我需要签署文档，但为此我需要通过 json 传递密码和证书路径

使用这个真的安全吗？我如何在 php 配置文件中实现这些数组？这样就没有人（外部公众）可以访问数据，我知道 php 可以做到这一点。

我正在配置一个 api，其文档中包含以下内容：

配置 API API 配置是通过文件甚至 JSON 格式的数组完成的。

该 JSON 数组包含 API 所需的数据，以了解重要文件的位置，例如数字证书和其他相关信息。

{"atualizacao":"2016-02-02 08:01:21","tpAmb":2,"pathXmlUrlFileNFe":"nfe_ws3_mod55.xml","pathXmlUrlFileCTe":"cte_ws1.xml","pathXmlUrlFileMDFe":"mdfe_ws1.xml","pathXmlUrlFileCLe":"cle_ws1.xml","pathXmlUrlFileNFSe":"","pathNFeFiles":"/MyApp/nfe","pathCTeFiles":"/MyApp/cte","pathMDFeFiles":"/MyApp/mdfe","pathCLeFiles":"/MyApp/cle","pathNFSeFiles":"/MyApp/nfse","pathCertsFiles":"/MyApp/certs/","siteUrl":"http://myapp.local","schemesNFe":"PL_008h2","schemesCTe":"PL_CTE_104","schemesMDFe":"MDFe_100","schemesCLe":"CLe_100","schemesNFSe":"","razaosocial":"Fulano de tal Ltda","siglaUF":"AM","cnpj":"547678524000133","tokenIBPT":"AAAAAAA","tokenNFCe":"GPB0JBWLUR6HWFTVEAS6RJ69GPCROFPBBB8G","tokenNFCeId":"000002","certPfxName":"myapp_2016.pfx","certPassword":"JIO&$@2990_zx","certPhrase":"tajomstvo","aDocFormat":{"format":"P","paper":"A4","southpaw":"1","pathLogoFile":"/MyApp/publico/images/logo.jpg","logoPosition":"L","font":"Times","printer":"hpteste"},"aMailConf":{"mailAuth":"1","mailFrom":"roberto@myapp.local","mailSmtp":"smtp.myapp.local","mailUser":"roberto@myapp.local","mailPass":"heslo$","mailProtocol":"ssl","mailPort":"587","mailFromMail":null,"mailFromName":null,"mailReplayToMail":null,"mailReplayToName":null,"mailImapHost":null,"mailImapPort":null,"mailImapSecurity":null,"mailImapNocerts":null,"mailImapBox":null},"aProxyConf":{"proxyIp":"","proxyPort":"","proxyUser":"","proxyPass":""}}

文档没有显示如何实现它，它只是显示了 json 数组的示例，这也可以在 php 文件中完成，我想我应该将该数组放在 config.json 之类的内容中并在控制器中调用它，我不知道这个调用会怎样，我会把它放在哪里，我可以把它放在任何地方，但我最关心的是需要将个人手指作为密码放在这个矩阵中，json是一个可以访问的文件任何人通过浏览器，我不知道按照他们的建议实施是否合适且安全。这真的是最佳实践吗？