Cms: Docs: add warning about usage of getenv() in config files

Just found out that it’s also possible to reference environment vars in config files like so:

return [
    'general' => [
        'secret' => '$AWS_SECRET_ACCESS_KEY',
        // ...
    ],
];

But it’s probably confusing things more than being of value.

I had meant to remove mentions of volumes.php from the docs for 3.1, as environmental settings do a better job at solving the same problem, and don’t suffer from this issue. Just did that, which means there’s no longer anything in the docs suggesting you use a config file to override CP settings that will make it into the DB or project.yaml. Given that I don’t think a warning about this is really necessary anymore.

Agree, should be good now (for fresh 3.1 installs at least). I still have to use volume.php for now because bucket and region can’t be set to env vars via the CP. https://github.com/craftcms/aws-s3/issues/42

Yeah, we’ll get to that.

I think you’re right and it doesn’t belong to documentation of using getenv() in config files.

But I feel like this is a common issue for people upgrading from 3.0, and I was thinking it may be worth to publish a 3.0 to 3.1 upgrade guide, or a “Changes in Craft 3.1” article, where you could mention the issue.

I agree with @carlcs, I was completely unaware until I saw some discussion in Slack.

I do use volumes.php in majority of my projects using getenv(). It would be nice to have some kind of guidance on the subject.

Yeah OK I agree with that as well.

I just added a new section to the Project Config docs about this:

https://docs.craftcms.com/v3/project-config.html#sensitive-information-could-be-saved-in-project-yaml