According to Magento docs, one can override Magento Configuration variables using ENV variables. see

I'm trying to do that with some custom extension: Basically I'm trying to feed SMTP configuration/credentials from ENV variables.

I do know that variables are formatted correctly, cause I put this in the pub/index.php


and I clearly see my ENV variables there.

I inject them using following snippet in php-fpm-pool config:

; magepal/magento2-gmail-smtp-app config

All values except CONFIG__DEFAULT__SYSTEM__GMAILSMTPAPP__PASSWORD or system/gmailsmtpapp/password seem to be visible in Magento backend under Stores -> Configuration.

Once I take the same value that I push into CONFIG__DEFAULT__SYSTEM__GMAILSMTPAPP__PASSWORD and save it in the database - extension starts to work.

Magento version is:

"magento/product-community-edition": "2.3.4",

Recently we had similar problems with other extension and I'm starting to think that there is a bug in Magento core regarding reading sensitive vars from ENV.

Before I pull out debugger and start going through Magento guts, is there something that I'm missing here? Is there a known bug in magento that prevents reading ENV vars?

No correct solution


I believe it is a bug, and that I'm encountering the same issue when trying to set a config value using an ENV variable, seems to be related to the handling of those marked with backend_model="Magento\Config\Model\Config\Backend\Encrypted".

I've managed to reproduce this with the core Klarna module:

  • Via admin, set the values in Sales -> Payment Methods -> Klarna -> Klarna API (API Version, Merchant ID, Shared Secret (this is the important one)).
  • Add a global default ENV variable for any of these, I've used merchant ID (CONFIG__DEFAULT__KLARNA__API__MERCHANT_ID)
  • Clear cache, check the config (via ScopeConfigInterface::getValue or just Xdebug), and klarna/api/shared_secret is an empty string

I think what's happening is that when the ENV variable processor sets the config value inside EnvironmentPlaceholder::process it's doing it by reference (maybe related to what is happening in ArrayManager::find?).

This results in the scoped values for a config section (e.g. klarna/api) pointing at the same references as the default values.

When the config is processed in MetadataConfigTypeProcessor::process which is responsible for decrypting the "obscure" values, it iterates over each scope (default, websites, stores) and decrypts the values.

The problem here is that when it decrypts any value in a section that has a variable set by the ENV processor, it also decrypts same referenced value for each scope (default, admin store, base store etc), with the loop resulting in the same value being decrypted over and over, which in my case eventually results in an empty string.

If you have time & Xdebug could you verify you're seeing the same thing? It should be the same process with your custom module.

Licensed under: CC-BY-SA with attribution
Not affiliated with magento.stackexchange
scroll top