Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I have a edge device running a web server application based on laravel, the question is the following, what is the best way to deploy and maintain enviroment variables in a secure way and update the .env file. keep i'n mind we it's a edge device in the IoT world.
I guess you are concern about the database username/password, you may hardcode it in config or any file you want.... but this is php, as long as the server is accessible meant it's visible...
perhaps consider make the device as client only store the token and make request to the centralized server which is safe and protected, and let the server to control the token generation.
@socieboy I imagine you wouldn’t use environment variables like this, but some sort of other runtime configuration. I think Firebase uses something similar where devices can ask Firebase for the configuration they need at runtime.
Think of any other IoT device. Does an Amazon engineer knock on your door to ask to update an environment variable on your Alexa device? No. The Alexa device will connect to a network and retrieve its configuration from there. The server can then also push configuration updates and the Alexa device will periodically fetch the latest values.
@siangboon @martinbean , i appreciate your help, what you are suggesting was my first idea too, making a request to the central app (cloud) and retrieve all credentials in runtime to the edge devices. However to make that initial request to the cloud api, i will need a api token or something, and that information should not be stored in the git repository either, so i guess at this point, the first request probably needs to have other way to validate a secure/valid request and not a only an api token, probably a serial number of the edge device. What are your recommendations?
@socieboy I’ve admittedly not done a lot with IoT devices but each device will have an identifier, yeah. When the device comes online it’ll essentially “call home” to Amazon, and then Amazon will determine whether that device should be authorised or not.
They’ll of course be some form of protection around this call. I imagine either encryption or an SSL certificate (or both) so I can’t knock up something with an Arduino board and make a HTTP request to Amazon saying, “I’m Echo device with [insert real device ID here], honest!”
Once a device is “on the network” so to speak, it will then be able to receive configuration updates etc.
Please or to participate in this conversation.