如何安全地存储SSL或公钥私钥?

问题描述 投票:0回答:1

我有这样的钥匙。

MIID0DCCArigAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJGUjET
MBEGA1UECAwKU29tZS1TdGF0ZTEOMAwGA1UEBwwFUGFyaXMxDTALBgNVBAoMBERp
bWkxDTALBgNVBAsMBE5TQlUxEDAOBgNVBAMMB0RpbWkgQ0ExGzAZBgkqhkiG9w0B
CQEWDGRpbWlAZGltaS5mcjAeFw0xNDAxMjgyMDM2NTVaFw0yNDAxMjYyMDM2NTVa
MFsxCzAJBgNVBAYTAkZSMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ
bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFDASBgNVBAMMC3d3dy5kaW1pLmZyMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpnaPKLIKdvx98KW68lz8pGa
RRcYersNGqPjpifMVjjE8LuCoXgPU0HePnNTUjpShBnynKCvrtWhN+haKbSp+QWX
SxiTrW99HBfAl1MDQyWcukoEb9Cw6INctVUN4iRvkn9T8E6q174RbcnwA/7yTc7p
1NCvw+6B/aAN9l1G2pQXgRdYC/+G6o1IZEHtWhqzE97nY5QKNuUVD0V09dc5CDYB
aKjqetwwv6DFk/GRdOSEd/6bW+20z0qSHpa3YNW6qSp+x5pyYmDrzRIR03os6Dau
ZkChSRyc/Whvurx6o85D6qpzywo8xwNaLZHxTQPgcIA5su9ZIytv9LH2E+lSwwID
AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU+tugFtyN+cXe1wxUqeA7X+yS3bgw
HwYDVR0jBBgwFoAUhMwqkbBrGp87HxfvwgPnlGgVR64wDQYJKoZIhvcNAQEFBQAD
ggEBAIEEmqqhEzeXZ4CKhE5UM9vCKzkj5Iv9TFs/a9CcQuepzplt7YVmevBFNOc0
+1ZyR4tXgi4+5MHGzhYCIVvHo4hKqYm+J+o5mwQInf1qoAHuO7CLD3WNa1sKcVUV
vepIxc/1aHZrG+dPeEHt0MdFfOw13YdUc2FH6AqEdcEL4aV5PXq2eYR8hR4zKbc1
fBtuqUsvA8NWSIyzQ16fyGve+ANf6vXvUizyvwDrPRv/kfvLNa3ZPnLMMxU98Mvh
PXy3PkB8++6U4Y3vdk2Ni2WYYlIls8yqbM4327IKmkDc2TimS8u60CT47mKU7aDY
cbTV5RDkrlaYwm5yqlTIglvCv7o=
-----END CERTIFICATE-----

我正在使用 Node.js 和 TypeScript 开发 API,并且我有用于 JWT 和 HTTPS 的公钥-私钥和证书密钥。重要的是不要在我的代码中公开它们。如果我使用 

fs.readFileSync(..)
读取文件,这些文件将在我的项目中可见。

是否可以从 .env 提供它们?

或者最好的做法是什么?

javascript node.js typescript security
1个回答
1
投票

您可以使用 

dotenv
包来实现您的目标。您可以简单地将文件路径存储在 
.env
文件中,并使用 
dotenv
根据您的要求将其加载到代码中。比如:

PRIVATE_KEY_LOC=./path/to/private-key.pem
PUBLIC_KEY_LOC=./path/to/public-key.pem
CERTIFICATE_LOC=./path/to/certificate.pem

import fs from 'fs';
import path from 'path';
import dotenv from 'dotenv';

dotenv.config();

const privateKeyPath = path.resolve(process.cwd(), process.env.PRIVATE_KEY_LOC!);
const publicKeyPath = path.resolve(process.cwd(), process.env.PUBLIC_KEY_LOC!);
const certificatePath = path.resolve(process.cwd(), process.env.CERTIFICATE_LOC!);

const privateKey = fs.readFileSync(privateKeyPath, 'utf-8');
const publicKey = fs.readFileSync(publicKeyPath, 'utf-8');
const certificate = fs.readFileSync(certificatePath, 'utf-8');
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.