env provider - Amazon SDK for PHP
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

env provider

Using environment variables to contain your credentials prevents you from accidentally sharing your Amazon secret access key. We recommend that you never add your Amazon access keys directly to the client in any production files.

To authenticate to Amazon Web Services, the SDK first checks for credentials in your environment variables. The SDK uses the getenv() function to look for the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN environment variables. These credentials are referred to as environment credentials. For instructions on how to obtain these values, see Authenticate using short-term credentials in the Amazon SDKs and Tools Reference Guide.

If you’re hosting your application on Amazon Elastic Beanstalk, you can set the AWS_ACCESS_KEY_ID, AWS_SECRET_KEY, and AWS_SESSION_TOKEN environment variables through the Amazon Elastic Beanstalk console so that the SDK can use those credentials automatically.

For more information on how to set environment variables, see Environment variables support in the Amazon SDKs and Tools Reference Guide. Also, for a list of all environment variables supported by most Amazon SDKs, see Environment variables list.

You can also set the environment variables in the command line, as shown here.

Linux 

$ export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
   # The access key for your Amazon Web Services account.
$ export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
   # The secret access key for your Amazon Web Services account.
$ export AWS_SESSION_TOKEN=AQoDYXdzEJr...<remainder of security token>
   # The temporary session key for your Amazon Web Services account. 
   # The AWS_SECURITY_TOKEN environment variable can also be used, but is only supported for backward compatibility purposes.
   # AWS_SESSION_TOKEN is supported by multiple Amazon SDKs other than PHP.

Windows 

C:\> SET  AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
   # The access key for your Amazon Web Services account.
C:\> SET  AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
   # The secret access key for your Amazon Web Services account.
C:\> SET AWS_SESSION_TOKEN=AQoDYXdzEJr...<remainder of security token>
   # The temporary session key for your Amazon Web Services account. 
   # The AWS_SECURITY_TOKEN environment variable can also be used, but is only supported for backward compatibility purposes.
   # AWS_SESSION_TOKEN is supported by multiple Amazon SDKs besides PHP.

Aws\Credentials\CredentialProvider::env attempts to load credentials from environment variables.

use Aws\Credentials\CredentialProvider;
use Aws\S3\S3Client;

$client = new S3Client([
    'region'      => 'us-west-2',
    'version'     => '2006-03-01',
    'credentials' => CredentialProvider::env()
]);