Noting what appears to be the right approach, but seems to be broken atm; BUG report at

Symfony2+nginx external ENV vars aren't recognized by doctrine DB actions. fails with 'connection refused'.
symfony/symfony#14426

I wonder if we should consider recommending https://github.com/vlucas/phpdotenv for this like laravel does.

👍

ping @javiereguiluz @weaverryan what are your thoughts on recommending (and maybe even implementing into the SE) the phpdotenv library?

@wouterj I'm afraid I haven't used the phpdotenv library yet, so I can't say anything about it.

In any case, I think this is still some weak spot in Symfony (or at least in the Symfony documentation). I'd like to know "the solution" to safely store the most sensitive configuration options (e.g. database credentials) and use them in the application.

environment variables are used by many other frameworks for this include Laravel. They have supplemented phpdotenv by adding some coercion methods so you can force 0 and 1 to be booleans and also handling null values correctly.

Environment variables are also recommended for 12 factor apps. Environment variables also integrate nicely with travis and heroku (and likely other PaaS).

@beberlei is the one who pointed out this particular library to me in this post http://www.whitewashing.de/2014/10/26/symfony_all_the_things_web.html

I had personally used this gem in my rails apps https://github.com/laserlemon/figaro to handle this, but both the travis and heroku gems allow you to set them for their respective services

Quickly - I've also been thinking about dotenv lately, so personally, I'm certainly for exploring it. I don't believe using environmental variables over parameters.yml has any technical or security advantage, but they are more standard and familiar (and much easier to work with iirc when using something like Heroku). What's interesting about dotenv is that it gives an idiot-proof way of setting the environment variables if you don't understand setting them some other way.

@wouterj @jrobeson how would to envision dotenv being recommended? And alternative to putting things in parameters.yml? A full replacement that's officially recommended?

Thanks!

@jrobeson you replied as I posted :) - very very good points, I'm even more in favor of dotenv as a recommendation, if not a full proposal for a parameters.yml replacement.

Thanks!

@weaverryan: I do recommend using environment variables by default, although i'm not sure about this particular library. I haven't actually looked around all that much for alternatives.

I'm also using this particular program , but i'm not sure how well it would work for everyone (especially on windows) , but it's a nice supplement: http://direnv.net/ I't td be nice for them to be able to act on the same file.

@weaverryan : note that phpdotenv 2.x supports json and yaml loaders as well.

@weaverryan I've used dotenv while playing around with Laravel. It uses it as a full replacement for the Symfony parameters.yml: https://github.com/laravel/laravel/blob/master/.env.example

Laravel, being known to use the convention over configuration rule, uses env(...) directly in its code. That's of course not possible to do within Symfony. Symfony currently supports the SYMFONY__ prefix thing for env variables, but if dotenv is made a recommendation (or is used in SE), I believe we have to come up with a better way to support environment variables in configuration files.

i rely on the SYMFONY__ variables currently and the tiny fix suggested in this bug symfony/symfony#7555 . The only real problem i have is the lack of parameter coercion

I'm closing this as "won't fix" because we no longer recommend using the SYMFONY__ env vars. Starting from Symfony 3.2 Symfony has support for runtime env vars and in #7224 I propose to update the "Best Practices" book to mention them. Thank you all for the discussion.