When NativePHP bundles your application, it will copy your entire application directory into the bundle, including your
file. This means that your
.env file will be accessible to anyone who has access to your application bundle.
You should be careful to not include any sensitive information in your
.env file, such as API keys or passwords.
Unlike a traditional web application, your
.env file can be read by anyone who has access to your application bundle.
If you need to perform any sensitive operations, such as accessing an API or database, you should do so using a separate API that you create specifically for your application. You can then call this API from your application and have it perform the sensitive operations on your behalf.
#Removing sensitive data from your environment files
There are certain environment variables that NativePHP uses internally, for example to configure your application's updater, or Apple's notarization service.
These environment variables are automatically removed from your
.env file when your application is bundled, so you
don't need to worry about them being exposed.
If you want to remove other environment variables from your
.env file, you can do so by adding them to the
cleanup_env_keys configuration option in your
nativephp.php config file:
1/** 2 * A list of environment keys that should be removed from the 3 * .env file when the application is bundled for production. 4 * You may use wildcards to match multiple keys. 5 */ 6'cleanup_env_keys' => [ 7 'AWS_*', 8 'DO_SPACES_*', 9 '*_SECRET',10 'NATIVEPHP_UPDATER_PATH',11 'NATIVEPHP_APPLE_ID',12 'NATIVEPHP_APPLE_ID_PASS',13 'NATIVEPHP_APPLE_TEAM_ID',14],