Docs: add warning about usage of getenv() in config files #3655
Comments
|
Just found out that it’s also possible to reference environment vars in config files like so: return [
'general' => [
'secret' => '$AWS_SECRET_ACCESS_KEY',
// ...
],
];But it’s probably confusing things more than being of value. |
|
I had meant to remove mentions of |
|
Agree, should be good now (for fresh 3.1 installs at least). I still have to use volume.php for now because bucket and region can’t be set to env vars via the CP. craftcms/aws-s3#42 |
|
Yeah, we’ll get to that. |
|
I think you’re right and it doesn’t belong to documentation of using But I feel like this is a common issue for people upgrading from 3.0, and I was thinking it may be worth to publish a 3.0 to 3.1 upgrade guide, or a “Changes in Craft 3.1” article, where you could mention the issue. |
|
I agree with @carlcs, I was completely unaware until I saw some discussion in Slack. I do use |
|
Yeah OK I agree with that as well. I just added a new section to the Project Config docs about this: |
Description
Please add a warning to the Config Files section in the docs about usage of
getenv()for things that are also stored in the project config.Even though config files will eventually override values from project config, there is a risk that environment variables make their way into the yaml when settings are saved via web.
As I understand it, every setting that makes use of environment variables (especially confidential ones), which is also stored to project config, should no longer be set in config files, but rather via the CP or the yaml file directly.
The text was updated successfully, but these errors were encountered: