It’s not a good practice to store your password in the code. It is a well-known fact, and on multiple occasions, people get hacked because they share their code (and passwords) accidentally with others.
Many bots are just browsing GitHub for lost
GCE credentials. I’m going to show you how to pass your
AWS_SECRET_ACCESS_KEY to PHP.
getenv() function is not secure. It’s not possible to read variables to PHP from the outside. So, if you want to pass variables to PHP from the outside, you have to use
putenv() function. Which doesn’t make much sense - or you can just set them up in your PHP configuration.
The other solution is to use
.env files and read variables in PHP.
.env files are just plain text files with variables. They are a little more secure, but they are still files you can accidentally drop into your source code repository.
Locate the config file and open it.
Find env section, and drop variables directly there:
don’t forget restart
and now you can reach your variables from PHP code directly: