Overriding Magento sensitive configuration variables using environment variables
According to Magento docs, one can override Magento Configuration variables using ENV variables. see https://devdocs.magento.com/guides/v2.3/config-guide/prod/config-reference-var-name.html
I'm trying to do that with some custom extension: https://github.com/magepal/magento2-gmail-smtp-app.git Basically I'm trying to feed SMTP configuration/credentials from ENV variables.
I do know that variables are formatted correctly, cause I put this in the
and I clearly see my ENV variables there.
I inject them using following snippet in php-fpm-pool config:
; magepal/magento2-gmail-smtp-app config env[CONFIG__DEFAULT__SYSTEM__GMAILSMTPAPP__ACTIVE] = $MAGENTO_SMTP_TRANSPORT_ACTIVE env[CONFIG__DEFAULT__SYSTEM__GMAILSMTPAPP__NAME] = $MAGENTO_SMTP_SENDER_HOST env[CONFIG__DEFAULT__SYSTEM__GMAILSMTPAPP__AUTH] = $MAGENTO_SMTP_AUTH env[CONFIG__DEFAULT__SYSTEM__GMAILSMTPAPP__SMTPHOST] = $MAGENTO_SMTP_HOST env[CONFIG__DEFAULT__SYSTEM__GMAILSMTPAPP__SMTPPORT] = $MAGENTO_SMTP_PORT env[CONFIG__DEFAULT__SYSTEM__GMAILSMTPAPP__USERNAME] = $MAGENTO_SMTP_USERNAME env[CONFIG__DEFAULT__SYSTEM__GMAILSMTPAPP__PASSWORD] = $MAGENTO_SMTP_PASSWORD
All values except
system/gmailsmtpapp/password seem to be visible in Magento backend under
Stores -> Configuration.
Once I take the same value that I push into
CONFIG__DEFAULT__SYSTEM__GMAILSMTPAPP__PASSWORD and save it in the database - extension starts to work.
Magento version is:
Recently we had similar problems with other extension and I'm starting to think that there is a bug in Magento core regarding reading sensitive vars from ENV.
Before I pull out debugger and start going through Magento guts, is there something that I'm missing here? Is there a known bug in magento that prevents reading ENV vars?
No correct solution
I believe it is a bug, and that I'm encountering the same issue when trying to set a config value using an ENV variable, seems to be related to the handling of those marked with
I've managed to reproduce this with the core Klarna module:
- Via admin, set the values in Sales -> Payment Methods -> Klarna -> Klarna API (API Version, Merchant ID, Shared Secret (this is the important one)).
- Add a global default ENV variable for any of these, I've used merchant ID (
- Clear cache, check the config (via
ScopeConfigInterface::getValueor just Xdebug), and
klarna/api/shared_secretis an empty string
I think what's happening is that when the ENV variable processor sets the config value inside
EnvironmentPlaceholder::process it's doing it by reference (maybe related to what is happening in
This results in the scoped values for a config section (e.g.
klarna/api) pointing at the same references as the default values.
When the config is processed in
MetadataConfigTypeProcessor::process which is responsible for decrypting the "obscure" values, it iterates over each scope (default, websites, stores) and decrypts the values.
The problem here is that when it decrypts any value in a section that has a variable set by the ENV processor, it also decrypts same referenced value for each scope (default, admin store, base store etc), with the loop resulting in the same value being decrypted over and over, which in my case eventually results in an empty string.
If you have time & Xdebug could you verify you're seeing the same thing? It should be the same process with your custom module.