Bedrock .env file versus Trellis group_vars/**/vault.yml

I hope this is a simple question, but I am a little confused on whether I need to put enviroment variables in the .env file of Bedrock or in the group_vars files under

vault_wordpress_sites:
   environment:
      env:
        variable_name: variable_value

Is the .env file only if you are not using Trellis? As I am using Trellis, can I leave the .env file empty and locate everything in one of the vault.yml files?

Also, if a variable is present in both, which one takes precedence?

Thank you in advance.

Trellis uses group_vars files to generate the .env during trellis deploy. Bedrock reads .env and loads its contents as environment variables, so if .env is empty your site will not work (here’s where config/application.php loads it). Bedrock itself doesn’t know anything about what’s in Trellis.

Therefore, since you are using Trellis you should define all your .env variables in group_vars. The spots to do this are:

  • group_vars/all/helpers.yml: the wordpress_env_defaults dictionary is applied to every site in every environment.
  • group_vars/all/vault.yml: has a vault_wordpress_env_defaults, which like the previous is applied to all sites and environments, but meant for sensitive items like API or license keys since vault files can (and should!) be encrypted.
  • group_vars/{{environment}}/wordpress_sites.yml: every item under wordpress_sites can have its own env dictionary, which takes precedence over the defaults. Remember, this file’s not encrypted so it should not be used for sensitive values like passwords and keys.
  • group_vars/{{environment}}/vault.yml: the encrypted version for sensitive data. Each item in vault_wordpress_sites can have a env dictionary that is merged with the matching site’s env in wordpress_sites.yml. Again, this takes precedence over defaults.

Refer to WordPress Sites | Trellis Docs | Roots for more about the Trellis variables.

Only other thing to note is that Bedrock also reads a .env.local file if it exists, and variables defined there take precedence over .env. Trellis won’t create or modify that. Personally, if I need to edit env stuff manually, I like to do so in the .env.local file and leave .env the way Trellis made it. Just remember to move those edits into one of the Trellis group_vars locations above if you want them deployed automatically!

2 Likes