Information for: DEVELOPERS   PARTNERS

Storing private information in the file system

The methods described on this page do not apply to Acquia Cloud Site Factory. Acquia Cloud Site Factory subscribers should instead use the procedures described in Storing sensitive information outside of your codebase.

You can store sensitive keys, certificates, and other credentials securely on Acquia Cloud by using a nobackup directory that is available in the file system. This is the best place to store environment-specific keys, as it is not in the docroot or part of the code repository, but is protected by SSH access.

Important

The nobackup directory is not protected or covered by Acquia Cloud disaster recovery backups.

To place this directory, complete the following steps:

  1. Sign in to your server using SSH.

  2. Create the following directory:

    /mnt/gfs/[sitename].[env]/nobackup
    
  3. Create any required subdirectories in the nobackup directory for organizing your files, such as the following:

    • /mnt/gfs/mysite.dev/nobackup/apikeys
    • /mnt/gfs/mysite.test/nobackup/apikeys
    • /mnt/gfs/mysite.prod/nobackup/apikeys

You can now use the nobackup directory and any of its subdirectories to store your private files.

Retrieving sensitive keys

If you are storing required credentials in the nobackup directory, you can use Acquia-provided environmental variables to retrieve those credentials for your application. To enable this functionality, complete the following steps:

  1. In your nobackup directory or one of its subdirectories, create a PHP file. The PHP file can have any name, including the following example:

    /mnt/gfs/mysite.prod/nobackup/apikeys/mysite_apikeys.php
    
  2. Edit the PHP file and add one or more environmental variables, similar to the following:

    putenv('MY_API_KEY_NAME=[key_value]');
    
  3. Save the PHP file.

  4. Edit your application’s settings.php file and add code similar to the following to incorporate the new PHP file that you created into your settings.php file:

    if (file_exists('../acquia-files/nobackup/apikeys/mysite_apikeys.php')) {
       require '../acquia-files/nobackup/apikeys/mysite_apikeys.php';
    }
    
  5. Create settings variables for Drupal’s use by adding the following lines to your settings.php file:

    • Drupal 8

      $settings['mysite_apiname'] = getenv('SOME_API_KEY_NAME'); $settings['mysite_apikey'] = getenv('SOME_API_KEY');
      
    • Drupal 7

      $conf['mysite_apiname'] = getenv('SOME_API_KEY_NAME'); $conf['mysite_apikey'] = getenv('SOME_API_KEY');
      
  6. Save the settings.php file.