Environment variables for things like phpmyadmin

[apolopena]

Problem this feature will solve

Currently default phpmyadmin credentials are store in version control. This is a security risk.

Background

Sensitive data such as user credentials should be kept out of version control

Proposed Solution

Put default values for sensitive data such as phpmyadmin user credentials into the file default.starter.env
If the user does not set these variables in their Gitpod account (in settings), then use the default values.

Constraints and Assumptions

Implement this for phpmyadmin
Later on any sensitive information such as data for the laravel .env file can use this pattern.
phpmyadmin env vars will only be used if phpmyadmin has been install.

Alternatives or Workarounds

Every workaround is a security risk

Additional context

To add environment variables open your Gitbpod account in a browser go to settings follow the intuitive UI.

[apolopena]

After implementing some of this in the development branch it turns out this is a bad idea because sensitive environment variables such as passwords must be unset or its pointless. We can't have passwords floating around the terminals. gp env -u was really buggy about unsetting environment variables set in the dashboard. error messages followed, the variable was removed from the dashboard but not from that current session. Additionally regular calls to unset without using gp env -u would unset the env var from the current terminal but when a new terminal was opened the env var would be set again.

Because of this unsetting issue I am closing this feature. There is no point to adding a complexity to the code base in the name of security when the feature is not secure.

[apolopena]

Fixed by #64