php - Pass output of shell command to inside .env file

Question

I have a .env file for a php application. The contents are similar to this:

#define env
#dev,stage,prod
env=stage

http="https://"

#define debug
debug=true
debug_level=2

#db
mysql_host=staging-rds.cvexrtrtr1.us-east-2.rds.amazonaws.com
mysql_port=3306
mysql_username=dev
mysql_password="existing!secret"

I want to store the secret for mysql_password in the AWS paramater store. The goal is to not have the value existing!secret exposed to env variables or to anyone accessing the machine, Basically I want the output of a bash command similar to the one below, to be passed on directly inside the .env file:

export DB_PASSWORD=$(aws ssm get-parameter 
  --name "secret-for-the-password" 
  --with-decryption 
  | jq -r '.Parameter.Value')

Is it fundamentally possible to pass the output of this command to the .env file? Output should be something similar to:

#define env
#dev,stage,prod
env=stage

http="https://"

#define debug
debug=true
debug_level=2

#db
mysql_host=staging-rds.cvexrtrtr1.us-east-2.rds.amazonaws.com
mysql_port=3306
mysql_username=dev
mysql_password="$(aws ssm get-parameter 
  --name "secret-for-the-password" 
  --with-decryption 
  | jq -r '.Parameter.Value')"

question from:https://stackoverflow.com/questions/65904375/pass-output-of-shell-command-to-inside-env-file

Answer 1

Having the secret stored as an environment variable would seem like a better option but if this fits your needs better, you could use exec to run the bash code, for example:

<?php

$mysql_password = "aws ssm get-parameter 
--name "secret-for-the-password" 
--with-decryption 
| jq -r '.Parameter.Value'";

$retval = exec($mysql_password);

echo $retval;