Issue¶

What if I want to keep some information out of my settings.php file?

Resolution¶

In many cases, your website's settings.php file is committed to your version control repository. If you're using an external repository, you may not be comfortable with the idea of pushing a file that contains sensitive information (such as usernames and passwords) out to a public repository. Because of this, you may want to keep information out of your settings.php file.

Drupal provides the ability to use a local settings.php file, based on your installed version of Drupal.

Drupal 8¶

Drupal 8 provides this functionality by default by using a settings.local.php file for private settings.

There is also an issue to rename this file to local.settings.php to more consistently follow standard file naming, but this will not be approached until Drupal 9.

Drupal 7¶

If you need to keep a local set of credentials or other pieces of settings.php that you do not want to commit to your repository, complete the following steps:

Note

While settings.local.php is semantically incorrect, we are using it here to maintain consistency with Drupal 8 core.

1. Create a settings.local.php file in your sites/*/ directory (wherever settings.php is located).
2. Include the following code in your settings.php file after the Acquia include line, which calls the local file:
   copy

   if (file_exists(DRUPAL_ROOT . '/' . conf_path() . '/settings.local.php')) {    
     include DRUPAL_ROOT . '/' . conf_path() . '/settings.local.php';   
   }

3. If you're using Git, add docroot/sites/*/settings.local.php to your .gitignore file.

Related topic¶

• Using Git