I am using CraftCMS, and I am getting this error:

Invalid Configuration – yii\base\InvalidConfigException
craft\web\Request::cookieValidationKey must be configured with a secret key.

The longer error is:

1. in /code/vendor/yiisoft/yii2/web/Request.phpat line 1678
1669167016711672167316741675167616771678167916801681168216831684168516861687     * Converts `$_COOKIE` into an array of [[Cookie]].
     * @return array the cookies obtained from request
     * @throws InvalidConfigException if [[cookieValidationKey]] is not set when [[enableCookieValidation]] is true
     */
    protected function loadCookies()
    {
        $cookies = [];
        if ($this->enableCookieValidation) {
            if ($this->cookieValidationKey == '') {
                throw new InvalidConfigException(get_class($this) . '::cookieValidationKey must be configured with a secret key.');
            }
            foreach ($_COOKIE as $name => $value) {
                if (!is_string($value)) {
                    continue;
                }
                $data = Yii::$app->getSecurity()->validateData($value, $this->cookieValidationKey);
                if ($data === false) {
                    continue;
                }

My .env file is such:

# The environment Craft is currently running in ("dev", "staging", "production", etc.)
ENVIRONMENT="dev"

# The application ID used to to uniquely store session and cache data, mutex locks, and more
APP_ID="CraftCMS"

# The secure key Craft will use for hashing and encrypting data
SECURITY_KEY="xxxxxxxx"

# The database driver that will be used ("mysql" or "pgsql")
DB_DRIVER="mysql"

# The database server name or IP address
DB_SERVER="mariadb"

# The port to connect to the database with
DB_PORT="3306"

# The name of the database to select
DB_DATABASE="dev_craftcms"

# The database username to connect with
DB_USER="root"

# The database password to connect with
DB_PASSWORD="abc123"

# The database schema that will be used (PostgreSQL only)
DB_SCHEMA=""

# The prefix that should be added to generated table names (only necessary if multiple things are sharing the same database)
DB_TABLE_PREFIX=""

DEFAULT_SITE_URL="http://www.amira.local/"

Am I missing anything?

Your env file is only somewhere to store those secrets so they are not commited to source control, Craft does not automatically pull values from there directly. In this the security key is set in Craft' general config file config/general.php and should be set as:

    // The secure key Craft will use for hashing and encrypting data
    'securityKey' => getenv('SECURITY_KEY'),

I suspect it is not set in the general cofig, so you get an error. As an aside xxxxxxxxx isn't very secure, I'd recommend using a strong password there.

You can set your Craft Key by typing this in your terminal path:

php craft setup/security-key

It's hard to know from your example .env file whether the xxxxxxxxx is a placeholder for the sake of putting your question on StackOverflow, or whether that's your actual string.

If it's the latter, the issue is that it needs to be a 32 character base 64 string.

As another answerer pointed out, you can use php craft setup/security-key - but if you follow through the code for that, it basically boils down to PHP's random_bytes() function wrapped in a base64UrlEncoder.

One of the issues with running the above Craft cli command is that the server needs to already be running, but there are instances where you may want to generate your .env file statically, or have it built into the Docker image itself, and other such use cases. So all you need to do is make sure the string is valid as detailed above.

You can also use a bash command with openssl to generate it in the exact same way that the Craft cli command does:

#!/bin/bash

DB_USER=$(openssl rand -base64 32)
DB_PASSWORD=$(openssl rand -base64 32)
SECURITY_KEY=$(openssl rand -base64 32)

if [ -f .env ]; then
    echo "File .env already exists"
    exit 1
fi

touch .env
echo "DB_USER=$DB_USER" >> .env
echo "DB_PASSWORD=$DB_PASSWORD" >> .env
echo "SECURITY_KEY=$SECURITY_KEY" >> .env

The above file, which I call generate-creds.sh is used within a CI/CD pipeline before Docker is built or spun up, and can be done entirely statically.