Get jwt secret from env var

CitizenLabDotCo · Aug 5, 2024 · f683f8d · f683f8d
1 parent 884e4ef
commit f683f8d
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 7 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,6 @@
 node_modules
 
 # Local VsCode config
-.vscode/*
+.vscode/*
+
+env_files/*
diff --git a/README.md b/README.md
@@ -22,7 +22,9 @@ make feature-toggle feature=fake_sso enabled=true
 npm i
 ```
 
-4. In both repos, run the docker compose file:
+4. In this repo, create a file called `back-secret.env` in the `env_files` folder, and make sure it has the correct `FAKE_SSO_JWT_SECRET`. It should match the one in `env_files/back-secret.env` in the main repo.
+
+5. In both repos, run the docker compose file:
 
 ```
 docker compose up

diff --git a/package.json b/package.json
@@ -3,7 +3,7 @@
   "version": "0.0.1",
   "private": true,
   "scripts": {
-    "start": "nodemon ./bin/www"
+    "start": "nodemon ./bin/www --env-file=env_files/back-secret.env"
   },
   "dependencies": {
     "cookie-parser": "~1.4.4",
@@ -16,4 +16,4 @@
     "nodemon": "^3.1.4",
     "uuid": "^10.0.0"
   }
-}
+}
diff --git a/utils/createIdToken.js b/utils/createIdToken.js
@@ -1,9 +1,7 @@
 const jose = require("jose");
 const { v4: uuidv4 } = require("uuid");
 
-const secret = new TextEncoder().encode(
-  "cc7e0d44fd473002f1c42167459001140ec6389b7353f8088f4d9a95f2f596f2"
-);
+const secret = new TextEncoder().encode(process.env.FAKE_SSO_JWT_SECRET);
 
 const alg = "HS256";