Sending email via SES without credentials in the .env file

[victor-david]

Hello All,

Running on ubuntu, I have my AWS credentials in ~/.aws/credentials where the Amazon SDK looks for them. Using Mail::send(...), it's the web server's home where the credentials are found: /var/www/.aws/credentials. The credentials are not in the .env file, and sending mail works fine.

However, when I use Mail::queue(...), the credentials can't be retrieved. I'm using the supervisor service to run: artisan queue:work. Supervisor runs as root, and the root user has a hard link to the credentials file from root's home, that is: /root/.aws/credentials.

Yet, when a mail is queued, and artisan queue:work command executes:

[2025-08-23 00:24:38] local.ERROR: Error retrieving credentials from the instance profile metadata service. (Error retrieving metadata token) {"exception":"[object] (Aws\Exception\CredentialsException(code: 0): Error retrieving credentials from the instance profile metadata service. (Error retrieving metadata token) at /var/www/mysite.com/vendor/aws/aws-sdk-php/src/Credentials/InstanceProfileProvider.php:301)

If I put the credentials in the .env file, queued mail works. However, I prefer not to store the credentials in the .env file. Any help appreciated. Thanks!

[Nabil-nl]

Hi Victor ,
The issue comes from the fact that your queue worker is running under a different user (root), so the AWS SDK looks for ~/.aws/credentials in /root/.aws/credentials instead of /var/www/.aws/credentials.
You can solve this in two clean ways:
Run your supervisor worker under the same user as your web server (e.g. www-data), so it picks up the same ~/.aws/credentials.
Or explicitly tell the AWS SDK where to find the credentials by setting:

environment=AWS_SHARED_CREDENTIALS_FI
LE="/var/www/.aws/credentials"

in your supervisor config.
This way you don’t need to put credentials in .env, and both Mail::send and Mail::queue will work consistently.

[victor-david]

Hi Nabil,

As I mentioned, I have the credential file in root's home: /root/.aws/credentials - and it still doesn't work. I'll try the environment setting in supervisor config; that sounds like a clean way to do it.

[victor-david]

Okay, I put the environment setting in the supervisor config and it's working now. Thanks for the great tip!

[Nabil-nl]

Great , if resolve add mark answer for my reply

[victor-david]

Okay, marked. Thanks again Nabil.