Where to save sensitive data?

Hello everyone.
What is the best way to keep sensitive data like passwords, api-keys ... inside the framework?
Where to save them? inside config files or only inside .env file?

Thanks in advance!

For the database I use .env. The main reason is because I don't save this file in my repository. Each environment have their own file (development, production).

If you don't need this information all the time, like for an api key, I'd say use a config file and load it only when needed. Also, make sure the file permissions on the server are correct and not visible to other users. Something like 0600 to be read/write only by the owner. If you're a team working on the same project, not all developers need to know all the passwords. Especially on the production server.

In any case, never save passwords or api keys in git or svn.

CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
/*** NO support in private message - Use the forum! ***/

For the database I use .env. The main reason is because I don't save this file in my repository. Each environment have their own file (development, production).

If you don't need this information all the time, like for an api key, I'd say use a config file and load it only when needed. Also, make sure the file permissions on the server are correct and not visible to other users. Something like 0600 to be read/write only by the owner. If you're a team working on the same project, not all developers need to know all the passwords. Especially on the production server.

In any case, never save passwords or api keys in git or svn.

Thank you for your answer.