Important
The methods described on this page do not apply to Site Factory. Site Factory subscribers should instead use the procedures described in Storing sensitive information outside of your codebase.
You can store sensitive keys, certificates, and other credentials securely on
Cloud Platform by using a nobackup
directory that is available in the file
system. This is the best place to store environment-specific keys, as it is not
in the docroot or part of the code
repository, but is protected by SSH access. To use the nobackup
directory
in Cloud Next environments, ensure that you
update all commands and logic referencing the directory to point to $HOME
and test the behavior thoroughly, especially after code, database,
and file copy operations.
Important
The nobackup
directory is not protected or covered by Cloud Platform
disaster recovery backups.
To place this directory:
Sign in to your infrastructure using SSH.
Create the following directory:
/mnt/gfs/[sitename].[env]/nobackup
Create any required subdirectories in the
nobackup
directory for organizing your files, such as the following:/mnt/gfs/mysite.dev/nobackup/apikeys
/mnt/gfs/mysite.test/nobackup/apikeys
/mnt/gfs/mysite.prod/nobackup/apikeys
You can now use the nobackup
directory and any of its subdirectories
to store your private files.
Retrieving sensitive keys
If you are storing required credentials in the nobackup
directory,
you can use Acquia-provided environmental variables to retrieve those credentials for your application. To
enable this functionality:
In your
nobackup
directory or one of its subdirectories, create a PHP file. The PHP file can have any name, including the following example:/mnt/gfs/mysite.prod/nobackup/apikeys/mysite_apikeys.php
Edit the PHP file and add one or more environmental variables, similar to the following:
putenv('MY_API_KEY_NAME=[key_value]');
Save the PHP file.
Edit your application’s
settings.php
file and add code similar to the following to incorporate the new PHP file that you created into yoursettings.php
file:if (file_exists('../acquia-files/nobackup/apikeys/mysite_apikeys.php')) { require '../acquia-files/nobackup/apikeys/mysite_apikeys.php'; }
Create settings variables for Drupal’s use by adding the following lines to your
settings.php
file:Drupal version
Code
Drupal 7
$conf['mysite_apiname'] = getenv('SOME_API_KEY_NAME'); $conf['mysite_apikey'] = getenv('SOME_API_KEY');
$settings['mysite_apiname'] = getenv('SOME_API_KEY_NAME'); $settings['mysite_apikey'] = getenv('SOME_API_KEY');
Save the
settings.php
file.