Securing Express APIs: Using the DotEnv library to keep secrets safe (What-Why-Where-How)

This video is a live coding tutorial held during one of my full-stack web development courses. It is part of a full series on Securing Express API applications. In this video we run through the process of setting up a .env file to be read by the DotEnv NPM package, adding a .gitignore file to the project so that the .env will not be added to git repositories, and adding a config module responsible for reading the environment variables. The concepts surrounding each of the steps above are covered in great detail in order to make sure that my students understand the why behind the process rather than just doing.

Please keep in mind that this is a live coding session and therefore the quality is not necessarily of production value.