303.473.4400 / Toll Free: 888.772.0777
Select Page

Magento 2.0: Location of Database Configuration File - Magento Consulting - Customer ParadigmIn Magento 1.0, the configuration file that contains database settings and other information is located here:

In Magento 2.0, the configuration is in the same directory (/app/etc/) but has been renamed to env.php. The file path is: /app/etc/env.php

In this file, a number of key things are set, including the database connection information:

‘host’ => ‘localhost’,
‘dbname’ => ‘magento2database’,
‘username’ => ‘some-sample-username’,
‘password’ => ‘Extremely-Complicated-Password-12345’,
‘model’ => ‘mysql4’,
‘engine’ => ‘innodb’,
‘initStatements’ => ‘SET NAMES utf8;’,
‘active’ => ‘1’,

The file also allows for a table prefix, if you happen to have that in your Magento database. This is mostly used if you can only have a single mySQL database, and you’re sharing it with WordPress, for example, so you have a prefix like, Magento2_ as the prefix. (Usually this isn’t an issue, but in the past on the Magento 1.0 framework, some extensions have had trouble with database prefixes.)

Also in the env.php file:

– Backend area name: This allows you to define what the admin login area’s URL should be. By default, it’s /admin/. But we recommend changing this, so that you can at least make it more difficult for attackers to not know where to go to try to find your login screen.

– Install date: the date that your Magento 2.0 installation was installed.

– Session: the best way to handle server sessions is in the file system. Saving an end user’s sessions to a database takes a lot more time and system overhead. This is really only a good idea if you have multiple front end Web servers and one common back end database server. And even then, there’s better ways to handle sessions.

‘session’ =>
array (
‘save’ => ‘files’,

– Crypt Key: there’s a cryptographic key that is used to authenticate and encrypt your system; this is something you should also not share widely.

– Cache Types:
The env.php file allows you to specify what types of caching are enabled in the system. As you may know, caching allows the system to create a much faster end user experience – so pages load very, very quickly. If you turn off all caching (which we often do when developing a site), each page that is loaded will take a lot more processing power and database calls to generate. This configuration allows you to set these cache types:

‘config’ => 1,
‘layout’ => 1,
‘block_html’ => 1,
‘view_files_fallback’ => 1,
‘view_files_preprocessing’ => 1,
‘collections’ => 1,
‘db_ddl’ => 1,
‘eav’ => 1,
‘full_page’ => 1,
‘translate’ => 1,
‘config_integration’ => 1,
‘config_integration_api’ => 1,
‘config_webservice’ => 1,

The “full_page” caching type is probably the most exciting to me – it’s the full page cache system. More on this in another posting, but it basically allows you to have the system generate a static HTML version of the site, so that next to no server processing power or database calls are needed to serve end users pages.

One other quick change: the /app/etc/ folder no longer contains the .htaccess file that restricts access to the env.php file. This is now in the /app/ directory, and it contains this information:

Order deny,allow
Deny from all

This file makes sure that someone on the World Wide Web can’t just directly access the env.php file, that contains your mySQL database access information.

The .htaccess file is a “hidden” file, so you won’t see it in normal FTP sessions unless you turn on the “show hidden files” feature.

So make sure that you don’t have open access to it by going here:


If you visit this link, it should show something like this:

Make sure .htaccess is set to disallow access (public) to your Magento 2.0 env.php configuration file

Pin It on Pinterest

Share This