pm2 icon indicating copy to clipboard operation
pm2 copied to clipboard

Published 20 hours ago verified publisher icon Unitech

Disabling or restricting `pm2 env` command

Open trekze opened this issue 2 years ago • 2 comments

We're being very careful about not leaking credentials on our infrastructure, so we use encryped env files (decrypt, set variables, run long-living app, then unset variables). So a different login won't have access to env variables (not set in .profile).

Problem is pm2 env exposes the env variables to any login session.

Is there any way to disable or restrict pm2 env?

Thanks

trekze avatar Aug 17 '22 14:08 trekze

Good question. I would like to know how to restrict or prevent pm2 env to expose the env variables.

raaha avatar Sep 15 '22 14:09 raaha

Hey @trekze. How are you loading your variables?

I created a new instance for tests:

  1. The first time I loaded the variables using the .env file. And I couldn't retrieve the variables using pm2 env.
  2. The second time I loaded the variables via command line ex.: PORT=3000 pm2 start HTTP_API

I'm thinking that using the .env file and the dotenv vault to encrypt it is the way to go. Are you already try to use dotenv vault?

raaha avatar Sep 15 '22 17:09 raaha