Picking up database config from environment variables

[kizzie]

So this is probably just me being too rusty at PHP but I am struggling to get the config.php (well.. really its an ini file...) to pick up environment variables. I can connect to the database when I hardcode the username, password and host, but if I try and use environment variables at all such as

dsn = "pgsql:host=db;dbname=privatebin"
tbl = "privatebin_"     ; table prefix
usr = $_ENV['DB_USER']
pwd = $_ENV['DB_PASSWORD']

They are not picked up at all, either you get the full variable name parsed as if it were a string (and I don't have a user called $_ENV['DB_USER'] oddly), or if I try the version which works with php.ini files and just have ${DB_USER} they are blank. Do you have any guides for this? or is it one where I should update the code to not get this from the config.php file and instead just read in direct?

[kizzie]

Oh I think I might have it, I needed to overwrite /etc/php81/php-fpm.d/zz-docker.conf to pass the environment variables from the system environment to the PHP environment adding

env[DB_HOST] = $DB_HOST
env[DB_USER] = $DB_USER
env[DB_NAME] = $DB_NAME
env[DB_PASSWORD] = $DB_PASSWORD

to the end of the list. Now it seems to be working when I do

[model]
class = Database
[model_options]
dsn = "pgsql:host=${DB_HOST};dbname=${DB_NAME}"
tbl = "privatebin_"     ; table prefix
usr = ${DB_USER}
pwd = ${DB_PASSWORD}
opt[12] = true    ; PDO::ATTR_PERSISTENT

I guess my main question is whether this is a terrible plan, or if there is a better way? else you can just close this as I am happy now I can not have a plain text password for my container!

[elrido]

I guess my main question is whether this is a terrible plan, or if there is a better way?

I do think this is a legit use case, especially in the container world. It obviously does allow injecting these specific environment variables to PHP, but we don't use these in our code and therefore it would only work with your specific configuration.

Generally environment variables are considered more risky than secrets in files, as they can be extracted or leak into unintended places (see for example this trendmicro blog post). If you were to use kubernetes, you could consider storing these environment variables or the configuration file itself in a secret that gets injected into the container - other container products may offer similar mechanisms. The main benefit of that is to avoid having either the environment variable or files being part of the configuration of your container.

---

What I'm not sure about is how this could be introduced as a feature in a backwards compatible way. It would be simple enough to pick some variable names (yours sound sensible) and expose these to php-fpm as you did.

One would then still have to include a custom conf.php file that configures pgsql or mysql as the driver and injects the variables in the appropriate locations. Given that we recommend to mount the root filesystem read-only, we can't really dynamically generate a configuration file, if the environment variables are present. Or we would only do that if the file is not present and can be written to (i.e. /srv/cfg is a tmpfs mount or such).