5

I am trying to set up a secret manager in Symfony 5. I followed this Secrets Management Setup course and How to Keep Sensitive Information Secret documentation.

My app is now triggering :

Fatal Error: Maximum execution time of 30 seconds exceeded
Environment variable not found: "DATABASE_URL".

As the documentation says, I dropped DATABASE_URL from my .env and used php bin/console secrets:set DATABASE_URL which output :

 [OK] Sodium keys have been generated at "config/secrets/dev/dev.*.public/private.php".


 !
 ! [CAUTION] DO NOT COMMIT THE DECRYPTION KEY FOR THE PROD ENVIRONMENT⚠️
 !


 [OK] Secret "DATABASE_URL" encrypted in "config/secrets/dev/"; you can commit it.

Here is the result of php bin/console secrets:list :

 // Use "%env(<name>)%" to reference a secret in a config file.
 ------------------- -------- -------------
  Secret              Value    Local Value
 ------------------- -------- -------------
  DATABASE_URL        ******
 ------------------- -------- -------------

Here how I use %env% in config/packages/doctrine.yaml :

doctrine:
    dbal:
        # ...
        url: '%env(DATABASE_URL)%'
        # ...

I'm using PHP 7.2.21 and following the documentation :

The Secrets system requires the sodium PHP extension that is bundled with PHP 7.2. If you're using an earlier PHP version, you can install the libsodium PHP extension or use the paragonie/sodium_compat package.

The Symfony console asked me anyway to install paragonie/sodium_compat polyfill, what I did.

My application isn't working anymore. What am I missing ?

Update #1

It turns out that the problem is from the paragonie/sodium_compat package. The last debug message before Fatal Error: Maximum execution time of 30 seconds exceeded is :

timeParagonIE_Sodium_Core_Util::mul() vendor/paragonie/sodium_compat/src/Core/Curve25519.php:756

So Symfony isn't able to get the environment variable and trigger the error.

I tried then to decrypt secrets and store them in .env.dev.local to avoid decrypting them at each request using this command :

 php bin/console secrets:decrypt-to-local --force

But Symfony keeps decrypting it and doesn't use .env.dev.local.

Benjamin
  • 341
  • 4
  • 15
  • Please provide exactly how you defined `DATABASE_URL`. – EternalHour Apr 03 '20 at 17:58
  • Thanks @EternalHour for commenting. As explained, in terminal, `php bin/console secrets:set DATABASE_URL` and then the secret `mysql://root:root@127.0.0.1:3306/test` in the command prompt. – Benjamin Apr 03 '20 at 18:07
  • Everything here is fine. Are you certain the secret is not being removed before you reference it? This can also happen if there is an issue with the private key or it's not available. – EternalHour Apr 03 '20 at 18:22
  • I struggled with a problem similar to this and finally found the error. Problem was I forgot to enable sodium extension in my web server's php.ini. It was enabled in my CLI php.ini, allowing me to create the key pairs, but not reading it in when running the app through a web server (due to sodium extension not enabled in different php.ini...). Error was like OP's one : "Environment variable not found...". Hope this can help someone. – ffouillet Sep 18 '20 at 14:37
  • I had a similar problem and for me this was because my config/secrets/prod/prod.decrypt.private.php file was missing. I had misunderstood the "do not commit" warning. I didn't commit it and so the file didn't exist. Deleting the contents of the config/secrets/prod/ directory then regenerating the secret fixed it for me. – John Langford Mar 07 '23 at 22:41

0 Answers0