#

Environment Files

When NativePHP bundles your application, it will copy your entire application directory into the bundle, including your .env file.

This means that your .env file will be accessible to anyone who has access to your application bundle.

So you should be careful to not include any sensitive information in your .env file, such as API keys or passwords. This is quite unlike a traditional web application deployed to a server you control.

If you need to perform any sensitive operations, such as accessing an API or database, you should do so using a separate API that you create specifically for your application. You can then call this API from your application and have it perform the sensitive operations on your behalf.

See Security for more tips.

#

Removing sensitive data from your environment files

There are certain environment variables that NativePHP uses internally, for example to configure your application's updater, or Apple's notarization service.

These environment variables are automatically removed from your .env file when your application is bundled, so you don't need to worry about them being exposed.

If you want to remove other environment variables from your .env file, you can do so by adding them to the cleanup_env_keys configuration option in your nativephp.php config file:

 1/**
 2 * A list of environment keys that should be removed from the
 3 * .env file when the application is bundled for production.
 4 * You may use wildcards to match multiple keys.
 5 */
 6'cleanup_env_keys' => [
 7    'AWS_*',
 8    'DO_SPACES_*',
 9    '*_SECRET',
10    'NATIVEPHP_UPDATER_PATH',
11    'NATIVEPHP_APPLE_ID',
12    'NATIVEPHP_APPLE_ID_PASS',
13    'NATIVEPHP_APPLE_TEAM_ID',
14],