Loading...

Storing private information in the file system

 

You can store sensitive keys, certificates, and other credentials securely on Cloud Platform by using a nobackup directory that is available in the file system. This is the best place to store environment-specific keys, as it is not in the docroot or part of the code repository, but is protected by SSH access. To use the nobackup directory in Cloud Next environments, ensure that you update all commands and logic referencing the directories described here and test the behavior thoroughly, especially after code, database, and file copy operations.

To place this directory:

  1. Sign in to your infrastructure using SSH.

  2. Create the following directory:

    /mnt/gfs/[sitename].[env]/nobackup
  3. Create any required subdirectories in the nobackup directory for organizing your files, such as the following:
    • /mnt/gfs/mysite.dev/nobackup/apikeys
    • /mnt/gfs/mysite.test/nobackup/apikeys
    • /mnt/gfs/mysite.prod/nobackup/apikeys

You can now use the nobackup directory and any of its subdirectories to store your private files.

Retrieving sensitive keys

If you are storing required credentials in the nobackup directory, you can use Acquia-provided environmental variables to retrieve those credentials for your application. To enable this functionality:

  1. In your nobackup directory or one of its subdirectories, create a PHP file. The PHP file can have any name, including the following example:

    /mnt/gfs/mysite.prod/nobackup/apikeys/mysite_apikeys.php

  2. Edit the PHP file and add one or more environmental variables, similar to the following:

    putenv('MY_API_KEY_NAME=[key_value]');
  3. Save the PHP file.

  4. Edit your application’s settings.php file and add code similar to the following to incorporate the new PHP file that you created into your settings.php file:

    if (file_exists('../acquia-files/nobackup/apikeys/mysite_apikeys.php')) {
   require '../acquia-files/nobackup/apikeys/mysite_apikeys.php';
}

  5. Create settings variables for Drupal’s use by adding the following lines to your settings.php file:

    Drupal versionCode
    Drupal 7
    $conf['mysite_apiname'] = getenv('SOME_API_KEY_NAME'); $conf['mysite_apikey'] = getenv('SOME_API_KEY');
    Current Drupal version
    $settings['mysite_apiname'] = getenv('SOME_API_KEY_NAME'); $settings['mysite_apikey'] = getenv('SOME_API_KEY');
  6. Save the settings.php file.

Did not find what you were looking for?

If this content did not answer your questions, try searching or contacting our support team for further assistance.

Cloud Platform Support
Back to Section navigation
Back to Site navigation