Environment Management 🔐

Manage configuration safely with .env files, build config services, and handle environment-specific settings for dev, staging, and production.

What You'll Learn in This Lesson

• Why hardcoded credentials are dangerous
• Parse .env files with vlucas/phpdotenv
• Build a typed config service with defaults
• Manage different environments (dev/staging/prod)
• Keep secrets out of git with .env.example patterns

Note: PHP runs on a server. Our examples simulate PHP logic using JavaScript. To run real PHP, install PHP.

🎯 Real-World Analogy: Environment variables are like a locker combination. You don't write it on the locker itself (hardcoded). You keep it in your wallet (env file) and give a different combination to each locker room (environment). The .env.example file is like saying "you need a 4-digit combination" without revealing the actual numbers.

.env Files & Typed Access

The .env file stores key-value pairs that change between environments. The vlucas/phpdotenv package loads these into $_ENV and getenv(). Always provide defaults for non-critical settings and throw errors for required ones like database credentials.

Try It: .env Parser

Parse environment files with typed getters and validation

Try it Yourself »

JavaScript

// Environment Variables & Configuration Management
console.log("=== The Problem: Hardcoded Credentials ===");
console.log();
console.log("  // ❌ NEVER do this in real code:");
console.log("  \$dbHost = 'production-db.aws.com';");
console.log("  \$dbPass = 'super_secret_password_123';");
console.log("  \$apiKey = 'sk-live-abc123xyz';");
console.log();
console.log("  Why it's dangerous:");
console.log("  • Credentials in git history forever");
console.log("  • Same creds for dev/staging/productio
...

Config Services & Environments

Organized applications group related settings into config files (database.php, mail.php, cache.php) that read from environment variables. This separates "what can change" (env vars) from "how it's structured" (config files), making deployments safe and predictable.

Try It: Environment Comparison

Compare dev, staging, and production configurations side by side

Try it Yourself »

JavaScript

// Config Service Pattern & Environment-Specific Settings
console.log("=== Config Service: Organized Configuration ===");
console.log();

class ConfigService {
  constructor(env) {
    this.env = env;
    this.configs = {};
  }

  register(name, config) {
    this.configs[name] = config;
    console.log("  📦 Registered config: " + name);
  }

  get(path) {
    let parts = path.split(".");
    let current = this.configs[parts[0]];
    for (let i = 1; i < parts.length; i++) {
      if (current ==
...

⚠️ Common Mistakes

⚠️

Committing .env to git — Even if you delete it later, it's in git history forever. Add .env to .gitignore before your first commit.

⚠️

Using env() in config files everywhere — Call env() only in config files, then use config('database.host') in your app. This enables config caching in production.

💡

Pro Tip: Use Dotenv::createImmutable() to prevent code from overwriting env vars — this ensures server-level env vars take priority over .env file values.

📋 Quick Reference — Environment Management

Concept	Description
.env	Environment-specific config (never commit)
.env.example	Template showing required vars (commit this)
getenv()	PHP built-in to read environment variables
phpdotenv	Library to load .env files into PHP
$_SERVER	Superglobal containing server env vars

🎉 Lesson Complete!

You can now manage configuration securely! Next, learn to integrate payment gateways like Stripe and PayPal.