| best way to store tokens and api keys? |
|
good morning,
i have a little question. what is the best way in codeigniter 4 to keep tokens and passwords safe? for example, in one of my portals, i use PayPal API. Currently i have a sort of config.php where inside i define a constant called: token to which i assign the value. when i need the token, i call the constant. the problem is that in case of direct access to the files that are on the server, anyone can see the token in clear. the other path i had taken was to create a table and insert in MySql all the various tokens of the different services, obviously encrypted in MD5. in this case, when i need the token, i call it directly through a query. what do you think is the best method? is there a safe place in codeigniter to store this type of data?
File .env or in apache2 vhosts ENV. Access denied from browser.
understood. so in .env I declare the constant ApiToken and in the controller I can call it.
something like: DEFINE $token = ASD; and in controller I can use $token.
(09-22-2024, 02:29 AM)elbambolo Wrote: good morning, (09-26-2024, 12:00 PM)elbambolo Wrote: understood. so in .env I declare the constant ApiToken and in the controller I can call it.Very cool, I'm also looking for a way to secure API keys in CodeIgniter 4. Have you tried saving tokens in environment variables (.env)? I heard that it's a safe and popular way, but I'm not sure if there's anything special to note with CI4?
As others have stated, the .env file is the best place to store tokens, passwords, API keys, etc.
You can access these variables by using the getenv() function. So if you have an API key you want to use you could do something like $ApiKey = getenv('ApiKey') |
| Welcome Guest, Not a member yet? Register Sign In |
MENU
EXTRA MENU
ABOUT US
CodeIgniter is a powerful PHP framework with a very small footprint, built for developers who need a simple and elegant toolkit to create full-featured web applications.
