Reading Pantheon Environment Configuration

Learn about the separation of configuration and code for your Drupal or WordPress site within the Pantheon's runtime container environment.

Discuss in our Forum Discuss in Slack

Pantheon promotes the separation of configuration and code, especially where security is a concern. You should never copy/paste credentials from your Dashboard into any of your site's code.

Database credentials, Redis authentication, and other configuration data is provided as part of the runtime container environment. It is present in PHP's $_ENV superglobal.

<?php var_dump($_ENV); ?>
array(13) {
  string(7) "drupal"
  string(1) "/"
  string(19) "sites/default/files"
  string(44) "xCoEVpEAOYv0OhG6QIpr+Z+oDIV+qwGcz79AAGssLlA="
  string(9) "XXX.XXX.XXX.XXX"

If you are using a common CMS framework, the code you need to load this configuration and boot your app should already be pre-configured. However, if you need to do something custom, you can work with environmental configuration directly.

Drupal 7


Unless you're implementing Domain Access, using something other than the standard bootstrap process, or performing Drupal core development, you won't need to manually read the environment configuration. See configuring settings.php for details.

Pantheon uses Pressflow to automatically read the environmental configuration. If you're working with vanilla Drupal or want to pass the credentials and configuration such as the database credentials and temporary directory location to another application, you'll need to manually extract the configuration. In Drupal, this is done in settings.php.

extract(json_decode($_SERVER['PRESSFLOW_SETTINGS'], TRUE));

Domain Access

Place Domain Access setup routine above any Redis configurations in settings.php. For example, for Drupal 7:

// All Pantheon Environments.
if (defined('PANTHEON_ENVIRONMENT')) {

  // Extract Pantheon environmental configuration for Domain Access
  extract(json_decode($_SERVER['PRESSFLOW_SETTINGS'], TRUE));
  // All $conf variables and Redis configuration go after extract()

  // If using Redis add appropriate settings per /docs/object-cache/

  // Add other $conf variables, for example for Fast 404 pages

  * Add the domain module setup routine to the end of settings.php
  include DRUPAL_ROOT . '/sites/all/modules/domain/';


Adding this snippet may cause the Status tab to show that Fast 404 pages are not enabled, when if configured properly, they actually are.


Pantheon's default wp-config.php includes code to read from the $_ENV superglobal so no additional configuration should be required.

For more information, see configuring wp-config.php.

Hard-coded Directory References and $_ENV['HOME']

As a general best-practice, the home directory should be referenced through the $_ENV variable:


Using $_SERVER

When incorporating custom configurations on Pantheon, use $_ENV instead of $_SERVER wherever possible. $_SERVER is generally unavailable when executing code via the command line (e.g. Terminus, Drush, or WP-CLI), which can cause failures for things like clearing cache. The few exceptions include HTTP_HOST and REMOTE_ADDR, or things pertaining directly to the web request in progress such as redirects.

For debugging modules or plugins, it may be beneficial to review the values within the $_SERVER variable versus the value used by the plugin/module code. If $_SERVER variables are used, there may be instances where you need to alter the variable assignments to get a module or plugin to work properly as outlined in Server Name and Server Port.


The $_SERVER variable contains sensitive data about a site and should not be publicly exposed. In the same way that you would not leave the output of phpinfo(); displayed on a site, don't leave this open to public viewing.

This is a partial example from a WordPress site homepage:

<?php var_dump($_SERVER);  ?>
array(63) {
    string(11) "nginx/1.4.7"
    string(1) "/"
    string(32) "non-static-binding-string-inserted-here"
    string(46) "/srv/bindings/non-static-binding-string-inserted-here"
    string(10) "/index.php"
    string(10) "/index.php"
    string(51) "/srv/bindings/non-static-binding-string-inserted-here/code"
    string(8) "HTTP/1.1"
    string(7) "CGI/1.1"
    string(12) ""  <= NOT A SITE IP ADDRESS
    string(5) "55982"
    string(13) ""  <= NOT A SITE IP ADDRESS
    string(5) "11846"
    string(31) ""
    string(3) "200"
    string(51) "/srv/bindings/non-static-binding-string-inserted-here/code"
    string(3) "OFF"
    string(62) "/srv/bindings/non-static-binding-string-inserted-here/code//index.php"
    string(25) ""
    string(120) "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko)         Chrome/46.0.2490.80 Safari/537.36"
    string(74) "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
    string(14) "en-US,en;q=0.8"


Can I Set My Own Environment Variables?

No, it is not possible to set environment variables on Pantheon. A common solution for this is to use the Terminus Secrets Plugin to write the secrets to a JSON file in the private filesystem, or use Lockr for maximum security.