1
00:00:01,330 --> 00:00:08,740
In the last video, we saw how in the database, but there is one pain point that is anyone will have

2
00:00:08,740 --> 00:00:12,940
access to or just can see the secret OK by just console logging it.

3
00:00:13,480 --> 00:00:21,640
And also they can see the password by using find one method to how to wipe that sticky from that users

4
00:00:21,640 --> 00:00:22,250
will have access to.

5
00:00:23,320 --> 00:00:28,060
That is by using what are in dark and file.

6
00:00:29,300 --> 00:00:36,650
So basically, environment variables are very, very simple file that we are going to keep certain sensitive

7
00:00:36,650 --> 00:00:40,190
variables such as encryption keys and API keys.

8
00:00:40,850 --> 00:00:50,420
So for that first thing you have to do is npm install dot e and OK, so dot and meet and and be in package.

9
00:00:56,290 --> 00:00:58,540
So as you can see it.

10
00:01:00,590 --> 00:01:00,950
This is a.

11
00:01:01,580 --> 00:01:04,700
This is the package, the first thing and being installed at the end.

12
00:01:05,420 --> 00:01:08,750
So then the usage will be required to and read golfing.

13
00:01:09,230 --> 00:01:14,720
So basically, we are doing that here in the U.S. we are requiring not and and then configuring.

14
00:01:15,620 --> 00:01:23,060
So after doing that, what we have to do is just create a file called and in the derby and you can you

15
00:01:23,060 --> 00:01:26,360
can basically store all the keys in the EPA securities that you want.

16
00:01:26,810 --> 00:01:29,510
Here, I'm installing my secret key as this is my secret.

17
00:01:29,690 --> 00:01:30,590
You can have any string.

18
00:01:30,590 --> 00:01:32,810
It's OK, you can have any string that you want.

19
00:01:33,170 --> 00:01:35,690
This will vary from user to unit the secret key.

20
00:01:36,290 --> 00:01:41,690
So there's going to be this is the secret game starting in the dark and refine and know how to use it.

21
00:01:42,200 --> 00:01:50,840
So this process in this you have to use one statement process dot e and this will look to this file

22
00:01:51,110 --> 00:01:54,980
to process our DNA and then dot whatever variable you want.

23
00:01:54,980 --> 00:02:01,030
Dark Secret Keyboard Player And I do not blame Secret Dot app idea, dark secret, anything.

24
00:02:01,040 --> 00:02:02,840
Whatever you want, you can do that.

25
00:02:03,590 --> 00:02:09,410
So basically what this client decline secret and everything, we will see this in the final level of

26
00:02:09,410 --> 00:02:17,390
security that is authentication with Google, Google or Facebook or that kind of stuff.

27
00:02:17,780 --> 00:02:20,960
We'll see that in the last few areas of this project.

28
00:02:21,920 --> 00:02:23,570
And this is how they end with fireworks.

29
00:02:25,650 --> 00:02:26,100
Now.

30
00:02:27,960 --> 00:02:28,380
Here.

31
00:02:30,410 --> 00:02:36,380
You can basically call this secret geese using that, and we fi like process, dark energy, dark secret

32
00:02:36,380 --> 00:02:36,950
key and then.

33
00:02:39,550 --> 00:02:45,910
Let me show you, yeah, so here, instead of constantly correct physical store, we can remove this

34
00:02:45,910 --> 00:02:46,810
line of code.

35
00:02:47,140 --> 00:02:53,620
And then here insert of secret key, we can bust, process, lock any dot and then.

36
00:02:56,180 --> 00:02:58,760
Not captains all kept secret.

37
00:02:59,240 --> 00:03:06,230
So this will be will be used to hide the data secret, like all the keys and keys from the use, it

38
00:03:06,890 --> 00:03:08,120
will be stored in the enemy.

39
00:03:08,390 --> 00:03:13,880
So whenever we like, we push this code in some repository in GitHub or other platforms.

