Dotenv File for Secrets
Store local secrets in an .env file, rather than hard-coding
When dealing with local secrets, it is best practice is to keep secrets in an environment variable file, rather than hardcoding these secrets into scripts. A common convention is to use a "dotenv" file, as it is supported by many programming languages and is often appears in .gitignore
file templates. The default for a dotenv file is .env
(this is the entire filename, not an extension), but most dotenv libraries will support any name.
The practice of keeping secrets in dotenv files is optional, but highly encouraged. This allows you to share scripts without secrets, making those scripts more portable and safer.
Assumption of Environment Variables in Docs
While using the Space and Time docs you will find many examples, most of which use a combination of the sxtcli and .env
files to contain secrets. For consistency, these docs will assume the following environment variables are available:
Environment Variable | Description |
---|---|
API_URL | Base URL to the Space and Time network, for example https://api.example.com |
USERID | UserID / UserName for Space and Time authentication |
USER_PRIVATE_KEY | ED25519 Private Key that corresponds to the above USERID |
USER_PUBLIC_KEY | ED25519 Public Key that corresponds to the above USERID |
USER_PASSWORD | Password used by Space and Time Studio that corresponds to the above USERID |
Dotenv Example
Dotenv files are typically structured so that they can be executed by a shell command, thus loading them as environment variables. An example .env
file might look like:
API_URL="https://api.example.com"
USERID="Jane_Doe"
USER_PUBLIC_KEY="mNczmcOoMqHQzaW0/lXuCRa5wYYPcQms92q0G+VzKtY="
USER_PRIVATE_KEY="7zoZMnvJv+spt5lUjF0Isuyxi9jlwJCCWCglJmSVghc="
USER_PASSWORD="Aok3pnEPK"
There are no spaces before or after the equal sign. Shell commands in some operating systems can register spaces as valid characters and include them in the variable.
To test, try to authenticate to Space and Time (with valid credentials) by first loading your .env file, then use sxtcli authenticate
:
echo "Load .env file"
. ./.env
echo "Login to SxT"
sxtcli authenticate login --url=$API_URL --userId=$USERID --publicKey=$USER_PUBLIC_KEY --privateKey=$USER_PRIVATE_KEY
echo "Save Access Token for later use"
ACCESS_TOKEN="eyJ0eXBlIjoiYWNjZXNzIiwia2lkIjoiZTUxNDVkYmQtZGNmYi00ZjI..."
Or, more concisely:
echo "Load .env file and get ACCESS_TOKEN"
. ./.env
ACCESS_TOKEN=$( sxtcli authenticate login --url=$API_URL --userId=$USERID --publicKey=$USER_PUBLIC_KEY --privateKey=$USER_PRIVATE_KEY | awk 'NR==2{ print $2 }' )
Other environment variables you may encounter
While traversing the documents, you may also encounter other environment variables used in examples:
Environment Variable | Description |
---|---|
ACCESS_TOKEN | Base64 authenticated Access Token that is used to directly access Space and Time |
BISCUIT_TOKEN | Base64 Biscuit Token for decentralized authorization |
RESOURCE_PRIVATE_KEY | Hexidecimal Private Key for a table that is used to create the above BISCUIT_TOKEN |
RESOURCE_PUBLIC_KEY | Hexidecimal Public Key for a table that is used to validate the above BISCUIT_TOKEN This should match the CREATE TABLE... WITH "public_key=..." public key. |
Updated 11 months ago