Secrets Management
DotEnv File
This approach is inspired by how usually developers manage secrets in their source code.
In this approach, you can store all your secrets in a .env
file at the root of your collection folder.
Bruno will automatically load the secrets from this file and make them available to your collection via process.env.<secret-name>
.
Your environment file at environments/local.bru
would look like
local.bru
vars {
host: http://localhost:5005
jwtToken: {{process.env.JWT_TOKEN}}
}
And now you can safely check in your collection to source control without worrying about exposing your secrets.
Don't forget to add .env
to your .gitignore
file.
You can store a .env.sample
file in your collection folder to help other developers get started with the collection.