如何使用密钥将节点应用正确部署到GAE? [英] How to properly deploy node apps to GAE with secret keys?
问题描述
我正在使用nconf探索GAE,并且想知道在部署应用程序后以下设置是否安全。
让我担心的是尽管已将 config.dev.json和 config.prod.json文件都包含在 .gitignore中,但仍在部署它们。
执行以下操作后,我不确定会向gae传递什么信息(我不希望暴露配置键):
$ git add。
$ git commit -m'Commiting'
$ glcoud应用程序部署
我的节点应用程序结构如下:
-/ myProject
-/ node_modules
-.gitignore
-app.js
-app.yaml
-config.js
-keys.dev.json
-keys.prod.json
-包锁.json
-package.json
// .gitignore
node_modules
keys.dev.json
keys.prod.json
// config.js:
const nconf = require( nconf);
nconf.argv()。env();
if(nconf.get( NODE_ENV)=== production){
nconf.file( keys.prod.json);
} else {
nconf.file( keys.dev.json);
}
...
在 .gitignore
中包括文件对在GAE上部署没有任何影响,该文件仅由 git
使用。 / p>
如果要阻止将文件部署到GAE,则需要在<$ c中使用 skip_files
选项$ c> app.yaml 文件的常规设置:
skip_files
可选。 skip_files 元素指定
应用程序目录中的哪些文件不上传到App Engine。
的值可以是正则表达式,也可以是正则表达式列表。上传应用程序时,要上传的文件列表中的
会省略任何与任何正则表达式匹配的
文件名。
例如,要跳过名称以 .bak 结尾的文件,请添加
skip_files 部分,如下所示:skip_files:
-^(。* /)?\.bak $
旁注:
- 如果我正确理解后,您的应用程序会使用这些文件,因此在我看来您将必须与您的应用程序一起部署。
- 即使已部署文件在GAE上,决定文件是否受到外部请求是您的应用程序的责任(和完全控制权)。
- 如果您想确切地知道部署中包含哪些文件,您可以可以使用
--verbosity 选项在部署过程中看到它们/ gcloud / reference / app / deploy rel = nofollow noreferrer> gcloud应用程序部署
命令。
I am exploring GAE with nconf and I'm wondering if the following setup is secured after I deploy an App.
What concerns me is are both my "config.dev.json" and "config.prod.json" files deployed despite including them in ".gitignore".
I am unsure what information is passed along to gae (I don't want my config keys exposed) after I do:
$ git add .
$ git commit -m 'Commiting'
$ glcoud app deploy
My Node App structure looks like this:
- /myProject
- /node_modules
- .gitignore
- app.js
- app.yaml
- config.js
- keys.dev.json
- keys.prod.json
- package-lock.json
- package.json
// .gitignore
node_modules
keys.dev.json
keys.prod.json
// config.js:
const nconf = require("nconf");
nconf.argv().env();
if (nconf.get("NODE_ENV") === "production") {
nconf.file("keys.prod.json");
} else {
nconf.file("keys.dev.json");
}
...
Including files in .gitignore
has no implications whatsoever on deployment on GAE, that file is only used by git
.
If you want to prevent deployment of a file to GAE you need to use the skip_files
option in your app.yaml
file's General settings:
skip_files
Optional. The skip_files element specifies which files in the application directory are not to be uploaded to App Engine. The value is either a regular expression, or a list of regular expressions. Any filename that matches any of the regular expressions is omitted from the list of files to upload when the application is uploaded.
For example, to skip files whose names end in .bak, add a skip_files section like the following:
skip_files: - ^(.*/)?\.bak$
Side notes:
- if I understand correctly, your app uses those files, so it appears to me like you will have to deploy them together with your app.
- even if a file is deployed on GAE it is your app's responsability (and complete control) in deciding if the file is exposed to ouside requests or not.
- if you want to know exactly which files are included in the deployment you can see them displayed during deployment by using the
--verbosity
option for thegcloud app deploy
command.
这篇关于如何使用密钥将节点应用正确部署到GAE?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!