After years, I still come back to your videos. Doesn't matter which one. I just come back to them. They solve so many issues. When I first discovered you I wasn't working with JS at all. But enjoyed watching your videos. Now I am working with JS. So I am back
As someone who just started learning to code and my first interview being: "The hell you doing your API key is public", this was a godsend video. Very to the point and clear explanation. Subscribed
Just found this guy's channel and he cooks, simple easy to understand instructions, great job to the creator! Always going to check your channel for any information I need before others.
You probably dont give a damn but does someone know a way to log back into an instagram account? I somehow forgot my account password. I love any help you can give me.
@Casen Ace thanks so much for your reply. I found the site thru google and Im waiting for the hacking stuff now. Seems to take a while so I will reply here later when my account password hopefully is recovered.
It was never boring! Actually, you made this serious topic so fun like magic. Also, I loved the ending credit of the train. Creative idea!!! Thank you so much!!!!
I randomly came across this video and I can't go without thank you ! Your explanations are very clear and makes the course material simple to understand. Thank you very much ! I am so happy I fond your channel today :))
What a great series man, I'm grateful everyone can use resources like this. Going from knowing almost 0 JS to deploying my app was very satisfying. One update though: if you get this error like me: "npm ERR! Missing script: "start"", add this to the end of your package.json file, before the finishing curly brace: ,"scripts": { "start": "node index.js" },
Great tutorial, but I do want to mention one thing. Environmental variables help you hide your sensitive information for version control purposes. If you build a public website and have environmental variables showing on client side, a user can open the debugger and hover over those variables and see the values of them. Make sure that you use these variables on back-end (server) side if you don't want anyone to see their values.
if you are working on linux you may experience a problem when running the code, "undefined" gets returned, thats because you need to set the env variable yourself. go to bashrc and do export ENV_VARIABLE=VALUE no spaces around the equal and if the VALUE has spaces add quotes around it
Using dotenv package and store the API_KEY in .env file does not completely hide the API_KEY. It is fine for GitHub because someone visiting this repo they wont be able to see the API_KEY. But if the project is deployed in sever then anyone can see the API_KEY from the browser when they visit this particular website. The best way to hide the API_KEY is store it in the backend and make the API calls from the backend only. Only send the response data to the frontend. And to add more security you can set up CORS for the API_KEY so even if someone gets access to the API_KEY they wont be able to send request as the request will be rejected and only the request from the domains mention in the CORS will be able to make successful request using this API_KEY.
I'm getting the api key returned in my terminal, but now my data is not being returned in the browser and getting console error: Uncaught ReferenceError: require is not defined. Help please
Whats the difference between using dotenv and just throwing them in another javascript file that you export from and then adding that file to the gitignore? I could watch the video and most likely get the answer to that question; but in the interest of being one of the earliest comments.... please understand.
kind of the same thing, but environment variables are more common because you can configure them more easily on other host services like heroku, CI systems like Jenkins, you can change then on a command line, lots of other ways.
Waiting for the actual answer, but like for me, my main reason for using .env files is because it's a "standard" and you can share that file between different languages for example. A single .env file can be read in NodeJS, PHP, Python,... (others?) without changing any syntax and let dotenv handle everything. My second reason would be the "environment" part. It's clear that it is environment-based and the scope for these variables is globally accessible (less an issue in NodeJS probably) within classes, methods, ..
Spectacular tutorial! Thank you. It's very clear. I wonder if using any browser inspector, can anyone see the API_KEY? Looking inside the code or in the Request to the API message?
incredible video, I spend like 1 year in a College trying to use GitHub as they told me without actually know what I was doing. thank you! Just a question... Can I add to the .env file a private key from firebase?
I prefer sample.env rather than .env_sample that way it still has the same file extension .env which means syntax highlighting and icons in code editor are the same, and also makes it slightly easier to rename.
