Dotenv File for Secrets
Store local secrets in an .env file, rather than hard-coding
When dealing with local secrets, it is best practice is to keep secrets in an environment variable file, rather than hardcoding into code directly. A common convention is to use a "dotenv" file, as it is supported by many programming languages and is often appears in .gitignore
file templates. The default for a dotenv file is .env
(this is the entire filename, not an extension), but most dotenv libraries will support any name.
The practice of keeping secrets in dotenv files is optional, but highly encouraged. This allows you to share scripts without accidentally sharing secrets, making those scripts more portable and safer.
Example Dotenv (.env) File
Dotenv files are just text files, structured so that they can be executed by a shell command, thus loading them as environment variables. An example .env
file for Space and Time network might look like:
API_URL="https://api.spaceandtime.dev"
USERID="JaneDoe"
USER_PUBLIC_KEY="mNczmcOoMqHQzaW0/lXuCRa5wYYPcQms92q0G+VzKtY="
USER_PRIVATE_KEY="7zoZMnvJv+spt5lUjF0Isuyxi9jlwJCCWCglJmSVghc="
USER_PASSWORD="Aok3pnEPK"
There are no spaces before or after the equal sign. Shell commands in some operating systems can register spaces as valid characters and include them in the variable.
To create a dotenv file, simply create a new text file in the location of your choice and rename it to .env
, and copy the above example content into your dotenv file for a quick start. Update the User* information, and you're ready to start using Space and Time with secure secrets!
To test, open up a terminal window, navigate to the folder containing your .env
file, and type:
. ./.env
echo "Loaded USERID from .env file: "$USERID
This should print the last string, with your SXT UserID at the end!
Congrats! You've configured your dotenv file for safely storing and using keys!
Assumption of Environment Variables in Docs
While using the Space and Time docs you will find many examples, most of which use a combination of the sxtcli and .env
files to contain secrets. For consistency, these docs will assume the following environment variables are available:
Environment Variable | Description |
---|---|
API_URL | Base URL to the Space and Time network, for example https://api.example.com |
USERID | UserID / UserName for Space and Time authentication |
USER_PRIVATE_KEY | ED25519 or Private Key that corresponds to the above USERID |
USER_PUBLIC_KEY | ED25519 Public Key that corresponds to the above USERID |
USER_PASSWORD | Password used by Space and Time Studio that corresponds to the above USERID |
RESOURCE_PRIVATE_KEY | ED25519 (hex encoded) Private Key to control a table or view |
RESOURCE_PUBLIC_KEY | ED25519 (hex encoded) Public Key to control a table or view |
BISCUIT | Base64 Biscuit Token for decentralized authorization (often prefixed, i.e., ADMIN_BISCUIT , READ_BISCUIT , etc.) |
Test on SXTCLI
To test, try to authenticate to Space and Time (with valid credentials) by first loading your .env file, then use sxtcli authenticate
:
echo "Load .env file"
. ./.env
echo "Login to SxT"
sxtcli authenticate login --url=$API_URL --userId=$USERID --publicKey=$USER_PUBLIC_KEY --privateKey=$USER_PRIVATE_KEY
echo "Save Access Token for later use"
ACCESS_TOKEN="eyJ0eXBlIjoiYWNjZXNzIiwia2lkIjoiZTUxNDVkYmQtZGNmYi00ZjI..."
Or, more concisely:
echo "Load .env file and get ACCESS_TOKEN"
. ./.env
ACCESS_TOKEN=$( sxtcli authenticate login --url=$API_URL --userId=$USERID --publicKey=$USER_PUBLIC_KEY --privateKey=$USER_PRIVATE_KEY | awk 'NR==2{ print $2 }' )
Updated 2 months ago