Managing & using secret tokens and environment variables

If your integration is making requests to an API which requires an authorization token, that token can be securely stored and used through IFX. You may also have variables you need to define which change per environment, such as an API host URL. In this guide we will show you just how to handle these values.

IFX securely stores secrets for you in the format of name:value. While values can be modified, they will never be output once they’re stored.

Manging secrets with the Arc XP CLI or the IFX API

You have two options for managing your integration secrets:

1. The Arc XP CLI
2. The IFX API

Environment configuration

The Node SDK allows clients to specify environment-specific configuration via dotenv files in the root directory of the running application. Expected folder structure:

• .env.development
• .env.production
• .env.sandbox
• .gitignore
• README.md
• package.json
• Directorysrc

  • DirectoryeventsHandlers

    • defaultHandler.js

Utilize the .env.{environment} files in the root directory of your integration to provide environment specific configuration to your application. Do not store secrets or api keys in these files.

Tip

You can use the Secrets Manager not only for secrets but also for environment variables - making it easy to adjust values without a new code deployment.

Things to Know

• When developing on your local machine, values of your variables will be taken from .env file. This file should be included in .gitignore and should never be checked in to your repo.
• When developing on sandbox or production, values of your variables will be taken from Secrets Manager.
• You can use any .env file to store non-sensitive data such as API domains.

Caution

If you accidentally commit secret or sensitive information, be sure to squash that commit so it does not exist in your repo.

Secrets and variables on local environment

On local environment, the value will be taken directly from the .env file. Create a file in the root of your project called .env if you do not already have one. Inside of that file, define variables as needed. This file can be used to define variables that differ by environment, a URL for example. Within your code, the key is accessed by using process.env.[{key}].

.env

mytoken=12345
contentApiHost=https://api.sandbox.{myOrg}.arcpublishing.com
console.log(process.env['mytoken'])
// Output: 12345

console.log(process.env['contentApiHost'])
// Output: https://api.sandbox.{myOrg}.arcpublishing.com

Secrets and variables on sandbox and production

On Sandbox and Production environments, the value will be taken from Secrets Manager.

To add a new secret, send a POST to /admin/secret:

{
  "secretName": "mytoken",
  "secretValue": "67890"
}

caution

Remove console logs with sensitive information before committing or deploying code.

Example of using secrets within a request

myHandler.js

const ARC_PERSONAL_ACCESS_TOKEN = process.env['mytoken']

const response = await axios.get(someUrl, {
  headers: {
    Authorization: `Bearer ${ARC_PERSONAL_ACCESS_TOKEN}`
  }
})

---

Have a feature request or suggestion? Let us know on Our Ideas Portal.