-
Notifications
You must be signed in to change notification settings - Fork 5
Env Vars
Brian Graham edited this page May 9, 2018
·
1 revision
You will need to launch the app with the following environment variables:
Reasonable defaults:
PUBLISH_SECRET_URI=/new
KEY_NAME_RANDOM_BYTES=128
DOMAIN=example.com
PORT=80
HTTP_TIMEOUT_MS=5000
MAX_UPLOAD_KB=128
A non-exhaustive list of how to set envvars:
- On a lot of popular operating systems you can set these via the
exportcommand (export KEY=value) - In bash you can prepend them to the command (
KEY1=value KEY2=value2 command) - On lots of popular hosting services there's probably a web UI for this somewhere
- You can put these in a file and load them with source such as
source filename && ...
| Name | Purpose |
|---|---|
PUBLISH_SECRET_URI |
The URL you want to publish secrets to, and the page to author them from. This is variable so you can add an extra level of "secrecy". This could be useful if your server is publicly accessible. In some environments I've used a random string as the URL which was "good enough" for preventing guessers and web-crawlers. |
KEY_NAME_RANDOM_BYTES |
How many bytes of entropy will your secret key-id be? |
DOMAIN |
The domain you will be hosting on. Because the only other way to generate that is with frontend code. |
PORT |
The port your application will run on. The envvar is PORT and not HTTP_PORT because I want to allow Heroku users to use this app (and they're forced to use that envvar) |
HTTP_TIMEOUT_MS |
How long should a connection be allowed to live? 5000ms seems reasonable to me, perhaps even too long. |
MAX_UPLOAD_KB |
How many KB of data can someone upload? 128 kb seems reasonable, but actually this is quite large in terms of secrets. Remember, everything is stored in memory, so if 1000x128kb secrets are stored at once, you use over 125 megabytes of memory just for this purpose. |