« Previous Tutorial Next Tutorial »

Our last tutorial ran long because getting set up with a third-party SMTP server requires jumping through a lot of hoops. This tutorial’s going to run short, because moving our secrets, hashes, and API keys to a separate file that we keep out of version control is actually quite easy. So if you average the two together, it’s like you got two five-minute tutorials. Right?

Cool, glad we’re all in agreement. Let’s go. First off, create a new file in the top level of your musiclist project and name it config.json. This will contain all the various pieces of information we don’t want to be storing on Github. Here’s what it should look like … although, of course, my actual values are different than these sample values, and you should use your actual values here.

  "crypto": {
    "secret": "sda46ufgh239d7fjhwi0sejhrgw4ersjdf8u7eweoi42hg0siojg"
  "expressSession" : {
    "secret": "bmoe5r8hb98fhsbso93ikdfgbs0u4sfg89dhsogsd09fy4pf9fdh"
  "mailgun": {
    "apiKey": "key-a6831fad9c681569479ab46734f662a8",
    "domain": "sandboxfa58bac976052d5e93f1cfa0b54c5337.mailgun.org"

Save that file, and create another new file at the top level called config.js. This file will be in version control, and it ingests our JSON and makes it usable by the rest of our app. Here’s the code:

const fs = require('fs');

const configPath = './config.json';
const parsed = JSON.parse(fs.readFileSync(configPath, 'UTF-8'));

// We have to export each object in order to access them separately
exports.crypto = parsed.crypto;
exports.expressSession = parsed.expressSession;
exports.mailgun = parsed.mailgun;
exports.port = parsed.port;

That’s it, though it’s important to remember that if and when we add further items to config.json, we’ll need to create an export for them here. Anyway, save this file and let’s put it to use. Open up /app.js. First, let’s organize our imports at the top alphabetically by reordering lines 1 through 18. Sadly you can’t just highlight the whole block and hit F5 (for Mac) or F9 (for Windows) in Sublime text to organize them alphabetically because the object we’re passing to expressSession confuses things, so you’ll have to do it manually. When you’re done, it should look like this:

const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');
const express = require('express');
const expressSession = require('express-session')({
  secret: 'random strings here are good',
  resave: false,
  saveUninitialized: true,
const favicon = require('serve-favicon');
const LocalStrategy = require('passport-local').Strategy;
const logger = require('morgan');
const mongoose = require('mongoose');
const passport = require('passport');
const path = require('path');
const webpack = require('webpack');
const webpackConfig = require('./webpack.config');
const webpackDevMiddleware = require('webpack-dev-middleware');
const webpackHotMiddleware = require('webpack-hot-middleware');

Now, at the top of the file, add the following:

const appConfig = require('./config.js');

This gives us access to our config variables, so let’s use them. Change line 6 to the following:

  secret: appConfig.expressSession.secret,

That’s it for this file. Save it, and open /api/routes/authentication.js. We’re going to replace a couple of lines here, too, but first we need to make the same addition at the very top of the file, except with an adjusted directory structure:

const appConfig = require('../../config.js');

Now we can replace lines 5 and 6, like this:

  apiKey: appConfig.mailgun.apiKey,
  domain: appConfig.mailgun.domain,

and line 100, like this:

    const secret = appConfig.crypto.secret;

And line 111, like this:

        from: `CloseBrace <postmaster@${appConfig.mailgun.domain}>`,

We’re good here. Save the file, and we’re basically done. You can test your app, and everything should still be working exactly as it was. If it’s not, try restarting your server.

Now, let’s make sure our JSON file gets ignored. Open up .gitignore, and at the bottom of the file add these lines:

# Application Configuration

That’s all you need to do. Save the file and head for your command prompt or terminal window. Make sure you’re in your musiclist directory, and then type

git status

Notice anything? Our config.json file is nowhere in the list. As far as git is concerned, it doesn’t exist. That’s what we want. So go ahead and commit all of your changes with:

git add -A

And then

git commit -m "whatever commit message you want"

And of course, send it along to Github with

git push

That’s it. We’re all set, and ready to move forward with development again. Next time, we’ll build a page that lets users actually change their password once they’ve clicked the reset password link we emailed to them. See you then!

« Previous Tutorial Next Tutorial »