Sign Up Sign In

How to store credentials for PHP scripts on a Windows machine?


I have a number of command line PHP scripts that are either run by a user or by Windows Task Scheduler.

These scripts use DB and API credentials and I am wondering if there is a better way of storing said credentials than configuration files outside of the Git repository?

Why should this post be closed?

1 comment

IMHO, configuration files outside Git are the way to go. The only other thing is to make sure they are not in any web-accessible directory - i.e., so that a messed up web page won't get easy access. ‭manassehkatz‭ about 1 month ago

1 answer


Solution 1: Honestly, it is a best practice used by current frameworks (symfony, laravel) to use an .env file that you will have into the .gitignore. On the otherside, you will commit a .env.dist or .env.example file with the basic template of your file.

Exanple of a DB .env.dist file:


Solution 2: Another way of doing would be to store into the system itself environment variables, this is often used when you're deploying onto a production server and you don't wan't to share an .env file over the internet. So they will be manually input on the host machine.

After that you can access those variables with getenv('your_var') or using the alias $_SERVER['your_var'] or $_ENV['your_var']


Sign up to answer this question »