I suppose if you commit env file before .gitignore file(with line.env), you'll see your .env file in the repo anyway. To delete it from the history, write this in console: git rm -r --cached .env git filter-branch --index-filter "git rm -rf --cached --ignore-unmatch .env" HEAD git push --force
Hi, how about if i am using Docker and dont want to publish my .env file in git. But my application is require env file. Can you pls help how to use .env file in Docker container or K8
i'm working with custom-env pretty similar, but I need to have two env files, for two environments, how should this be treated? How can i make it work?
@TheCodingTrain Hi there! I am facing problem in order to upload .env file in my github repo. Since the application doesn't fetching information. What to do???Please help me.
Great Tutorial! Although i have a question and i hope some good soul will answer me. During my Bootcamp, we never got tought or warned to hide our API Keys. So now that i am about to apply for jobs, i have been overwhelmed with the fact that i need to hide my personal API key that i used for my projects (it's a free personal key from my bootcamp). So my question is: What should i do that i already committed and publicly pushed all of my projects and API keys on my github? Thankfully no one has access to it yet but i need to take action before sending applications or post my github to Linkedin. Any advice would be greatly appreciated 🙏🙏
After years, I still come back to your videos. Doesn't matter which one. I just come back to them. They solve so many issues. When I first discovered you I wasn't working with JS at all. But enjoyed watching your videos. Now I am working with JS. So I am back
As someone who just started learning to code and my first interview being: "The hell you doing your API key is public", this was a godsend video. Very to the point and clear explanation. Subscribed
Just found this guy's channel and he cooks, simple easy to understand instructions, great job to the creator! Always going to check your channel for any information I need before others.
Watched your video for 5minutes and i have no choose but to hit the Subscribe button very fast.
I love your style of teaching,
it's been years and i still love your content.
This is a great tutorial! Thank you for being quick and to the point, as well as informative and helpful!
You probably dont give a damn but does someone know a way to log back into an instagram account?
I somehow forgot my account password. I love any help you can give me.
@Gustavo Tomas Instablaster :)
@Casen Ace thanks so much for your reply. I found the site thru google and Im waiting for the hacking stuff now.
Seems to take a while so I will reply here later when my account password hopefully is recovered.
@Casen Ace It did the trick and I finally got access to my account again. I am so happy!
Thank you so much, you really help me out!
@Gustavo Tomas no problem =)
It was never boring! Actually, you made this serious topic so fun like magic. Also, I loved the ending credit of the train. Creative idea!!! Thank you so much!!!!
no words can describe your awesome explanation
I randomly came across this video and I can't go without thank you ! Your explanations are very clear and makes the course material simple to understand. Thank you very much ! I am so happy I fond your channel today :))
I just love the way you teach things! Doesn't even let me feel boring for a single sec! 😊🚀
From hiding api keys to adding local source to GitHub ..well summarized things in 10 mins ..great video !
What a great series man, I'm grateful everyone can use resources like this. Going from knowing almost 0 JS to deploying my app was very satisfying.
One update though: if you get this error like me: "npm ERR! Missing script: "start"", add this to the end of your package.json file, before the finishing curly brace:
,"scripts": {
"start": "node index.js"
},
I was searching for a video about env file and felt relief when I saw yours
you're a legend dude this is a life saver
The best video about environment variable and how to use them👍👍👍
How i didn't know this channel? Awesome tutorial and one of the best teachers that i have ever seen on youtube. Keep up!
As someone who has done this before on my own projects I can say this is legit. Immediate subscribe.
You're so good at explaining things! Thank you!
Bro, thank you very much, this is exactly what I needed, you're so good at explaining things
I was suffering to understand the environment variable and its benefits this video the best explanation I have ever seen.
Thank you so much. You saved my day with this explanation
Nice video! I've just recently pushed some API keys to Github. Fortunately they have a service that lets you know when you've screwed up.
