Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Symfony worked great for us when we were a small team of trusted developers. Now however, we are getting more people to help out, which leads to a problem with managing production passwords checked into source control.
I have production passwords for our DB, API keys, etc. stored in the Symfony config files which I do not want all developers to have access to. How can I hide these passwords from unauthorized developers and yet still grant them access to the source code?
If you’re already using a version control: your first stop should be removing all passwords from the history in your versioning system. Good luck 😉
Next: isolate the files which have passwords in them. (Probably
config/databases.ymlandapps/<yourapp>/app.yml.).Copy/rename this files to
*.yml.dist(for example:config/databases.yml.dist). Clean up all production passwords from these files, and leave onlythe bare minimum to keep it going.
Make sure the original files don’t appear in your VCS ever again. (
svn ignore, or the likes).Now when you set up a new environment, you can just copy the *.dist files to their ‘real’ names.
(What I did for my project is move all API keys to a single apikeys.yml in the
configdirectory. That way all the properties in theapp.ymlkeep being versioned, and my api keys don’t appear in the VCS.