How can I retrieve my environment variables in a parameter file in Symfony4 structure?

Question

I did a fresh Symfony installation by using Symfony Flex and the new skeleton belong to the next Symfony 4 directory structure.

I add and configure a first third-party bundle : HWIOAuthBundle. This bundle is used to connect via Twitter using two secret information.

I declare my consumer_id and my consumer_secret in the config/packages/hwi_oauth.yaml file.

hwi_oauth:
    firewall_names: [secured_area]
    resource_owners:
        twitter:
            type:          twitter
            client_id:     XXXXXMyIdXXXXX
            client_secret: XXXXXMyTopSecretKeyXXXXX

My application works fine. But I cannot commit my secrets on github!

I want to have a hwi_oauth.yaml file like this one:

hwi_oauth:
    firewall_names: [secured_area]
    resource_owners:
        twitter:
            type:          twitter
            client_id:     '%twitter_consumer_id%'
            client_secret: '%twitter_consumer_secret%'

I read the Symfony4 best practices about the new DotEnv package.

Using environment variables, while far from being perfect, have many benefits over what we currently do. Environment variables are a more "standard" way of managing settings that depend on the environment (no need to manage a parameters.yml.dist for instance).

As suggested in best practices, I append these two line to .env file:

TWITTER_CONSUMER_ID=XXXXXMyIdXXXXX
TWITTER_CONSUMER_SECRET=XXXXXMyTopSecretKeyXXXXX

But I encountered this error:

You have requested a non-existent parameter "twitter_consumer_id".

I tried with %kernel.twitter_consumer_id% , %env.twitter_consumer_id% , %env(TWITTER_CONSUMER_ID)% with no more success.

The last test is returning this error message:

An exception has been thrown during the rendering of a template ("Environment variable not found: "TWITTER_CONSUMER_ID".").

How can I retrieve my ENV variables in a parameter file like hwi_oauth.yaml?

Answer 1

You need to load the .env file during your bootstrap process, in order for those environment variables to be available:

(new DotEnv())->load(__DIR__ . '/../.env');

You should plan to put secret keys in environment variables on development, staging, and production. How you do that depends, though. In development and staging, perhaps you use .env files, while on production you use Apache to inject.

Personally, I always use .env files, and I keep a blank one in my repository. That way it's super simple to deploy, and there aren't any special cases.

If you only want to use .env files in specific environments, you can do:

if (in_array(getenv('APP_ENV'), [ 'dev', 'test' ])) {
    (new DotEnv())->load(__DIR__ . '/../.env');
}

Answer 2

For test environments I'd suggest also create a bootstrap.php script to override the .env parameters:

tests/bootstrap.php:

<?php

use Symfony\Component\Dotenv\Dotenv;

require_once __DIR__.'/../vendor/autoload.php';

$dotEnv = new Dotenv();
$dotEnv->load(__DIR__.'/../.env');
$dotEnv->populate([
    'APP_ENV' => 'test',
    'DATABASE_URL' => '...'
    // ...
]);

phpunit.xml.dist:

<?xml version="1.0" encoding="UTF-8"?>

<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="vendor/phpunit/phpunit/phpunit.xsd"
         bootstrap="tests/bootstrap.php" <--- set
         ...
>
    ...
</phpunit>