Symfony version(s) affected: 4.4

Description
When executing secrets:decrypt-to-local --env=test secrets:encrypt-from-local --env=test the secrets are written and read to different files.

secrets:decrypt-to-local --env=test writes to .env.local
secrets:encrypt-from-local --env=test reads from .env.test.local

How to reproduce

1. Create a secret: bin/console secrets:set database_url --env=test
2. Decrypt to local: bin/console secrets:decrypt-to-local --env=test. Writes database_url to .env.local
3. Update database_url in .env.local
4. Encrypt from local: bin/console secrets:encrypt-from-local --env=test

Console shows the following error:

[ERROR] Secret "database_url" not found in ".env.local".

What's actually happening…

The console command is looking in .env.test.local for the variable. Copying the variable to the .env.test.local and running the command again works as expected.

Possible Solution

vendor/symfony/framework-bundle/Resources/config/secrets.xml defines a hardcoded path to .env.local. This path should be dynamically determined based on the env.

Alternatively overriding the service in services_test.yaml also works:

services:
    secrets.local_vault:
      class: Symfony\Bundle\FrameworkBundle\Secrets\DotenvVault
      arguments:
        - '%kernel.project_dir%/.env.test.local'