Utilizing the serverless-mysql library, I have successfully connected my next app to a remote MySQL DB through an SSH tunnel with the ssh2 library. Although everything is functioning properly, I am looking to enhance the security of my code by removing the environment variables from my next.conf.js file before pushing it to a public repository. My current next.config.js file appears as follows:
module.exports = {
webpack(config) {
config.module.rules.push({
test: /\.svg$/,
use: ["@svgr/webpack"]
});
config.node = {
fs: 'empty',
net: 'empty',
tls: 'empty'
}
return config;
},
webpackDevMiddleware: config => {
return config
},
env: {
SSH_PASS:'supersecretpassword',
SSH_USER:'root',
SSH_HOST: 'XXX.XXX.XXX.XXX',
MYSQL_HOST:'127.0.0.1',
MYSQL_DATABASE:'databasename',
MYSQL_USERNAME:'username',
MYSQL_PASSWORD:'dbpassword',
GOOGLE_CLIENT_ID:'xxxxxx',
GOOGLE_CLIENT_SECRET:'xxxxxx',
NEXTAUTH_URL: 'http://localhost:3000/',
}
};
To address this concern, I created a .env file in the project root and input the following values:
SSH_PASS="supersecretpassword"
SSH_USER="root"
SSH_HOST="XXX.XXX.XXX.XXX"
MYSQL_HOST="127.0.0.1"
MYSQL_DATABASE="databasename"
MYSQL_USERNAME="username"
MYSQL_PASSWORD="dbpassword"
GOOGLE_CLIENT_ID="xxxxxx"
GOOGLE_CLIENT_SECRET="xxxxxx"
NEXTAUTH_URL=http://localhost:3000/
After making these changes, I encountered an error message when attempting to query the database:
sqlMessage: 'Client does not support authentication protocol requested by server; consider upgrading MySQL client'
I researched the error and attempted various solutions such as ALTER USER and updating the password. However, I suspect that the issue lies elsewhere since the configuration remains consistent and functional with both setups. I even verified this by logging the connection object during the DB connection.
Is there any discernible distinction between loading environment variables from a .env file versus retrieving them from next.config.js?
I appreciate your assistance!