Keeping sensitive information in secured places has always been a bit tricky. Where do you store your production database password? Where do you store all the required credentials for your application to work? During my everyday job, I often have to set-up CIs (continuous integrations) and CDs (continuous delivery) with a multitude of tools. These can be Gitlab CI, Bitbucket CI or Github Actions for example. And dealing with sensitive information is always a challenge.
Indeed, you won’t store sensitive production information directly in your source code. It is a security breach, it is way too risky and it just doesn’t work if you’re working on an open-source project.
Talking about open-source, let’s remind that security should never be based on a black-box concept, and all common security algorithms like SHA and alike are open-source. Anybody can know exactly how they works, and it doesn’t mean it isn’t secured. In fact, it’s way more secured, because security researchers and curious people can spot security breaches and fix them.
Since Symfony 4.4 (released November 2019), secrets management has been implemented directly in the framework. This powerful solution provides an integrated component to keep your sensitive information secret.
Note: we’re talking about information like database password, API keys, etc. We’re not talking about database encrypted columns, for which you must use other tools specialized for this, like this one .
Here is how it works. For each environment (
prod, etc), you’ll generate 2 keys in
#devops #security #php #secrets