Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

j00rd's avatar
j00rd
OP
4 years ago
Level 2

Website works with API keys outside of .env in Laravel Forge

Hi,

I have recently deployed my first site with Laravel forge. It was the Video Game Aggregator series that I've been following with and have come to the end. Now trying to deploy the site I run in to a 500 server error when the access token and auth are in the .env file.

I hard coded the tokens into the HTTP headers rather than calling them from the .env file and the site works fully. I feel like I read it's bad practice to have the keys accessible in the main code so how would I go about fixing this with a live site when everything works locally with .env?

I've attached the example of how it works within the .env locally that is commented out & then how I got it to work.

 return Http::withHeaders([                            /* Use HTTP client with headers of API tokens from .env */
                /* 'Client-ID' => env('IGDB_KEY'),
                'Authorization' => env('IGDB_AUTH'), */
                'Client-ID' => 'loremipsumXYZ 								',
                'Authorization' => 'Bearer loremipsum123'
                

            ])
				 ->withBody(

IGDB_KEY=loremipsumXYZ 								#IGDB API Details
IGDB_AUTH="Bearer loremipsum"

Thanks!

0 likes
13 replies
Sinnbeck's avatar

You never use env directly as that breaks in production. Put them inside a config file like services.php and load them from there

'Client-ID' => config('services.igdb.key'),

And if you committed to git, be sure to change your keys

1 like
j00rd's avatar
j00rd
OP
4 years ago
Level 2

@Sinnbeck Can I just create a services.php if I don't have it? Is there a directory best suited to store it in if so.

j00rd's avatar
j00rd
OP
4 years ago
Level 2

@Sinnbeck Ah okay I see it thank you, and I'm fine to store the key directly in there and then call it from the view?

Sinnbeck's avatar

@j00rd no still from the env. The only place you can use env() are in those files. Look at the other examples and you can see that they all use env()

'igdb' => [
     'key' => env('IGDB_KEY'),
     'auth' => env('IGDB_AUTH')
]
j00rd's avatar
j00rd
OP
4 years ago
Level 2

@Sinnbeck

Sorry I've just been working on this and think I have misunderstood.

In my services.php I now have,

 'igdb' => [
        'Client-ID' => env('IGDB_KEY'),
        'Authorization' => env('IGDB_AUTH'),
    ],

In my controller I am calling them as you advised with,

return Http::withHeaders([                            /* Use HTTP client with headers of API tokens from .env */
                'Client-ID' => config('services.igdb.Client-ID'),
                'Authorization' => config('services.igdb.Authorization'),

            ])

And then in my env file I have the keys as before,

IGDB_KEY=loremipsumXYZ 								#IGDB API Details
IGDB_AUTH="Bearer loremipsum"

I did previously have it working with the keys hard coded in to the services.php like so but then my API key is shown when the project is cloned.

'igdb' => [
        'Client-ID' => loremipsumXYZ ,
        'Authorization' => 'Bearer loremipsum123',
    ],

Should I revert back to hard coded within services.php but then update my own personal key after I have commited to git? Is that what you meant with that comment.

Sorry for the confusion!

Sinnbeck's avatar
Sinnbeck
4 years ago
Best Answer
Level 102

@j00rd your above setup with config is correct, but I would use laravel naming convention

 'igdb' => [
        'key' => env('IGDB_KEY'),
        'auth' => env('IGDB_AUTH'),
    ],

And then

return Http::withHeaders([                            /* Use HTTP client with headers of API tokens from .env */
                'Client-ID' => config('services.igdb.key'),
                'Authorization' => config('services.igdb.auth'),

            ])

And that should work. Just make sure you redo your cache in production ! php artisan config:cache

1 like
j00rd's avatar
j00rd
OP
4 years ago
Level 2

@sinnbeck

Sorry if it's a stupid question but using Laravel forge with github for production, as the env file isn't sent how can it retrieve the key from

  'key' => env('IGDB_KEY'),
   'auth' => env('IGDB_AUTH'),
Sinnbeck's avatar

@j00rd forge still uses your env file. You get data from config by using config('services.igdb.key'). You can always use tinker to check you get the expected value

j00rd's avatar
j00rd
OP
4 years ago
Level 2

@Sinnbeck if I do that I get a 500 server error which is the error I was initially getting.

In my head it's because the .env file isn't in my GitHub repo - https://github.com/JordHemsworth/GameAPI -

So it can't access env('IGDB_KEY'). I've changed it to the laravel naming convention.

I understand I would get the data from config using config('services.igdb.key') but I don't understand how services.php can get the data initially from the .env if it is not on GitHub?

 'igdb' => [
        'key' => env('IGDB_KEY'),
        'auth' => env('IGDB_AUTH'),
    ],
Sinnbeck's avatar

@j00rd your forge server does not read the files directly from github. It reads them from disk. If I recall correct there is a button on the forge dashboard to edit this file on the server

j00rd's avatar
j00rd
OP
4 years ago
Level 2

@Sinnbeck Ahhh, thank you so much.

I appreciate the time you've spent helping me here. It's my first time using Forge so I wasn't too sure how it worked with me using the rapid deployment.

I've found the .env file and have sorted it!

Please or to participate in this conversation.