Setting Up Honeypot Security for Server Environment Variables
00:00 First, let's go over to our ENV server, and we're going to add a honeypot secret z.string to our validation to make sure that we have the honeypot secret environment variable set up. Because if that environment variable is not set up, then we're gonna be in a bit of a bind. So that we're gonna have set up.
00:19 We do this validation in this init, which is gonna be called inside of our server entry. So once that has been validated, we can then use that in here with the encryption seed option, which will be set to process env.honeypotsecret. That's gonna be auto-completed for us there. So once we have that all set up,
00:39 we can start up our server. Here we go. And we're actually gonna run into a bit of a problem with our server startup. Let's look at our logs. Oh no, our honeypot secret is required. We are not setting it. So in production, you're gonna have your, whatever mechanism you have to create these environment variables.
00:57 And then during local development, it's a pretty common practice to use a .env file. So I'll put that right there and set our honeypot secret to super secret or something. It doesn't actually matter because this is all running locally. When you generate it for production, you probably should use some sort of open SSL
01:17 or even just the onepassword.com password generator. Works just fine. But you wanna have some really long secret that nobody could possibly remember anyway, and then save that away somewhere safe. There are other services that you can use and other mechanisms for like retrieving secrets at the startup time.
01:37 And you can get really complicated and secure with this. But for just starting out, having a .env file that is not committed to source control, and then you share these secrets on a need-to-know basis, it's a fine way to start. And then, yeah, definitely something
01:55 to go a little deeper on. So with this set up now, I can restart my server. So let's stop the app, start it up again. And now that we have that and our app is loading our .env file properly, then we have our honeypot secret defined
02:14 and we can use that as part of our encryption seed. And so now let's turn the configuration for that off again, just so we can test this out. We've got our values specified in here. Now it's actually kind of difficult to actually test this. You'd have to pull up two versions of the app with the same secret and make sure
02:34 that they both validate for each other. But just believe me, it will work. So in a quick review, there's actually not a whole lot we did here. We added a .env to configure our honeypot secret for local development. And then however you deploy this, you're gonna wanna set that secret in that environment as well.
02:52 And then we have our honeypot secret validation in our .env, or our env.server file in our utils. And then we use that in our honeypot server for our encryption seed. And that is getting things working so that you can do horizontal scaling for your app.