Skip to content

Instantly share code, notes, and snippets.

@reanim8ed

reanim8ed/sample.md

Last active July 17, 2022 09:41
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save reanim8ed/d7de4918be42ff4b9553a1de7bf26a28 to your computer and use it in GitHub Desktop.
Save reanim8ed/d7de4918be42ff4b9553a1de7bf26a28 to your computer and use it in GitHub Desktop.
Download ZIP
[Secrets management] #symfony
Raw
sample.md

Create new secret

  • Generate the keys used to encrypt/decrypt secrets: php bin/console secrets:generate-keys This command generates a pair of keys in config/secrets/dev/ (or config/secrets/prod/). The public key is used to encrypt secrets and you should commit it to your shared repository. The private key should not be committed to the repository and should not be shared in any way.
  • If you already have keys, but want to update them: secrets:generate-keys --rotate
  • Upload the private key to your remote server using SSH or any other safe means and store it in the same config/secrets// directory.
  • Create a new secret to store the contents of DATABASE_URL: php bin/console secrets:set DATABASE_URL or generate new value: php bin/console secrets:set REMEMBER_ME --random
  • Each secret is stored in its own file inside the config/secrets// directory. You can commit these files to the repository because their contents are not accessible unless you also have the private key.
  • That's all. Use this new secret as any other normal env var in your configuration files and Symfony will decrypt the value transparently when needed: '%env(DATABASE_PASSWORD)%'
  • You can add --env=prod to specify environment in all commands

List Existing Secrets

  • php bin/console secrets:list --reveal

Remove

  • php bin/console secrets:remove DATABASE_PASSWORD
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment