sails.js framework.
I don't know where the best place to store my connection string for the node-postgres package would be to make it accessible in models and controllers but still secure.
For example, if I want to execute a query against the postgres database from within a model, what I currently do:
var conString = "postgres://postgres:mypass@localhost:5432/myapp_dev";
var client = new pg.Client(conString);
client.connect();
var junk = [];
client.query('SELECT * FROM junk', function (err, result) {
// Stuff I do with the query result
});
Obviously it's bad practice/inconvenient to declare this connectionstring and new client every time I need to execute a query. So, what I would like to be able to do is:
client.connect();
var junk = [];
client.query('SELECT * FROM junk', function (err, result) {
// Stuff I do with the query result
});
So I just removed the conString and new client declarations. But I don't know where in my app to store those to make them accessible yet secure.
My directory structure follows the standard Sails.js application structure, similar to this: http://runnable.com/UlbJJhdpQyoWAAAK/sails-js-example-project-for-node-js-and-webserver
Any help would be appreciated
In sails.js, you can set environment-specific configs in config/env/development.js, or config/env/production.js.
Always store all sensitive info in environment variables, and never in config files. So your config file would read a env variable called POSTGRES_CONNECTION like so:
process.env.POSTGRES_CONNECTION
For anyone struggling with this same question, I would recommend storing your Sails database adapter definitions in the local.js file.
See the solution here for an example: Using local.js to store sails-mysql password