I am currently writing a NodeJS command line application. The application makes an API call and returns some data to the user. Given that this is a public API, the user needs an API token. This CLI will be installed globally on the user computer via npm i -g super-cool-api-cli .
The first time the user launches the CLI, they request a token, and then I store it so that every subsequent time it starts, they do not need to enter it. I provided the user with a way to reset this too. I store it in the actual directory of my CLI module, which, as indicated, is installed globally and looks something like this:
fs.writeFile( __dirname+'/.token.json', JSON.stringify( { "token": token }, null, 2 ), 'utf8', (e)=>{ // error handling and whatever });
I call the .token.json file, using a dot to at least make the file hidden by default.
I assume I am asking if there is a better / safer way to store sensitive information in a NodeJS command-line application that you will run more than once. I was thinking about using things like environment variables , but they seem to end at the end of the process.
Security is a skill that I'm a little lacking, but really want to know more, so be sure to give your advice in advance.
source share