Storing private information in the file system | Cloud Platform

Important

The methods described on this page do not apply to Site Factory. Site Factory subscribers should instead use the procedures described in Storing sensitive information outside of your codebase.

You can store sensitive keys, certificates, and other credentials securely on Cloud Platform by using a nobackup directory that is available in the file system. This is the best place to store environment-specific keys, as it is not in the docroot or part of the code repository, but is protected by SSH access. To use the nobackup directory in Cloud Next environments, ensure that you update all commands and logic referencing the directory to point to $HOME and test the behavior thoroughly, especially after code, database, and file copy operations.

Important

The nobackup directory is not protected or covered by Cloud Platform disaster recovery backups.

To place this directory:

Sign in to your infrastructure using SSH.
Create the following directory:
```
/mnt/gfs/[sitename].[env]/nobackup
```
Create any required subdirectories in the nobackup directory for organizing your files, such as the following:
- /mnt/gfs/mysite.dev/nobackup/apikeys
- /mnt/gfs/mysite.test/nobackup/apikeys
- /mnt/gfs/mysite.prod/nobackup/apikeys

You can now use the nobackup directory and any of its subdirectories to store your private files.

Retrieving sensitive keys¶

If you are storing required credentials in the nobackup directory, you can use Acquia-provided environmental variables to retrieve those credentials for your application. To enable this functionality:

In your nobackup directory or one of its subdirectories, create a PHP file. The PHP file can have any name, including the following example:
```
/mnt/gfs/mysite.prod/nobackup/apikeys/mysite_apikeys.php
```
Edit the PHP file and add one or more environmental variables, similar to the following:
```
putenv('MY_API_KEY_NAME=[key_value]');
```
Save the PHP file.
Edit your application’s settings.php file and add code similar to the following to incorporate the new PHP file that you created into your settings.php file:
```
if (file_exists('../acquia-files/nobackup/apikeys/mysite_apikeys.php')) {
   require '../acquia-files/nobackup/apikeys/mysite_apikeys.php';
}
```

Create settings variables for Drupal’s use by adding the following lines to your settings.php file:

Drupal version	Code
Drupal 7	$conf['mysite_apiname'] = getenv('SOME_API_KEY_NAME'); $conf['mysite_apikey'] = getenv('SOME_API_KEY');
Current Drupal version	$settings['mysite_apiname'] = getenv('SOME_API_KEY_NAME'); $settings['mysite_apikey'] = getenv('SOME_API_KEY');

Drupal version

Code

Drupal 7

$conf['mysite_apiname'] = getenv('SOME_API_KEY_NAME'); $conf['mysite_apikey'] = getenv('SOME_API_KEY');

Current Drupal version

$settings['mysite_apiname'] = getenv('SOME_API_KEY_NAME'); $settings['mysite_apikey'] = getenv('SOME_API_KEY');

Save the settings.php file.