Environment Variables
Every application needs configuration—database credentials, API keys, SMTP settings, feature flags. But hardcoding these values directly in your code creates serious problems: security vulnerabilities (credentials in version control), inflexibility (can't easily change settings), and deployment headaches (different environments need different values).
UserFrosting uses environment variables to solve these challenges. Environment variables keep sensitive data out of your codebase, allow different configuration for each environment (development, staging, production), and let you change settings without modifying code. It's the twelve-factor app approach that professional applications follow.
For local development, UserFrosting uses .env files to make managing environment variables easy. In production, you set real environment variables directly on your server for maximum security.
Available Environment Variables
UserFrosting recognizes the following core environment variables:
| Variable | Description |
|---|---|
UF_MODE |
The current environment Modes |
CSRF_ENABLED |
The global switch for the CSRF Guard. Defaults to true |
DB_CONNECTION |
The database connection to use |
DB_TEST_CONNECTION |
The database connection to use in the test environment (defaults to memory) |
DB_DRIVER |
The database driver to use (choice of mysql, pgsql, sqlite or sqlsrv) |
DB_HOST |
The database host (e.g., localhost) |
DB_PORT |
The database port |
DB_NAME |
The name of the database to use for this install |
DB_USER |
The database user account |
DB_PASSWORD |
The database user password |
MAIL_MAILER |
Set to one of smtp, mail, qmail, sendmail (defaults to smtp) |
MAIL_FROM_ADDRESS |
Outgoing emails are sent from this address |
MAIL_FROM_NAME |
Outgoing emails are sent with this name |
SMTP_HOST |
SMTP server host used to send emails |
SMTP_USER |
SMTP server user used to send emails |
SMTP_PASSWORD |
SMTP server user password used to send emails |
SMTP_PORT |
SMTP server port (defaults to 587) |
SMTP_AUTH |
SMTP server authentication enabled (defaults to true) |
SMTP_SECURE |
Enable TLS encryption. Set to tls, ssl or false (to disable) |
Note
Additional environment variables exist for advanced configuration such as Vite settings (VITE_PORT, VITE_DEV_ENABLED), AWS S3 credentials, Rackspace storage, and more. See the default configuration files for a complete list.
If you don't want to (or can't) configure environment variables directly in your development environment, UserFrosting uses the fantastic phpdotenv library to let you set these variables in a .env file. When running the bake installer, this file will be created for you. To make any modifications, your can run the following Bakery helper command:
$ php bakery setup
You can also edit the .env file manually. Simply copy the sample file in your app/ directory:
$ cp app/.env.example app/.env
Now, you can set values in the .env file and UserFrosting will pick them up as if they were actual environment variables.
You may also want to configure your SMTP server settings as well at this point so that you can use features that require mail, such as password reset and email verification. See Chapter 16 for more information on the mail service.