Using Environment variables in WordPress wp-config

I’m using phpfog.com for hosting and github.com for issue tracking, etc.
I have two remotes setup, one to phpfog.com, and the other to github.

In the back-end admin of phpfog you can define Environment Variables. I did so there and want to use them in my wp-config file.

Read More

Here’s the code I used:

/** Hardened Salts for use on github.com, phpfog.com, etc.*/
$AUTH_KEY = getenv('AUTH_KEY');
$SECURE_AUTH_KEY = getenv('SECURE_AUTH_KEY');
$LOGGED_IN_KEY = getenv('LOGGED_IN_KEY');
$NONCE_KEY = getenv('NONCE_KEY');
$AUTH_SALT = getenv('AUTH_SALT');
$SECURE_AUTH_SALT = getenv('SECURE_AUTH_SALT');
$LOGGED_IN_SALT = getenv('LOGGED_IN_SALT');
$NONCE_SALT = getenv('NONCE_SALT');
define('AUTH_KEY', $AUTH_KEY);
define('SECURE_AUTH_KEY', $SECURE_AUTH_KEY);
define('LOGGED_IN_KEY', $LOGGED_IN_KEY);
define('NONCE_KEY', $NONCE_KEY);
define('AUTH_SALT', $AUTH_SALT);
define('SECURE_AUTH_SALT', $SECURE_AUTH_SALT);
define('LOGGED_IN_SALT', $LOGGED_IN_SALT);
define('NONCE_SALT', $NONCE_SALT);

There must be a cleaner way of doing this…

Related posts

Leave a Reply

4 comments

  1. You could make it half as long by passing the function result as a constant value without intermediate variable:

    define('AUTH_KEY', getenv('AUTH_KEY'));
    

    Or do that in a loop:

    $vars = array('AUTH_KEY', 'SECURE_AUTH_KEY', ...);
    foreach ($vars as $var) {
        define($var, getenv($var));
    }
    
  2. From WordPress 5.5.0

    WordPress has added a new function for the environment variables with 3 different possible values.

    You can use wp_get_environment_type() function to get the current environment.

    Usage example:

    If(wp_get_environment_type() === 'development') {
     // do something
    } else {
     // do something
    }
    

    By default, if WP_ENVIRONMENT_TYPE is empty or invalid ( anything except development, staging & production), production is returned.

    You can define development or staging environment through the wp-config.php file.

    define( 'WP_ENVIRONMENT_TYPE', 'development' );
    
  3. I prefer to use this approach below:

    <?php
    
    //GET HOSTNAME INFO
    $hostname = $_SERVER['SERVER_NAME']; 
    
    //VERIFY WHICH ENVIRONMENT THE APP IS RUNNING
    switch ($hostname) {
        case 'development.dev':
            define('WP_ENV', 'development');
            define('WP_DEBUG', true);
            break;
        case 'staging.mywebsite.com':
            define('WP_ENV', 'staging');
            define('WP_DEBUG', true);
            break;
        case 'www.mywebsite.com':
            define('WP_ENV', 'production');
            define('WP_DEBUG', false);
            break;
        default:
            define('WP_ENV', 'production');
            define('WP_DEBUG', false);
    }
    
    ?>
    
  4. The best way to use environment variables to control your WP environment is by using DotEnv ( https://github.com/vlucas/phpdotenv )

    This approach is laid out in a blog post: https://m.dotdev.co/secure-your-wordpress-config-with-dotenv-d939fcb06e24

    The basic approach is to create an .env file in the root of your site with the environment variables.

    However there are a few problems with the blog post as DotEnv version 5 no longer uses environment variables by default.

    So instead of the code used in the blog post, use this at the top of your wp-config.php file…

    $app_env = getenv("APP_ENV");
    $file = $app_env == null ? ".env" : ".env.".$app_env;
    if(file_exists(__DIR__.'/'.$file))
    {
        require_once(__DIR__ . '/vendor/autoload.php');
        (DotenvDotenv::createUnsafeImmutable(__DIR__,$file))->load();
        error_log("Environment loaded from ".$file);
    } else {
        error_log("*WARNING* environment file not found: ".$file);
    }
    

    The .env file looks like this…

    # MySQL settings
    
    DB_NAME=wpbench
    DB_USER=wpuser
    DB_PASSWORD=password
    DB_HOST=localhost
    DB_CHARSET=utf8
    DB_COLLATE=
    

    Defining the constants in the wp-config.php file looks like this…

    /** The name of the database for WordPress */
    define( 'DB_NAME', getenv('DB_NAME'));
    
    /** MySQL database username */
    define( 'DB_USER', getenv('DB_USER'));
    
    /** MySQL database password */
    define( 'DB_PASSWORD', getenv('DB_PASSWORD'));
    
    /** MySQL hostname */
    define( 'DB_HOST', getenv('DB_HOST'));
    
    /** Database Charset to use in creating database tables. */
    define( 'DB_CHARSET', getenv('DB_CHARSET'));
    
    /** The Database Collate type. Don't change this if in doubt. */
    define( 'DB_COLLATE', getenv('DB_COLLATE'));
    

    Use the APP_ENV variable to switch between variable sets. For example create .env.production and .env.staging files. If the .env file does not exist then the values are pulled from the environment which works well for cloud deployment.