configurable empty values

Question

configurable empty values

rossvz opened this issue 6 years ago · 5 comments

Is there any way to configure which specific values are allowed to be empty? For example, on my local machine my DB password is '' (empty string), but I want to ensure that we don't accidentally set a production DB password, or other ENV variables to empty string, since those could cause failure.

Perhaps this could be implemented with allowEmptyValues to either be a boolean or an array of env keys?

require('dotenv-safe').config({ allowEmptyValues: [ 'DB_PASSWORD' ] })

Answer 1 · 2018-10-23T09:59:03.000Z

I like the idea, and I will think about it. Another option might be to also allow passing in a function that returns true/false based on the key name or something like that.

Answer 2 · 2018-10-31T21:22:43.000Z

That's an interesting idea too. Ideally you could have some pattern matching/regex on the input, so something like:

require('dotenv-safe').config({ allowEmptyValues: [ 'DB_*' ] })

Of course, if it's a validator function, that logic could be implemented by the user.

Answer 3 · 2018-12-11T03:33:52.000Z

The snippets above wouldn't work with ES6 imports.

Why not let the value be empty by default as long as it's explicitly written in the .env? I mean, suppose we have .env.example like this:

DB_PASSWORD=

Then, as far as .env contains a line DB_PASSWORD=, we may assume it's intentionally empty. On the other hand, if it's simply not present, throw the error as usual.

Answer 4 · 2019-04-26T18:33:44.000Z

On second thought, I'm not convinced that needing an empty password is a good enough use case to warrant this feature. Empty credentials are a security anti-pattern, as it's trivial to generate random credentials.

If anyone feels strongly about this or has another use case for it, happy to talk about it.

Answer 5 · 2019-09-29T09:57:12.000Z

@rolodato I need this for a use-case with a token for external error reporting in my prod apps, and the development env won't have it.