Same 🤣🤣
Thanks a lot ! That's clear and the objectives are so well explained ! I didn't even know that we could code on ecstasy !
Thank you so much i have been searching one good video for days. finally got this one. this one is quick, understandable
Hey, love your videos! they're so straight to the point Thank you for putting this out for free 🙏
If your file is called index.js, you can just do `node .` or `node index`
U made it so fun to watch ....❤
Great tutorial, but I do want to mention one thing. Environmental variables help you hide your sensitive information for version control purposes. If you build a public website and have environmental variables showing on client side, a user can open the debugger and hover over those variables and see the values of them. Make sure that you use these variables on back-end (server) side if you don't want anyone to see their values.
So keep working on my project and when I want to deploy hide all my keys and db names thank you 😁
It works amazingly, thanks a million!
Thanks for this playlist. Really helped
You're a great teacher!!!
if you are working on linux you may experience a problem when running the code, "undefined" gets returned, thats because you need to set the env variable yourself.
go to bashrc and do export ENV_VARIABLE=VALUE no spaces around the equal and if the VALUE has spaces add quotes around it
2:00 start
5:30 Create a sample .env
Make sure .gitignore has .env listed
Simple and straight to the point thank you👏🏿
Very engaging! thank you for the lesson.
Thank you! This is exactly the video and explanation I needed!
Thanks a lot! This has been a lifesaver
Using dotenv package and store the API_KEY in .env file does not completely hide the API_KEY. It is fine for GitHub because someone visiting this repo they wont be able to see the API_KEY. But if the project is deployed in sever then anyone can see the API_KEY from the browser when they visit this particular website. The best way to hide the API_KEY is store it in the backend and make the API calls from the backend only. Only send the response data to the frontend. And to add more security you can set up CORS for the API_KEY so even if someone gets access to the API_KEY they wont be able to send request as the request will be rejected and only the request from the domains mention in the CORS will be able to make successful request using this API_KEY.
No one is dumb enough to put the api key in frontend, also the example code in the video is using express js which is run by node js in backend.
Awesome content and explanation, thanks man!
Thank you man, I was exactly looking for that
Thank you! Was just looking for this
Thanks! It was very clear!
THIS SAVED MY LIFE THANK YOU
Thank you very much for your explanation 😊
Great explanation
Great presentation. Thank you very much
Very nice, thank you, very educational and entertaining! :)
Amazing video sir!
I'm getting the api key returned in my terminal, but now my data is not being returned in the browser and getting console error: Uncaught ReferenceError: require is not defined. Help please
Our Coding Train Discord is a great place to get help with coding questions ! discord.gg/hPuGy2g
- The Coding Train Team
you are the goat, thanks so much
THank you! I find this fun to learn
So, so useful. Thanks!
BTW you are amazing teacher!
Super helpful video!
Thanks so much this is helpful.
eagerly waiting for the next video of this series....
I want to know more about the available hosting services for node.
Thank you! this helped me a lot, earned a new sub :D
Whats the difference between using dotenv and just throwing them in another javascript file that you export from and then adding that file to the gitignore?
I could watch the video and most likely get the answer to that question; but in the interest of being one of the earliest comments.... please understand.
kind of the same thing, but environment variables are more common because you can configure them more easily on other host services like heroku, CI systems like Jenkins, you can change then on a command line, lots of other ways.
Waiting for the actual answer, but like for me, my main reason for using .env files is because it's a "standard" and you can share that file between different languages for example. A single .env file can be read in NodeJS, PHP, Python,... (others?) without changing any syntax and let dotenv handle everything. My second reason would be the "environment" part. It's clear that it is environment-based and the scope for these variables is globally accessible (less an issue in NodeJS probably) within classes, methods, ..
Ahh true that
For the same reason you wouldn't take a helicopter to do your grocery shopping, it's not the right tool for the job.
thanx man , this was helpful
super helpful - thank you!
