PHP environment variables

cworrell

Hi, it would be neat to have option to set environment variables for PHP scripts to access through either the PHP-FPM+Apache or PHP-FPM+Nginx applications.

Currently we are using dotenv (.env) method, but it apparently isn't recommended for production. Using a private Apache/Nginx process we could use SetEnv VARIABLE value syntax, or fastcgi_param VARIABLE value, but would be nice to be able to manage these through the UI while editing an application.

sean

cworrell We've got an internal ticket open for something like this already so I'll add your comments to that. Thanks for the suggestion!

anjanesh

I somehow thought that dotenv was secure enough considering Laravel uses dotenv - https://laravel.com/docs/9.x/configuration#environment-configuration

cworrell

@anjanesh it's mostly recommended for development. There used to be a notice on Laravel's documentation page:

phpdotenv is made for development environments, and generally should not be used in production. In production, the actual environment variables should be set so that there is no overhead of loading the .env file on each request.

I guess they've removed that since they now have an .env encryption helper for even adding the file to git, and they cache the values so the file isn't read every request. But still, reading environment variables directly from the real environment (the server) is best practice and most secure.

While I'm here, @sean, any updates on a timeline for this? Thank you.

sean

cworrell @sean, any updates on a timeline for this?

nope, sorry.

cworrell

Just realized this may not be as "simple" as I imagined, as our use case currently would need those variables exposed for the PHP CLI and through Apache per application. So I'm not sure how doable that would be in a shared hosting scenario.

sean

cworrell if you use a separate shell user and a private PHP-FPM stack on Nginx or Apache for each app then you could set the variables in the shell config and Apache/PHP config for each app (as you described back in February).