Instructions for storing database credentials outside of the webroot of a Drupal project using an .env file.
Using as an example, if the ISP has assigned a home directory to the project as
project_user and the webroot within the project is a folder named
project_webroot. Drupal might be installed in that home directory as
drupal. A symbolic link is created in
project_webroot --> drupal/web.
drupal directory, where Drupal was installed using Composer, install phpdotenv (https://github.com/vlucas/phpdotenv)
php /usr/local/bin/composer require vlucas/phpdotenv
(adjust for the method of installation and location of Composer).
settings.php file (
/home/project_user/drupal/web/sites/default/settings.php) and add
$dotenv = Dotenv\Dotenv::createImmutable('../config'); $dotenv->load();
to the top of the file (line after
<?php). Note that the
settings.php is set to read-only by the installer, so it needs to be made writable, edited, then set back to read-only.
At the bottom of the file, locate the
$databases assignment and replace with
$databases['default']['default'] = [ 'database' => $_ENV['MYSQL_DATABASE'], 'driver' => 'mysql', 'host' => $_ENV['MYSQL_HOSTNAME'], 'namespace' => 'Drupal\\Core\\Database\\Driver\\mysql', 'password' => $_ENV['MYSQL_PASSWORD'], 'port' => $_ENV['MYSQL_PORT'], 'prefix' => '', 'username' => $_ENV['MYSQL_USER'], ];
/home/project_user/config and in that config folder, create
MYSQL_DATABASE=drupal_db MYSQL_HOSTNAME=localhost MYSQL_PASSWORD=drupal_db_password MYSQL_PORT=3306 MYSQL_USER=drupal_user
adjusting values as needed.
config_sync_directory can also be moved into this new
config folder, see https://www.drupal.org/docs/configuration-management/changing-the-storage-location-of-the-sync-directory.
I don’t understand why this isn’t the default, as it is normal for a symfony based application.
Reference in addition to the phpdotenv reference above, https://www.freecodecamp.org/news/the-best-way-to-manage-your-drupal-workflow-ade9525a84c0/.