Skip to content

[WIP] Add the secrets management documentation #11396

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

[WIP] Add the secrets management documentation #11396

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions best_practices.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,14 @@ application behavior.
:ref:`Use env vars in your project <config-env-vars>` to define these options
and create multiple ``.env`` files to :ref:`configure env vars per environment <config-dot-env>`.

Use Secret for Sensitive Information
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

These are the options used to store sensitive information like passwords,
tokens, api key

:ref:`Use secrets <secrets-set>` to define these options in an easy and secure way.

Use Parameters for Application Configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Expand Down
53 changes: 53 additions & 0 deletions configuration/env_var_processors.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -624,6 +624,59 @@ Symfony provides the following env var processors:

The ``query_string`` processor was introduced in Symfony 4.3.

``env(secret:FOO)``
Reads a secret value stored in the app's vault, :ref:`see how to set Secrets<secrets-set>`.

.. code-block:: terminal

$ php bin/console secrets:set DATABASE_PASSWORD -

.. configuration-block::

.. code-block:: yaml

# config/packages/database.yaml
doctrine:
dbal:
# by convention the env var names are always uppercase
url: '%env(DATABASE_URL)%'
password: '%env(secret:DATABASE_PASSWORD)%'

.. code-block:: xml

<!-- config/packages/doctrine.xml -->
<?xml version="1.0" encoding="UTF-8" ?>
<container xmlns="http://symfony.com/schema/dic/services"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:doctrine="http://symfony.com/schema/dic/doctrine"
xsi:schemaLocation="http://symfony.com/schema/dic/services
https://symfony.com/schema/dic/services/services-1.0.xsd
http://symfony.com/schema/dic/doctrine
https://symfony.com/schema/dic/doctrine/doctrine-1.0.xsd">

<doctrine:config>
<!-- by convention the env var names are always uppercase -->
<doctrine:dbal url="%env(DATABASE_URL)%" password="%env(secret:DATABASE_PASSWORD)%"/>
</doctrine:config>

</container>

.. code-block:: php

// config/packages/doctrine.php
$container->loadFromExtension('doctrine', [
'dbal' => [
// by convention the env var names are always uppercase
'url' => '%env(DATABASE_URL)%',
'password' => '%env(secret:DATABASE_PASSWORD)%',
]
]);


.. versionadded:: 4.4

The ``secret`` processor was introduced in Symfony 4.4.

It is also possible to combine any number of processors:

.. code-block:: yaml
Expand Down
Loading