Add Env::extend to support custom adapters when loading environment variables #54756
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks for submitting a PR! Note that draft PR's are not reviewed. If you would like a review, please mark your pull request as ready for review in the GitHub user interface. Pull requests that are abandoned in draft may be closed due to inactivity. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces a new capability to register one or more additional adapters for reading and loading environment variables during the Kernel's bootstrap process. This allows Laravel applications to retrieve environment variables from external sources such as AWS Secrets Manager, HashiCorp Vault, Infisical, encrypted local files, or any other implementation that conforms to the default interface.
Problem
An application might rely on environment variables ("secrets") that are securely stored in external sources, rather than in a "local" .env file. Additionally, these variables may be dynamically updated (rotated), requiring a reliable way to load them at the right stage of the bootstrapping process.
There are currently a few ways to handle this, but each has limitations:
afterLoadingEnvironmentcallback to load external secrets. However, if additional environment variables are loaded within this callback, it could lead to the situation where not all environment variables are available yet. As a result, the naming and intended purpose of the callback may become misleading or inaccurate.config([$key => $value]). However, service providers load late in the request lifecycle, meaning environment variables (and related configuration settings) are updated too late to be useful during early bootstrapping.Therefore, both solutions fail to provide external secrets before Laravel compiles the configuration, which is necessary for secure and dynamic environment variable management.
Proposed Solution
The Dotenv library, which Laravel uses to read and load environment variables, supports multiple adapters for reading and writing variables. Currently, Laravel leverages the default RepositoryBuilder, which comes with the following adapters:
$_SERVER)$_ENV)putenv()/getenv()support)Thus, this PR introduces a new method:
Env::extend, allowing developers to:Example
The perfect place for registering an extra adapter might be in the
bootstrap/app.phpfile, right before the application builder, so the ApplicationBuilder already has access to all the necessary environment variables.In theory, this approach could serve as a more direct alternative to how Laravel Vapor currently loads parameters ("secrets") from Amazon EC2 Systems Manager (SSM). For this reason, I’ve added support for multiple adapters, ensuring flexibility in case Vapor adopts this solution and/or if the application needs to integrate with multiple external sources of "secrets".