Loads environment variables from `.env` to `getenv()`, `$_ENV` and `$_SERVER` automagically.

Installs: 80 837 577

Dependents: 2 813

Suggesters: 58

Stars: 9 811

Watchers: 159

Forks: 469

Open Issues: 1

v3.6.0 2019-09-10 21:37 UTC


Loads environment variables from .env to getenv(), $_ENV and $_SERVER automagically.

This is a PHP version of the original Ruby dotenv.

Build Status


New in Version 3 is first-class support for multiline variables (#301) and much more flexibility in terms of which parts of the environment we try to read and modify (#300). Consequently, you will need to replace any occurrences of new Dotenv(...) with Dotenv::create(...), since our new native constructor takes a Loader instance now, so that it can be truly customized if required. Finally, one should note that the loader will no longer be trimming values (#302), moreover Loader::load() and its callers now return an associative array of the variables loaded with their values, rather than an array of raw lines from the environment file (#306).

For more details, please see the release notes and the upgrading guide.

Why .env?

You should never store sensitive credentials in your code. Storing configuration in the environment is one of the tenets of a twelve-factor app. Anything that is likely to change between deployment environments – such as database credentials or credentials for 3rd party services – should be extracted from the code into environment variables.

Basically, a .env file is an easy way to load custom configuration variables that your application needs without having to modify .htaccess files or Apache/nginx virtual hosts. This means you won't have to edit any files outside the project, and all the environment variables are always set no matter how you run your project - Apache, Nginx, CLI, and even PHP 5.4's built-in webserver. It's WAY easier than all the other ways you know of to set environment variables, and you're going to love it!

  • NO editing virtual hosts in Apache or Nginx
  • NO adding php_value flags to .htaccess files
  • EASY portability and sharing of required ENV values
  • COMPATIBLE with PHP's built-in web server and CLI runner

Installation with Composer

composer require vlucas/phpdotenv


The .env file is generally kept out of version control since it can contain sensitive API keys and passwords. A separate .env.example file is created with all the required environment variables defined except for the sensitive ones, which are either user-supplied for their own development environments or are communicated elsewhere to project collaborators. The project collaborators then independently copy the .env.example file to a local .env and ensure all the settings are correct for their local environment, filling in the secret keys or providing their own values when necessary. In this usage, the .env file should be added to the project's .gitignore file so that it will never be committed by collaborators. This usage ensures that no sensitive passwords or API keys will ever be in the version control history so there is less risk of a security breach, and production values will never have to be shared with all project collaborators.

Add your application configuration to a .env file in the root of your project. Make sure the .env file is added to your .gitignore so it is not checked-in the code


Now create a file named .env.example and check this into the project. This should have the ENV variables you need to have set, but the values should either be blank or filled with dummy data. The idea is to let people know what variables are required, but not give them the sensitive production values.


You can then load .env in your application with:

$dotenv = Dotenv\Dotenv::create(__DIR__);

Optionally you can pass in a filename as the second parameter, if you would like to use something other than .env

$dotenv = Dotenv\Dotenv::create(__DIR__, 'myconfig');

All of the defined variables are now accessible with the getenv method, and are available in the $_ENV and $_SERVER super-globals.

$s3_bucket = getenv('S3_BUCKET');
$s3_bucket = $_ENV['S3_BUCKET'];
$s3_bucket = $_SERVER['S3_BUCKET'];

You should also be able to access them using your framework's Request class (if you are using a framework).

$s3_bucket = $request->env('S3_BUCKET');
$s3_bucket = $request->getEnv('S3_BUCKET');
$s3_bucket = $request->server->get('S3_BUCKET');
$s3_bucket = env('S3_BUCKET');

Nesting Variables

It's possible to nest an environment variable within another, useful to cut down on repetition.

This is done by wrapping an existing environment variable in ${…} e.g.



By default, Dotenv will NOT overwrite existing environment variables that are already set in the environment.

If you want Dotenv to overwrite existing environment variables, use overload instead of load:

$dotenv = Dotenv\Dotenv::create(__DIR__);

Loader Customization

Need us to not set $_ENV but not $_SERVER, or have other custom requirements? No problem! Simply pass a custom implementation of Dotenv\Environment\FactoryInterface to Dotenv\Loader on construction. In practice, you may not even need a custom implementation, since our default implementation allows you provide an array of Dotenv\Environment\Adapter\AdapterInterface for proxing the underlying calls to.

For example, if you want us to only ever fiddle with $_ENV and putenv, then you can setup Dotenv as follows:

$factory = new Dotenv\Environment\DotenvFactory([
    new Dotenv\Environment\Adapter\EnvConstAdapter(),
    new Dotenv\Environment\Adapter\PutenvAdapter(),

$dotenv = Dotenv\Dotenv::create(__DIR__, null, $factory);

Requiring Variables to be Set

Using Dotenv, you can require specific ENV vars to be defined ($_ENV, $_SERVER or getenv()) - throws an exception otherwise. Note: It does not check for existence of a variable in a '.env' file. This is particularly useful to let people know any explicit required variables that your app will not work without.

You can use a single string:


Or an array of strings:

$dotenv->required(['DB_HOST', 'DB_NAME', 'DB_USER', 'DB_PASS']);

If any ENV vars are missing, Dotenv will throw a RuntimeException like this:

One or more environment variables failed assertions: DATABASE_DSN is missing

Empty Variables

Beyond simply requiring a variable to be set, you might also need to ensure the variable is not empty:


If the environment variable is empty, you'd get an Exception:

One or more environment variables failed assertions: DATABASE_DSN is empty

Integer Variables

You might also need to ensure that the variable is of an integer value. You may do the following:


If the environment variable is not an integer, you'd get an Exception:

One or more environment variables failed assertions: FOO is not an integer

Boolean Variables

You may need to ensure a variable is in the form of a boolean, accepting "On", "1", "Yes", "Off", "0" and "No". You may do the following:


If the environment variable is not a boolean, you'd get an Exception:

One or more environment variables failed assertions: FOO is not a boolean

Allowed Values

It is also possible to define a set of values that your environment variable should be. This is especially useful in situations where only a handful of options or drivers are actually supported by your code:

$dotenv->required('SESSION_STORE')->allowedValues(['Filesystem', 'Memcached']);

If the environment variable wasn't in this list of allowed values, you'd get a similar Exception:

One or more environment variables failed assertions: SESSION_STORE is not an
allowed value

It is also possible to define a regex that your environment variable should be.



You can comment your .env file using the # character. E.g.

# this is a comment
VAR="value" # comment
VAR=value # comment

Usage Notes

When a new developer clones your codebase, they will have an additional one-time step to manually copy the .env.example file to .env and fill-in their own values (or get any sensitive values from a project co-worker).

Command Line Scripts

If you need to use environment variables that you have set in your .env file in a command line script that doesn't use the Dotenv library, you can source it into your local shell session:

source .env


If you discover a security vulnerability within this package, please send an email to Graham Campbell at graham@alt-three.com. All security vulnerabilities will be promptly addressed. You may view our full security policy here.


PHP dotenv is licensed under The BSD 3-Clause License.

Get professional support for PHP dotenv with a Tidelift subscription
Tidelift helps make open source sustainable for maintainers while giving companies
assurances about security, maintenance, and licensing for their dependencies.