8000 [Secrets] Secret is not working as environment variable · Issue #35348 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content
8000

[Secrets] Secret is not working as environment variable #35348

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Myrkky opened this issue Jan 15, 2020 · 1 comment
Closed

[Secrets] Secret is not working as environment variable #35348

Myrkky opened this issue Jan 15, 2020 · 1 comment
Labels
Bug DependencyInjection Status: Needs Review

Comments

@Myrkky
Copy link
Myrkky commented Jan 15, 2020
edited
Loading

Symfony version(s) affected: tested with 5.0.2 and 4.4.2

Description
Tried to use secrets to store JWT_PASSPHRASE, but symfony wont pass it to environment variable.

How to reproduce

  1. symfony new test-jwt-secret
  2. bin/console secrets:generate-keys
  3. composer require jwt
  4. -- remove JWT_PASSPHRASE from .env
  5. bin/console secrets:set JWT_PASSPHRASE
  6. bin/console -> Environment variable not found: "JWT_PASSPHRASE".

Additional context
Screenshot 2020-01-15 at 9 54 27
@jderusse
Copy link
Member
jderusse commented Jan 15, 2020
edited
Loading

note: The reason is a ParameterCircularReferenceException in envLoader when the first Env Variable tried to be loaded is default::SYMFONY_DECRYPTION_SECRET

  • call to getenv('default::SYMFONY_DECRYPTION_SECRET')
  • call to getenv('SYMFONY_DECRYPTION_SECRET')
  • the env variable does not exists
  • iterate over loaders
  • tryied to load SodiumVault envLoader
  • triggers a ParameterCircularReferenceException (because the loaded requires SYMFONY_DECRYPTION_SECRET)
  • the iterrator loaders stay in an invalid state
  • EnvVarProcessor fallback to default null => OK

next variable to be loaded (ie. JWT_PASSPHRASE)

  • call to getenv('JWT_PASSPHRASE')
  • the env variable does not exists
  • iterate over loaders
  • the iterrator loaders is in an invalid state <= issue

@jderusse jderusse mentioned this issue Jan 15, 2020
Merged
nicolas-grekas added a commit that referenced this issue Jan 20, 2020
@nicolas-grekas
bug #35355 [DI] Fix EnvVar not loaded when Loader requires an env var…
e21b153 
… (jderusse)

This PR was merged into the 4.4 branch.

Discussion
----------

[DI] Fix EnvVar not loaded when Loader requires an env var

| Q             | A
| ------------- | ---
| Branch?       | 4.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | #35348
| License       | MIT
| Doc PR        | NA

When an EnvVarLoader has a dependency on an Env Var tried to be loaded (which is the case for SodiumVault that is configured with `default::SYMFONY_DECRYPTION_SECRET`) the Loader is not usable.

What happens:
- when trying to resolve `SYMFONY_DECRYPTION_SECRET`, the EnvVarProcessor iterates over loaders
- given SodiumVaultLoaders requires the same env variable `SYMFONY_DECRYPTION_SECRET`, it throws a `ParameterCircularReferenceException`
- letting the $loaders generator invalid

This PR, refactor the way loaders are iterated in order to rewind on failure.

Commits
-------

e119aa6 [DI] Fix EnvVar not loaded when Loader requires an env var
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug DependencyInjection Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@nicolas-grekas @jderusse @xabbuh @Myrkky @carsonbot
0