 What is the best place to store app variables? |
|
Hi,
I am wondering what is the best practice to store app variables? For example API keys.
I am working on implementing the Stripe payment and I have found tutorials that either create a constant, or put the keys directly into the controller and I wonder if there is a reason for choosing one or the other? The idea to put them into .env is an added thought for the case when for instance, you need a different value depending on your environnement. I use in my projects env-staging and env-production to store some already, and depending on where I deploy, I create the .env file from one or the other. Thanks for sharing your thoughts
You should set the secret keys in Environment Variables.
If you set in app/Config/Constants.php or Controllers, all the people who can access the source code can get the secret keys. (10-14-2022, 12:47 AM)jetspeed Wrote:(10-08-2022, 02:49 AM)kenjis Wrote: You should set the secret keys in Environment Variables. If CI has been installed the correct way a .env file is just as save, the main difference is if the .env is publicly available it's readable PHP cannot be read by default (still possible with wrong configuration on server) it's processed.
You don't need to use .env file. You need to set environment variables.
If you don't use .env file, the hacker cannot read .env file.
Set environment variables on your server.
For example, on heroku you can set them from CLI command or Dashboard: https://devcenter.heroku.com/articles/co...onfig-vars Environment variables were used before .env file was invented. .env file is a way to set environment variables easily for developers. |
| Welcome Guest, Not a member yet? Register Sign In |
