-
Notifications
You must be signed in to change notification settings - Fork 751
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Picking up database config from environment variables #1048
Comments
Oh I think I might have it, I needed to overwrite
to the end of the list. Now it seems to be working when I do
I guess my main question is whether this is a terrible plan, or if there is a better way? else you can just close this as I am happy now I can not have a plain text password for my container! |
I do think this is a legit use case, especially in the container world. It obviously does allow injecting these specific environment variables to PHP, but we don't use these in our code and therefore it would only work with your specific configuration. Generally environment variables are considered more risky than secrets in files, as they can be extracted or leak into unintended places (see for example this trendmicro blog post). If you were to use kubernetes, you could consider storing these environment variables or the configuration file itself in a secret that gets injected into the container - other container products may offer similar mechanisms. The main benefit of that is to avoid having either the environment variable or files being part of the configuration of your container. What I'm not sure about is how this could be introduced as a feature in a backwards compatible way. It would be simple enough to pick some variable names (yours sound sensible) and expose these to php-fpm as you did. One would then still have to include a custom conf.php file that configures pgsql or mysql as the driver and injects the variables in the appropriate locations. Given that we recommend to mount the root filesystem read-only, we can't really dynamically generate a configuration file, if the environment variables are present. Or we would only do that if the file is not present and can be written to (i.e. /srv/cfg is a tmpfs mount or such). |
So this is probably just me being too rusty at PHP but I am struggling to get the config.php (well.. really its an ini file...) to pick up environment variables. I can connect to the database when I hardcode the username, password and host, but if I try and use environment variables at all such as
They are not picked up at all, either you get the full variable name parsed as if it were a string (and I don't have a user called
$_ENV['DB_USER']
oddly), or if I try the version which works with php.ini files and just have${DB_USER}
they are blank. Do you have any guides for this? or is it one where I should update the code to not get this from the config.php file and instead just read in direct?The text was updated successfully, but these errors were encountered: