Isn't it common for rental servers to use environmental variables?

The so-called rental server (a type of web hosting service, also known as a shared server) runs multiple independent user sites on a single web server app (Apache HTTP Server or nginx).Each user's site is not visible to each other, and the execution environment has been dropped into the user's permissions or isolated by chroot with technology such as suEXEC, but it is originally run from a single web server app.

Normally, when it comes to passing environment variables, it is passed to the web server application by setting Environment in the systemd unit file.However, there is only one web server app, so if you set the environment variable for one user, it will be shared with all users.This is a kind of security hole for a rental server that provides an independent environment for each user.Also, if the environment variables you want to set overlap, you will have a dispute over which one to prioritize.

Well, what we can't do is we can't do that.For Apache HTTP Server, SetEnv directives.This means that you can set any environment variable, not just for the entire server, but for each host or directory.The problem I mentioned earlier was that setting the environment variable in the web server application makes it common to all users.However, with this, I think I can set any environment variable for each site (virtual host) or directory.However, there is still a problem.These are Apache HTTP Server settings, but it is difficult for users to change them, and it is also a problem that they need to restart the service every time they make changes.

Don't give up yet.Surprisingly, SetEnv can also be used in .htaccess, and .htaccess can be configured for each user or, more precisely, for each directory to publish.If you put .htaccess in the directory where the program is located and use SetEnv, you can use any environment variable.This gives users the freedom to configure themselves in their own area and eliminates the need for trouble such as restarting services.The only problem is that .htaccess may limit the available directives.(.htaccess can be restricted by Apache HTTP Server configuration)

The introduction has become longer.Environment variables are acceptable for rental servers that meet the following requirements:

• .htaccess is available.
• .htaccess allows you to use the SetEnv directive.

I don't know if this can be used on Xserver or other rental server.Xserver appears to be able to use .htaccess, but there was no information on which directives could be used.The only way to do this is to actually set it up and try it out.

Now that we've come this far, there's one thing to be careful about.Why should API keys be set to environment variables?If the entire program is managed by a repository such as GitHub, the API key in the code will also go up to the repository.If it was a public repository, the API key would be published around the world wide.Published API keys are abused in no time.If that happens, you will end up in a situation where you can't be fashionable with a multi-million yen fee bill for your account BAN and some services.

I just wrote that .htaccess should be using SetEnv.wait a minute。Isn't that .htaccess something that anyone can see?Access to .htaccess is limited on most servers, but not always.You may need to set it so that you cannot access it properly.The other thing is that .htaccess is placed in the same place as the program, so if you manage it in the repository I mentioned earlier, you may want to manage it together.In such cases, embedding the API key in .htaccess is not a good idea.

What I want to say is, don't stop thinking, "API keys are safe in environment variables." An environment variable can be dangerous if the location of the environment variable is disclosed.What's important is to never reveal where the API key is written.In general, if you set it with the environment variable of the process itself, it's a different place from the source tree, so it's often just that it's safe.It means that it is sufficient if it does not appear on the source tree, such as writing to a configuration file that is excluded from the repository or saving it to a DB.

As I mentioned in the comment, I don't think I understand the environmental variables in the first place.We recommend that you first refer to and understand the environment variable or the process

Environment variables are one of the data sharing functions provided by the operating system.A process running on an OS is a mechanism for sharing data.Especially, data are given to the task from the outside and used to change the behavior and setting of the task.

The environment is replicated and inherited from the parent process to the child process. In other words, unless the environment is changed in the child process, the environment of the child process is the same as that of the parent process. Also, any changes made by a child process to its environment will not affect the parent process's environment.

In other words, the environment variable is the standard feature provided by the OS process, and it does not change availability on the rental server.

The only thing you can't find when you search is that it's so basic that you just read it off as knowing it.As I quoted above, if I looked it up on Wikipedia, it would have been explained and I could have found it.

The way environment variables are set for each process varies and depends on the program running the process.
For example, as you can see in Raccy's answer, Apache Http Server can be done with the SetEnv directive.You can also use the putenv function if the php is tagged.