Some questions:
Where to store the secret key for the secrect storage?
How do you version and deploy the secrets?
How do you share the secrets in a team; per version and environment (dev, test, staging, prod)?
Environment variables are some kind of a "system wide global variable"
and not threat safe (see Laravel) in PHP. I would therefore not recommend it.
I came to the conclusion that a simple env.php is safe enough and works everywhere. This file is excluded via .gitignore. A developer can copy a versioned template of this file (example.env.php) and adapt it to his needs.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Some questions:
Where to store the secret key for the secrect storage?
How do you version and deploy the secrets?
How do you share the secrets in a team; per version and environment (dev, test, staging, prod)?
Environment variables are some kind of a "system wide global variable"
and not threat safe (see Laravel) in PHP. I would therefore not recommend it.
I came to the conclusion that a simple
env.php
is safe enough and works everywhere. This file is excluded via.gitignore
. A developer can copy a versioned template of this file (example.env.php
) and adapt it to his needs.