Correct implementation of phpdotenv with Kirby?

Kirby 4 Question❓
1

As per this conversation from some time ago: Github Repo Security Advice - #6 by texnixe

I was wondering about implementing phpdotenv so I can set some third party keys to use with Kirby.

I modified my /index.php to include the autoload and dotenv but wondered if this is a bad practice as it would be loaded on every single request?

// index.php
<?php
require __DIR__ . "/vendor/autoload.php";
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__);
$dotenv->load();

require "kirby/bootstrap.php";

echo (new Kirby())->render();

This does indeed work and I can call $_ENV['SECRET'] wherever I need in the app, I was just wondering if:

  1. Is this a poor practice somehow?
  2. Is it wrong/problematic to require the composer autoload here?

I suppose I could also just use GitHub - bnomei/kirby3-dotenv: Kirby 3 Plugin for environment variables from .env but wondered nonetheless.

2

:bowing_man: oh of course, just including it below the bootstrap works :man_facepalming:

// index.php
<?php
require "kirby/bootstrap.php";

$dotenv = Dotenv\Dotenv::createImmutable(__DIR__);
$dotenv->load();

echo (new Kirby())->render();

Though I suppose I’m still curious if there’s any reason not to do this here (I can’t seem to think why not)

3

I would suggest instead to use the dotenv plugin

Making changes to the index.php file will likely get lost when you next update kirby.

4

No, it won’t. An update updates the /kirby folder, not your index.php or any other files. After all, if you use a custom folder setup, you also make changes to this file.

Nonetheless I think this should be in a plugin and not in index.php.

However, Kirby offers an alternative to .env with the env.php file: Configuring Kirby | Kirby CMS

1 Like
5

Oh yes of course, I use composer to upgrade and forgot the custom folder setup involed modifying that file.