What does deploy ready even mean.
It means that your application should be able to be deployed in any environment without changing the application code.
To make sure your application is deploy ready, things that can change between deploys(staging, alpha or production) should not be hard coded in your app.
I know you have come across or even written code like the one below while trying to make a database connection.
class Database
{
public function connect($host, $user, $password)
{
$pdo = new PDO("mysql:host=$host;dbname=myDB", $user, $password);
return $pdo;
}
}
$db = new Database();
$db->connect("localhost", "root", "password");
There are two things wrong with the above approach:
- You are hard-coding and exposing your database login credentials, which is just insecure
- When you deploy your app to other environments you have to edit the connection code so that connection doesn't fail (unless that environment has the exact config)
To remedy the above code, you need a way to supply the credentials without hard coding them. This is achievable by using environment variables.
An environment variable is a dynamic-named value that can affect the way running processes will behave on a computer. In your case the dynamic value would be database username, address, password
Setting the environment variables
If you own the server you will be deploying to you can set the environment variables as below.
On windows server
setx DB_NAME test
setx DB_HOST localhost
setx DB_PASSWORD password
On ubuntu server
- Open a terminal (by pressing CtrlAltT)
- sudo -H gedit /etc/environment
- Type your password
- Edit the text file just opened:
DB_NAME=test
DB_HOST=localhost
DB_PASSWORD=password
- Save, then logout and log back in for the changes to take effect.
Having set the environment variables you can now change your code to use the variables instead of hard coding.
$env = getenv();
$user = $env['DB_USER'];
$password = $env['DB_PASSWORD'];
$host = $env['HOST'];
$db = new Database();
$db->connect($host, $user, $password);
For those using a shared server with Apache. You will need to have an .htaccess file on the root folder. Normally public_html.
To set the environment variables, add the following into the file
SetEnv DB_USER your_production_db_user
SetEnv DB_PASSWORD your_production_db_password
SetEnv DB_NAME your_prodution_db_name
This sets the variables to the server. This has one drawback since getenv() only gets system environment variables. To remedy this you can merge both getenv() and $_SERVER to one array.
$env = array_merge(getenv(), $_SERVER);
I try as much as possible to avoid setting environment variables on my development machine, coz i just have so much going on on my machine. I What i normally do is have defaults in case the environment variable are not found on.
$user = $env['DB_USER'] ?? 'root';
$password = $env['DB_PASSWORD'] ?? 'password';
$host = $env['HOST'] ?? 'locahost';
Now that you have done that deploying comes very easy as you don't have to change anything in your code to make connection to a database. And you are also not exposing your database credentials.
Top comments (4)
Nice! This was useful for me. In the past I had always SSH'd into my server to change the DB credentials that were hard-coded into config files after each
git pull origin master. Using environment variables is a much nicer way to handle this - and definitely more secure than hard-coding production DB credentials in config files and storing them in a git repo (even a private one).I dislike this approach as it is vulnerable for following situations:
.htaccessfile is unavailable, so the variables will not be correctI'd recommend having separate PHP file such as
config/environment.php:and exclude it from VCS so it will not be distributed over instances of the application. Instead, in VCS provide an example/dummy of that file, like
config/example.environment.php:Then include the
config/environment.phpin application bootstrap, as soon as possible.Of course the
environment.phpfile can hold more data, like:You are correct on
You can run those cli commands if your are not on a shared hosting environment. In the post i have stated that
.htaccessis for those with a shared hosting plan (like the godaddy ones).You wouldn't use
.htaccessif you owned the server where the app is deployed. You would go with the second option i have provided. Set the evironnment variables on the system level. That way if your application requires CLI commands thevariableswould still be correct.This is a pretty useful guide. There are some PaaS, where github deployment is pretty easier. They have github deployment integrated in their platform. This means you only have to connect your server to github repo using ssh keys and then you can deploy php application in just few clicks.