管理Symfony中的秘密

本文的翻译是在“ Symfony框架”课程开始之前准备的








您是否不厌倦在每次更改应用程序秘密文件以部署应用程序以满足安全要求时将应用程序秘密文件保存在密码管理器中并将其复制到CI / CD环境中?



启动Symfony



在项目根目录中创建docker-compose.yml并添加以下内容:



(. PHP Docker XDEBUG )



version: '3'
services:
  php:
    image: webdevops/php-nginx-dev:7.4
    working_dir: /app
    environment:
      - WEB_DOCUMENT_ROOT=/app/public
      - PHP_DISPLAY_ERRORS=1
      - PHP_MEMORY_LIMIT=2048M
      - PHP_MAX_EXECUTION_TIME=-1
      - XDEBUG_REMOTE_AUTOSTART=1
      - XDEBUG_REMOTE_PORT=9000
      - XDEBUG_PROFILER_ENABLE=0
      - XDEBUG_REMOTE_CONNECT_BACK=0
      - XDEBUG_REMOTE_HOST=docker.for.mac.localhost
      - php.xdebug.idekey=PHPSTORM
      - php.xdebug.remote_enable=1
      - php.xdebug.max_nesting_level=1000
    ports:
      - "8080:80"
    volumes:
      - ./:/app:rw,cached
    depends_on:
      - mysql

  mysql:
    image: mysql:5.7
    ports:
      - "3306:3306"
    environment:
      MYSQL_ROOT_PASSWORD: root
      MYSQL_DATABASE: test
      MYSQL_USER: test
      MYSQL_PASSWORD: test


docker-compose up Symfony 5 :



docker-compose exec php bash -c 'composer create-project symfony/website-skeleton project && mv project/* . && rm -rf project'


http://localhost:8080 :





Symfony





Symfony 4.4, , (vault) . . , .env:



php bin/console secrets:set DATABASE_URL




, , , . , config/secrets/dev:





, () () , . php-, :





php bin/console:list :





, Symfony , . , , dev- . . :



git add config/secrets


, , Symfony %env%, . doctrine :





config/packages/doctrine.yaml



, :



php bin/console doctrine:query:sql "SHOW VARIABLES LIKE 'max_join_size'"


, .





DATABASE_URL (production vault), :



php bin/console secrets:set --env=prod DATABASE_URL


DATABASE_URL . , . Symfony composer, .gitignore:



/config/secrets/prod/prod.decrypt.private.php


Symfony !





, , secrets:list. , — reveal:





:



php bin/console secrets:list --env=prod --reveal


. !





— . SYMFONY_DECRYPTION_SECRET.



SYMFONY_DECRYPTION_SECRET, , base64, , :



php -r "echo base64_encode(require 'config/secrets/prod/prod.decrypt.private.php');"


, ​​ Jenkins Gitlab, . Jenkins :





Jenkins



— , . , .env, :



php bin/console secrets:decrypt-to-local --force --env=prod


.env.prod.local . , Symfony env , - . , . - , .env.prod.local.





? , DATABASE_URL - . :



php bin/console secrets:set DATABASE_URL --local




? .env.dev.local! , , Symfony .gitignore, . , .env , . , , , Symfony env, — . env .





  • Env ,
  • secret:set dev, local prod env
  • Symfony git .gitignore





«Symfony Framework».







All Articles