Clever Geek Handbook

Managing secrets in Symfony

The translation of the article was prepared in anticipation of the start of the Symfony Framework course .







Aren't you tired of keeping your application secrets file in a password manager and copying it into your CI / CD environment every time you change it to deploy your application to meet security requirements?



Launching Symfony



Create docker-compose.yml in your project root directory and add the following:



(. PHP Docker XDEBUG )



version: '3'
services:
  php:
    image: webdevops/php-nginx-dev:7.4
    working_dir: /app
    environment:
      - WEB_DOCUMENT_ROOT=/app/public
      - PHP_DISPLAY_ERRORS=1
      - PHP_MEMORY_LIMIT=2048M
      - PHP_MAX_EXECUTION_TIME=-1
      - XDEBUG_REMOTE_AUTOSTART=1
      - XDEBUG_REMOTE_PORT=9000
      - XDEBUG_PROFILER_ENABLE=0
      - XDEBUG_REMOTE_CONNECT_BACK=0
      - XDEBUG_REMOTE_HOST=docker.for.mac.localhost
      - php.xdebug.idekey=PHPSTORM
      - php.xdebug.remote_enable=1
      - php.xdebug.max_nesting_level=1000
    ports:
      - "8080:80"
    volumes:
      - ./:/app:rw,cached
    depends_on:
      - mysql

  mysql:
    image: mysql:5.7
    ports:
      - "3306:3306"
    environment:
      MYSQL_ROOT_PASSWORD: root
      MYSQL_DATABASE: test
      MYSQL_USER: test
      MYSQL_PASSWORD: test


docker-compose up Symfony 5 :



docker-compose exec php bash -c 'composer create-project symfony/website-skeleton project && mv project/* . && rm -rf project'


http://localhost:8080 :





Symfony





Symfony 4.4, , (vault) . . , .env:



php bin/console secrets:set DATABASE_URL




, , , . , config/secrets/dev:





, () () , . php-, :





php bin/console:list :





, Symfony , . , , dev- . . :



git add config/secrets


, , Symfony %env%, . doctrine :





config/packages/doctrine.yaml



, :



php bin/console doctrine:query:sql "SHOW VARIABLES LIKE 'max_join_size'"


, .





DATABASE_URL (production vault), :



php bin/console secrets:set --env=prod DATABASE_URL


DATABASE_URL . , . Symfony composer, .gitignore:



/config/secrets/prod/prod.decrypt.private.php


Symfony !





, , secrets:list. , โ€” reveal:





:



php bin/console secrets:list --env=prod --reveal


. !





โ€” . SYMFONY_DECRYPTION_SECRET.



SYMFONY_DECRYPTION_SECRET, , base64, , :



php -r "echo base64_encode(require 'config/secrets/prod/prod.decrypt.private.php');"


, โ€‹โ€‹ Jenkins Gitlab, . Jenkins :





Jenkins



โ€” , . , .env, :



php bin/console secrets:decrypt-to-local --force --env=prod


.env.prod.local . , Symfony env , - . , . - , .env.prod.local.





? , DATABASE_URL - . :



php bin/console secrets:set DATABASE_URL --local




? .env.dev.local! , , Symfony .gitignore, . , .env , . , , , Symfony env, โ€” . env .





  • Env ,
  • secret:set dev, local prod env
  • Symfony git .gitignore




ยซSymfony Frameworkยป.





More articles:


All Articles