frank_jwt VS dotenv

NOTE: Never store sensitive information about a client in the payload as the JWT is just encoded and not encrypted. You can paste the JWT I gave as an example above in this cool site which basically allows you to see in decoded. JSON Web Tokens - jwt.io

Although they did not make it into production, I experimented with the RabbitMQ message broker, Python (Django, Flask), Kubernetes + minikube, JWT, and NGINX. This was a hobby project, but I intended to learn about microservices along the way.

JSON Web Token (JWT) creation to extend user authentication to server-side functions

The (probably) most famous web resource about JWT - https://jwt.io - provides such a definition of JSON Web Tokens:

If you want to play with JWT and put these concepts into practice, you can use jwt.ioDebugger to decode, verify, and generate JWTs.

In this context, JSON Web Tokens (JWTs) play a crucial role.

Json Web Token (JWT): Even though it is more like an industry standard, we will use JWTs for stateless authentication in this article. If you want to learn more, you can refer to the official documentation.

Se pegar o token jwt podemos ver o que tem dentro, usando o site jwt.io.

JWT token is not encrypted, it's just base64UrlEncoded. So, don't put any sensitive information in payload. Meaning, if for some reason an access token is stolen, an attacker will be able to decode it and see information in payload.Check it here.

We will put our Emailjs environment variables in a dotenv (.env) file. To read more about the purpose of this file click here.

Add .env to your .gitignore file to prevent it from being committed. Here's an example file with it already added. You may also use dotenv for advanced configuration and it will automatically load environment variables from a .env file into process.env.

dotenv: Designed to load environment variables from a .env file into the process.env environment

Like Doppler, Infisical uses environment variable injection. Similar to the Dotenv package for Node, when used in Node, it injects them at run time into the process object of the running app so they're not readable by any other processes or users. They can still be revealed by a crash dump or logging, so that is a caveat to consider in your code and build scripts.

We'll be working with databases' ids and different info that should be secured so I would advise you to create a .env file to store said info. We'll do this by installing dotenv into our project and use it accordingly:

dotenv - For reading our API keys from the environment

As an avid dotenv user I wanted to thank their maintainers for keeping the project alive for 10 years (wow). A perfect exemplary of dedication to Open Source.

Sensitive data like database URLs, API keys, and passwords should never be hardcoded in your application code. Instead, use environment variables accessed at runtime to keep this information secret. Popular dotenv libraries like dotenv make this easy for Node.js apps.