Inject secret key at build time

modules/actions/showPublicKey.js

@@ -1,4 +1,4 @@
-import secretKey from '../secretKey';
+import { secretKey } from '../config';
 
 export default function showPublicKey(req, res) {
   res.send({ publicKey: secretKey.public });

modules/config.js

@@ -1,4 +1,10 @@
+import invariant from 'invariant';
+
 export const npmRegistryURL =
   process.env.NPM_REGISTRY_URL || 'https://registry.npmjs.org';
 
 export const origin = process.env.ORIGIN || 'http://localhost:5000';
+
+export const secretKey = process.env.SECRET_KEY;
+
+invariant(secretKey, 'Missing $SECRET_KEY environment variable');

modules/secretKey.js

@@ -1,31 +0,0 @@
-import fs from 'fs';
-import path from 'path';
-import forge from 'node-forge';
-import invariant from 'invariant';
-
-let secretKey;
-if (process.env.NODE_ENV === 'production') {
-  invariant(
-    process.env.PRIVATE_KEY,
-    'Missing $PRIVATE_KEY environment variable'
-  );
-
-  secretKey = {
-    public: fs.readFileSync(
-      path.resolve(__dirname, '../secret_key.pub'),
-      'utf8'
-    ),
-    private: process.env.PRIVATE_KEY
-  };
-} else {
-  // Generate a random keypair for dev/testing.
-  // See https://gist.github.com/sebadoom/2b70969e70db5da9a203bebd9cff099f
-  const keypair = forge.rsa.generateKeyPair({ bits: 2048 });
-
-  secretKey = {
-    public: forge.pki.publicKeyToPem(keypair.publicKey, 72),
-    private: forge.pki.privateKeyToPem(keypair.privateKey, 72)
-  };
-}
-
-export default secretKey;

modules/utils/auth.js

@@ -2,7 +2,7 @@ import crypto from 'crypto';
 import jwt from 'jsonwebtoken';
 
 import data from './data';
-import secretKey from '../secretKey';
+import { secretKey } from '../config';
 
 function getCurrentSeconds() {
   return Math.floor(Date.now() / 1000);