+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Model-View-Controller (https://forum.codeigniter.com/forumdisplay.php?fid=10)
+--- Thread: What is the best place to store app variables? (/showthread.php?tid=83593)
What is the best place to store app variables? - kcs - 10-08-2022
Hi,
I am wondering what is the best practice to store app variables? For example API keys.
- Is it in the app/Config/Constants.php file?
- Or directly into the Controller where you use them?
- Or is it in the .env file and then you can access it using getenv() where you need it?
I am working on implementing the Stripe payment and I have found tutorials that either create a constant, or put the keys directly into the controller and I wonder if there is a reason for choosing one or the other?
The idea to put them into .env is an added thought for the case when for instance, you need a different value depending on your environnement. I use in my projects env-staging and env-production to store some already, and depending on where I deploy, I create the .env file from one or the other.
Thanks for sharing your thoughts
RE: What is the best place to store app variables? - kenjis - 10-08-2022
You should set the secret keys in Environment Variables.
If you set in app/Config/Constants.php or Controllers, all the people who can access the source code
can get the secret keys.
RE: What is the best place to store app variables? - kcs - 10-08-2022
(10-08-2022, 02:49 AM)kenjis Wrote: If you set in app/Config/Constants.php or Controllers, all the people who can access the source codeOh that's indeed a good point. Thanks
can get the secret keys.
RE: What is the best place to store app variables? - jetspeed - 10-14-2022
(10-08-2022, 02:49 AM)kenjis Wrote: You should set the secret keys in Environment Variables.
If you set in app/Config/Constants.php or Controllers, all the people who can access the source code
can get the secret keys.
But won't the same hacker have access to the .env file?
RE: What is the best place to store app variables? - superior - 10-17-2022
(10-14-2022, 12:47 AM)jetspeed Wrote:(10-08-2022, 02:49 AM)kenjis Wrote: You should set the secret keys in Environment Variables.
If you set in app/Config/Constants.php or Controllers, all the people who can access the source code
can get the secret keys.
But won't the same hacker have access to the .env file?
If CI has been installed the correct way a .env file is just as save, the main difference is if the .env is publicly available it's readable PHP cannot be read by default (still possible with wrong configuration on server) it's processed.
RE: What is the best place to store app variables? - kenjis - 10-17-2022
You don't need to use .env file. You need to set environment variables.
If you don't use .env file, the hacker cannot read .env file.
RE: What is the best place to store app variables? - kcs - 10-17-2022
@kenjis how do you do that without using .env file? I am a bit confused with that option
RE: What is the best place to store app variables? - kenjis - 10-18-2022
Set environment variables on your server.
For example, on heroku you can set them from CLI command or Dashboard:
https://devcenter.heroku.com/articles/config-vars#managing-config-vars
Environment variables were used before .env file was invented.
.env file is a way to set environment variables easily for developers.
RE: What is the best place to store app variables? - kcs - 10-18-2022
I see. Thanks