aws · paullallier · Jul 4, 2023 · Jul 4, 2023 · Jul 4, 2023 · Jul 4, 2023
diff --git a/.changes/nextrelease/bugfix-fix-empty-getenv-in-credentials-provider.json b/.changes/nextrelease/bugfix-fix-empty-getenv-in-credentials-provider.json
@@ -0,0 +1,7 @@
+[
+  {
+    "type": "bugfix",
+    "category": "",
+    "description": "Fix using credentials provider on multi-threaded servers"
+  }
+]
diff --git a/src/Credentials/CredentialProvider.php b/src/Credentials/CredentialProvider.php
@@ -289,8 +289,8 @@ public static function env()
     {
         return function () {
             // Use credentials from environment variables, if available
-            $key = getenv(self::ENV_KEY);
-            $secret = getenv(self::ENV_SECRET);
+            $key = getenv(self::ENV_KEY) ?: $_SERVER[self::ENV_KEY];
+            $secret = getenv(self::ENV_SECRET) ?: $_SERVER[self::ENV_SECRET];
             if ($key && $secret) {
                 return Promise\Create::promiseFor(
                     new Credentials($key, $secret, getenv(self::ENV_SESSION) ?: NULL)

diff --git a/tests/Credentials/CredentialProviderTest.php b/tests/Credentials/CredentialProviderTest.php
@@ -66,6 +66,38 @@ private function clearEnv()
         return $dir;
     }
 
+    private function clearEnvExceptServer()
+    {
+        putenv(CredentialProvider::ENV_KEY . '=');
+        putenv(CredentialProvider::ENV_SECRET . '=');
+        putenv(CredentialProvider::ENV_PROFILE . '=');
+        putenv('AWS_CONTAINER_CREDENTIALS_RELATIVE_URI');
+        putenv('AWS_CONTAINER_CREDENTIALS_FULL_URI');
+        putenv('AWS_CONTAINER_AUTHORIZATION_TOKEN');
+        putenv('AWS_SDK_LOAD_NONDEFAULT_CONFIG');
+        putenv('AWS_WEB_IDENTITY_TOKEN_FILE');
+        putenv('AWS_ROLE_ARN');
+        putenv('AWS_ROLE_SESSION_NAME');
+        putenv('AWS_SHARED_CREDENTIALS_FILE');
+
+        unset($_SERVER['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']);
+        unset($_SERVER['AWS_CONTAINER_CREDENTIALS_FULL_URI']);
+        unset($_SERVER['AWS_CONTAINER_AUTHORIZATION_TOKEN']);
+        unset($_SERVER['AWS_SDK_LOAD_NONDEFAULT_CONFIG']);
+        unset($_SERVER['AWS_WEB_IDENTITY_TOKEN_FILE']);
+        unset($_SERVER['AWS_ROLE_ARN']);
+        unset($_SERVER['AWS_ROLE_SESSION_NAME']);
+        unset($_SERVER['AWS_SHARED_CREDENTIALS_FILE']);
+
+        $dir = sys_get_temp_dir() . '/.aws';
+
+        if (!is_dir($dir)) {
+            mkdir($dir, 0777, true);
+        }
+
+        return $dir;
+    }
+
     public function set_up()
     {
         $this->home = getenv('HOME');
@@ -173,6 +205,20 @@ public function testCreatesFromEnvironmentVariables()
         $this->assertSame('456', $creds->getSecurityToken());
     }
 
+    /**
+     * @server ENV_KEY=abc
+     * @server ENV_SECRET=123
+     * @server ENV_SESSION=456
+     */
+    public function testCreatesFromServerVariables()
+    {
+        $this->clearEnvExceptServer();
+        $creds = call_user_func(CredentialProvider::env())->wait();
+        $this->assertSame('abc', $creds->getAccessKeyId());
+        $this->assertSame('123', $creds->getSecretKey());
+        $this->assertSame('456', $creds->getSecurityToken());
+    }
+
     public function testCreatesFromEnvironmentVariablesNullToken()
     {
         $this->clearEnv();