wiki/content/20201113174444-ecrypted_secrets_management.md

1 KiB

date id title
20201113 e9ea6e53-c383-4b23-b90c-77cd202f8002 Ecrypted Secrets Management

Description

Encryption based feature to manage secrets.

Steps

1. Generate keys to encrypt/decrypt secret

Uses libsodium1 and public key cryptography.

php bin/console secrets:generate-keys

2. Upload private key

Upload the private key to your remote server using SSH or any other safe means and store it in the same config/secrets/<environment>/ directory.

3. Create a new secret to store the contents

php bin/console secrets:set DATABASE_URL

Please type the secret value:
**************

[OK] Secret "DATABASE_URL" encrypted in "config/secrets/dev/"
you can commit it.

Using secret

Use this new secret as any other normal env var in your configuration files and Symfony will decrypt the value transparently when needed.

# config/packages/doctrine.yaml
doctrine:
    dbal:
        url: "%env(DATABASE_URL)%"
        # ...

Footnotes