If you are working with PHP framework like laravel or symfony, you may use .env file but with CakePHP it doesn’t work natively, let’s see why and how correct this.
Why Sould i use .env file?
A .env file serve to avoid to hardcode values into your code like application name, like the fact you are working in production or development.
You can also configure database access into it, put your credentials for Api services and so many things.
Is it safe to do that ?
The answer could be yes.
If your open .gitignore file in your root folder you will see this.
# CakePHP specific files #
##########################
/config/app.php
/config/.env
....By default .env file is not commited, so don’t be much nervous about stocking credentials into it.
But the answer could be also no.
Read below, it’s an answer from stack overflow about symfony but it’s the same logic for CakePHP
https://stackoverflow.com/questions/50735189/why-env-should-not-be-loaded-in-production-in-symfony4
The idea behind .env is that it should be primarily used in development and testing environments, because in other environments such as a production or a staging web server you should be able to set up these variables externally.
For example, Nginx allows you to use the env directive in your configuration files to set up variables the application will be able to pick up.
I think the reason why Symfony chose to treat .env this way is that it allows you to unify the way the variables for any runtime environment a developer might have. And also remember that in production deployments environment variables are first-class and quite common and do not change quite often.
Other thing here is security: server configurations are supposed to be more secure than your Symfony application’s source code. E.g. as someone who has filesystem access to the app root on your prod server, you could steal database credentials if they are just stored in .env, but you won’t be able to access those if they are kept somewhere securely in the server config, outside of the app root.
After your are free to choose, for me it’s like system like wordpress, magento or other where the environments variables is in a PHP config file.
So i don’t consider .env file like a bad practice but i am neither a purist nor an extremist.
Where is located .env file in CakePHP 3?
First things first, to find this file you must go to config folder. Normally you will find a .env.default . In this case just copy this file and rename it .env
cp .env.default .envWhy copy .env and not rename it directly ?
The answer is simple. Remember, .env file is not commited and so if you add variables into it like below
export FOO="BAR"
export SECRETLOGIN="123"
export SECRETPASSWORD="456"Someone who recover your project will not have the new variables.
So a good practice is to also add them too into .env.default file
export FOO=""
export SECRETLOGIN=""
export SECRETPASSWORD=""Now we need to uncomment few lines in config/bootstrap.php file.
// if (!env('APP_NAME') && file_exists(CONFIG . '.env')) {
// $dotenv = new \josegonzalez\Dotenv\Loader([CONFIG . '.env']);
// $dotenv->parse()
// ->putenv()
// ->toEnv()
// ->toServer();
// }Juste remove the // characters in front of each line
if (!env('APP_NAME') && file_exists(CONFIG . '.env')) {
$dotenv = new \josegonzalez\Dotenv\Loader([CONFIG . '.env']);
$dotenv->parse()
->putenv()
->toEnv()
->toServer();
}And now you’re ready to use .env variables.
How to declare and use new variables in .env?
Very simple, open your .env file and add a new line like below.
EXPORT MYNEWVARIABLE="this is working"Don’t forget the quotes for value, if your forgot it you may have some troubles with string beginning by 0.
They’ll be convert to integer.
Example : 0123456 become 123456, so imagine you need the 0, it will not work.
For use your new variable.
$test = getEnv('MYNEWVARIABLE');It will work everywhere, into controller, templates…
And there your go 😉