diff --git a/platform/provision_drupal.drush.inc b/platform/provision_drupal.drush.inc
index 2279b9d42df376d5890bd7f2e93ed648c71870ae..2e09020ce367c3d43e557db2ed71ad201f59e097 100644
--- a/platform/provision_drupal.drush.inc
+++ b/platform/provision_drupal.drush.inc
@@ -645,6 +645,9 @@ function provision_parse_info_file($filename) {
  * The real credentials are stored in the Apache vhost of the relevant site, to prevent leaking of
  * sensitive data to site administrators with PHP access who might otherwise access such credentials
  * potentially of other sites' settings.php in a multisite set-up.
+ *
+ * Fire hook_provision_prepare_environment() so other scripts can react to this
+ * step and add more information or take other actions.
  */
 function provision_prepare_environment() {
   $fields = array('db_type', 'db_host', 'db_user', 'db_passwd', 'db_name', 'db_port');
@@ -656,6 +659,11 @@ function provision_prepare_environment() {
   if (drush_drupal_major_version() >= 7) {
     $_SERVER['db_type'] = ($_SERVER['db_type'] == 'mysqli') ? 'mysql' : $_SERVER['db_type'];
   }
+
+  // Invoke provision_prepare_environment: Allow other scripts to react to the
+  // preparation of the environment variables.
+  drush_command_invoke_all('provision_prepare_environment');
+
 }
 
 
diff --git a/provision.api.php b/provision.api.php
index 9d0ec6020e27b28693a65f681cf06d270b4cf477..28e5ad3c0392a021d8d911d7ec5811792362277b 100644
--- a/provision.api.php
+++ b/provision.api.php
@@ -418,3 +418,34 @@ function hook_provision_mysql_regex_alter(&$regexes) {
     '#/\*!50001 CREATE ALGORITHM=UNDEFINED \*/#' => "/*!50001 CREATE */",
   );
 }
+
+/**
+ * Implements hook_provision_prepare_environment()
+ *
+ * React to the setting up of $_SERVER variables such as db_name and db_passwd.
+ *
+ * Runs right after writing sites/$URI/drushrc.php.
+ * Database credentials are available in the $_SERVER variables.
+ *
+ * @see provision_prepare_environment()
+ */
+function hook_provision_prepare_environment() {
+
+  // Write a .env file in the root of the project with the Drupal DB credentials.
+  // This file could be used by other tools to access the site's database.
+  $file_name = d()->root . '/.env';
+  $file_contents = <<<ENV
+MYSQL_DATABASE={$_SERVER['db_name']}
+MYSQL_USER={$_SERVER['db_name']}
+MYSQL_PASSWORD={$_SERVER['db_name']}
+ENV;
+
+  // Make writable, then write the file.
+  if (file_exists($file_name) && !is_writable($file_name)) {
+    provision_file()->chmod($file_name, 0660);
+  }
+  file_put_contents($file_name, $file_contents);
+
+  // Hide sensitive information from any other users.
+  provision_file()->chmod($file_name, 0400);
+}
\ No newline at end of file