40
00:03:14,150 --> 00:03:19,970
Then we don't, we don't, you know, we don't send this and we fight that you can see and get ignored

41
00:03:20,330 --> 00:03:21,530
and not get ignored.

42
00:03:21,950 --> 00:03:26,240
We'll have all the files that we are not we should not pushing, but any repository.

43
00:03:26,660 --> 00:03:31,640
So as you can see, if you can pull off and search for data envy, you can find it.

44
00:03:32,210 --> 00:03:33,790
These are the files that are not.

45
00:03:33,980 --> 00:03:40,010
We will be not hosting or publishing any of it for this file, nor will access to this file, and they

46
00:03:40,010 --> 00:03:41,220
cannot see the secret gift.

47
00:03:41,840 --> 00:03:44,720
Hence, our secret keys safe from the outside users.

48
00:03:46,300 --> 00:03:48,490
OK, so there is a process for this also.

49
00:03:48,880 --> 00:03:51,310
So I'll be telling you, what is it?

50
00:03:51,670 --> 00:03:53,980
First thing is we have to require and configure.

51
00:03:54,340 --> 00:03:57,460
The second thing is create a derby and refine.

52
00:03:57,850 --> 00:04:02,710
The third thing is in the end, we find we have to like now in the filter.

53
00:04:02,860 --> 00:04:07,870
We have that environment specific variables on new lines in the form of name equals to value.

54
00:04:08,560 --> 00:04:11,230
And then if you want to go and check the documentation for examples.

55
00:04:12,010 --> 00:04:17,470
Now we can access our environment variables by using Process Derby and we're actually getting OK now

56
00:04:17,470 --> 00:04:18,170
inside the app.

57
00:04:18,190 --> 00:04:20,410
Or just we can grab the secret value from them.

58
00:04:20,410 --> 00:04:25,660
When one variable creator getting notified inside the file copy and paste the template that comes from

59
00:04:25,660 --> 00:04:26,050
GitHub.

60
00:04:26,500 --> 00:04:28,330
You know all of these things.

61
00:04:29,400 --> 00:04:29,730
Yeah.

62
00:04:30,090 --> 00:04:31,560
So with this, we have completed talking and we.

63
00:04:33,050 --> 00:04:33,410
But.

64
00:04:36,250 --> 00:04:36,820
What if?

65
00:04:38,550 --> 00:04:40,080
But what is a pain point here?

66
00:04:40,860 --> 00:04:47,220
It's probably not that difficult to be able to get our encryption key, even if we saved it in the environment

67
00:04:47,220 --> 00:04:49,500
variable of some somewhere secure in the sunlight.

68
00:04:49,920 --> 00:04:50,280
OK?

69
00:04:50,580 --> 00:04:52,890
They have some mechanisms to fine.

70
00:04:53,670 --> 00:04:58,680
So if they find that if they found the, for example, they had access to your system, their system

71
00:04:58,680 --> 00:05:03,450
is compromised and then they'll get the entity not from the system.

72
00:05:03,450 --> 00:05:07,230
It's where the source code to start, where the server is from the server itself.

73
00:05:07,830 --> 00:05:11,460
So once they get it, like I knew this weekend, I can see all the passwords.

74
00:05:11,460 --> 00:05:14,150
They can hack your accounts and then get hold.

75
00:05:14,200 --> 00:05:15,030
Surveys should be done.

76
00:05:16,530 --> 00:05:18,720
So this is just the basic level two of security.

77
00:05:19,020 --> 00:05:21,540
But if you remember, we have six limits.

78
00:05:21,930 --> 00:05:24,660
So the next step is hashing passwords.

79
00:05:25,230 --> 00:05:31,110
So how to overcome from this pain point, they even though they found out and when, when given everything,

80
00:05:31,110 --> 00:05:35,280
they have access to the server, but they don't know what the actual value is because the values are

81
00:05:35,280 --> 00:05:35,760
hashed.

82
00:05:36,360 --> 00:05:39,930
So how to do that, we'll see in the next week or in the hashing password section.

83
00:05:40,200 --> 00:05:40,590
Thank you.