Spectacular tutorial! Thank you. It's very clear. I wonder if using any browser inspector, can anyone see the API_KEY? Looking inside the code or in the Request to the API message?
could continue this series with PWA. This has been popular with web technology in this modern day.
Simply awesome
incredible video, I spend like 1 year in a College trying to use GitHub as they told me without actually know what I was doing. thank you! Just a question... Can I add to the .env file a private key from firebase?
i am first here and very impresed they way you teach , ke
Typing those command line commands made me feel like a real programmer 😎 Thank you for this awesome playlist!
Thanks a lot! I was totally stuck with a bug until I watched your video. So clarifying!
sheefmahn brilliant series of videos. any videos where you interact with a Database-as-a-Service? SQL or not
i love your energy
Please publish the continued episode fastly sir waiting for it
A subscriber from INDIA
#Codingtrain
From a “security/ privacy” standpoint, how is this any better than just having a js file with a variable for thr api key in it?
You saved me, suscribed!
I exactly landed where i wanted to be. I was just looking for this
Muchas gracias bro 😀!
It says require is not defined for me in the console. I followed the steps in terminal, have the lastest version of node etc.???
same ugh this is so annoying
Awesome, thanks
his next coding challenge should be solving the heat equation based off of 3blue1brown's video on the same topic
Please suggest here! github.com/CodingTrain/Rainbow-Topics/issues
I prefer sample.env rather than .env_sample that way it still has the same file extension .env which means syntax highlighting and icons in code editor are the same, and also makes it slightly easier to rename.
Great tip!
Here after learning developers added the api key and people were able to view it in the git history commit before it was published XD
can you use .env and gitignore in a vanilla js project?
Thanks dad xx
So nice thanks for this video
install:
npm install dotenv
import:
require('dotenv').config()
use:
process.env
I suppose if you commit env file before .gitignore file(with line.env), you'll see your .env file in the repo anyway.
To delete it from the history, write this in console:
git rm -r --cached .env
git filter-branch --index-filter "git rm -rf --cached --ignore-unmatch .env" HEAD
git push --force
for people who tried to find the GitHub project in the video, here is the link to the GitHub repository: github.com/CodingTrain/The-Weather-Here
Hi, how about if i am using Docker and dont want to publish my .env file in git. But my application is require env file. Can you pls help how to use .env file in Docker container or K8
require('dotenv').config is a sever-side technology not a browser, hence, I am getting an error on my console. How are you not getting this error?
did u end up fixing it?
i'm working with custom-env pretty similar, but I need to have two env files, for two environments, how should this be treated? How can i make it work?
Nevermind, got it :)))
Sir Could you please make a video explaining the resources you use to learn or enhance your programming skills
You helped me
always sounds to me like you're saying "I'm going to post this in the video's subscription," but I'm sure you're saying "video's description".
Nice video!!! How to use this environment variables in the CI(actions)?
If I were to deploy to vercel how can I retrieve the .env values?
@TheCodingTrain Hi there! I am facing problem in order to upload .env file in my github repo. Since the application doesn't fetching information. What to do???Please help me.
console.log(process.env) doesn't include my .env variable
Why when you put the node_modules in the .gitignore file you put a / in front of it?
because node modules is a folder and then git will ignore every file in that folder
Great Tutorial! Although i have a question and i hope some good soul will answer me.
During my Bootcamp, we never got tought or warned to hide our API Keys. So now that i am about to apply for jobs, i have been overwhelmed with the fact that i need to hide my personal API key that i used for my projects (it's a free personal key from my bootcamp). So my question is: What should i do that i already committed and publicly pushed all of my projects and API keys on my github? Thankfully no one has access to it yet but i need to take action before sending applications or post my github to Linkedin. Any advice would be greatly appreciated 🙏🙏
The dot means add everything of the current directory.
Otherwise "--all" is required.
but this works just for development on github... if I go in production like a jam stack project? it is not hidden right?