Environment Variables for WordPress Hosting

WordPress Questions
1

Hi Kinsta Community,

I’m trying to figure out the best way to manage environment variables across different environments for WordPress sites hosted on Kinsta. Specifically:
• I need to map different variables for staging (https://staging.example.com) and production (https://www.example.com).
• We’re using Bedrock, which relies on dotenv, but when using the push function from staging to live, the .env file gets overwritten, causing issues with environment-specific settings.

I noticed that Kinsta supports environment variables for applications via MyKinsta, but it looks like it’s intended for application hosting and not directly exposed as native environment variables for WordPress without some workaround. 

Does anyone know a recommended approach or best practice to manage environment variables on Kinsta so that each environment can maintain its own configuration without being overwritten during deploys?

Also — I’m a bit surprised that there isn’t a dedicated Environment Variables section in the WordPress site management UI yet, considering how common Bedrock and dotenv-based workflows are in the WP ecosystem. It would be great if MyKinsta allowed setting environment variables per environment (staging vs production) directly for WordPress installs.

Thanks in advance!

2

HI @leo.idna :waving_hand:

Welcome to the Kinsta Community.

You can use the following PHP constants for custom setups like Bedrock or Trellis, which store fixed values that remain the same throughout the site. When it is used, such as SERVER_SECRET_DB_USER, MyKinsta uses it to identify the site’s database password.

The following constants can be used:

SERVER_SECRET_DB_USER
SERVER_SECRET_DB_PASSWORD
SERVER_SECRET_DB_HOST
SERVER_SECRET_DB_NAME

Below are examples of using these in a config.php file:

define('DB_NAME', defined('SERVER_SECRET_DB_NAME') ? SERVER_SECRET_DB_NAME : 'newsitetest');
define('DB_USER', defined('SERVER_SECRET_DB_USER') ? SERVER_SECRET_DB_USER : 'newsitetest');
define('DB_PASSWORD', defined('SERVER_SECRET_DB_PASSWORD') ? SERVER_SECRET_DB : 'asdijfhkjasdbfkjhbajiksd' );
define('DB_HOST', defined('SERVER_SECRET_DB_HOST') ? SERVER_SECRET_DB_HOST : 'localhost');

I hope it helps. Cheers!

3

Hi, thanks for your reply!
When using Bedrock, we also rely on additional environment variables defined in the .env file, such as:
Environment
WP_ENV=‘development’
WP_HOME=‘http://example.com

These are essential for correctly handling environment-specific behavior (e.g. staging vs production URLs and environment mode).
Do you know if variables like these are also available through the SERVER_SECRET_* constants, or if there is another recommended way on Kinsta to manage them per environment?
Thanks again for your help!

4

Hello @leo.idna :waving_hand:

One of the solutions, to prevent .env file from being overwritten is placing it outside of public directory both on staging and live, so that they woudn’t be overwritten during the push.

I would advise trying that.

Kind regards!

5

Hi,
thanks for the suggestion.
However, moving the .env file outside of the public directory doesn’t seem like a good solution in my case, because I would need to modify the Bedrock source code to load the .env from a custom path.
I’d prefer to avoid altering the core configuration/structure of Bedrock, as this could introduce maintenance issues and make future updates more complex.
Is there an alternative approach to prevent the .env file from being overwritten during push, without changing how Bedrock handles environment loading?

Ideally, it would be great if Kinsta allowed managing custom SERVER_SECRET_* variables directly from the site dashboard — that would make everything much cleaner and safer :slightly_smiling_face:

Thanks in advance!

6

Hello again :slight_smile:
As my colleague mentioned here, SERVER_SECRET can be used. Please check this response:

In regards to the push, Kinsta allows selective push, so you can select to push only certain files and directories by adding the paths in selective push window. Since it’s a Bedrock install, you’d have to specify directories (all subdirectories and files are pushed to) like this:

That way you won’t be pushing the ENV file.

Kind regards!

7

Hi,
thanks for your reply.
Based on Kinsta’s official documentation, only the following SERVER_SECRET_* constants are currently supported:

  • SERVER_SECRET_DB_USER

  • SERVER_SECRET_DB_PASSWORD

  • SERVER_SECRET_DB_HOST

  • SERVER_SECRET_DB_NAME

There is no option to define custom SERVER_SECRET_* variables.
In my case, I need to manage the site URL via environment variables. Since I’m using Bedrock, this is a core requirement: Bedrock expects values like WP_HOME and WP_SITEURL to be defined through environment variables (typically via the .env file).
Because of this, the available SERVER_SECRET_* constants don’t cover my use case, and I can’t rely on them to replace the .env.
Could you confirm if there is any supported way to handle custom environment variables (such as those required by Bedrock) without the .env file being overwritten during push?
Ideally, it would be great if Kinsta allowed managing custom SERVER_SECRET_* variables directly from the dashboard :slightly_smiling_face:

Thanks in advance!

8

@leo.idna

Our WordPress hosting supports the function wp_get_environment_type().

To ensure this works seamlessly on our platform, we define an environmental variable in our system as WP_ENVIRONMENT_TYPE for this WP function.

This variable supports the following values:

  • Live = production
  • Staging = staging
  • Premium Staging = development

You can try to set a condition based on WP_ENVIRONMENT_TYPE value in your .env configuration file to dynamically set the WP_SITE and HOME URLs.

I hope this helps!