Information for: DEVELOPERS   PARTNERS   SUPPORT

Looking for something?

Storing private information in the file system

Important

  • The methods described on this page do not apply to Site Factory. Site Factory subscribers should instead use the procedures described in Storing sensitive information outside of your codebase.
  • EOL notice! Drupal 8 reached end-of-life on November 2, 2021. Therefore, Acquia will not be performing any testing related to Drupal 8 to ensure compatibility. Acquia recommends upgrading to Drupal 9 or later. For more information, see Frequently Asked Questions.

You can store sensitive keys, certificates, and other credentials securely on Cloud Platform by using a nobackup directory that is available in the file system. This is the best place to store environment-specific keys, as it is not in the docroot or part of the code repository, but is protected by SSH access. To use the nobackup directory in Cloud Next environments, ensure that you update all commands and logic referencing the directory to point to $HOME and test the behavior thoroughly, especially after code, database, and file copy operations.

Important

The nobackup directory is not protected or covered by Cloud Platform disaster recovery backups.

To place this directory:

  1. Sign in to your infrastructure using SSH.

  2. Create the following directory:

    /mnt/gfs/[sitename].[env]/nobackup

  3. Create any required subdirectories in the nobackup directory for organizing your files, such as the following:

    • /mnt/gfs/mysite.dev/nobackup/apikeys
    • /mnt/gfs/mysite.test/nobackup/apikeys
    • /mnt/gfs/mysite.prod/nobackup/apikeys

You can now use the nobackup directory and any of its subdirectories to store your private files.

Retrieving sensitive keys

If you are storing required credentials in the nobackup directory, you can use Acquia-provided environmental variables to retrieve those credentials for your application. To enable this functionality:

  1. In your nobackup directory or one of its subdirectories, create a PHP file. The PHP file can have any name, including the following example:

    /mnt/gfs/mysite.prod/nobackup/apikeys/mysite_apikeys.php

  2. Edit the PHP file and add one or more environmental variables, similar to the following:

    putenv('MY_API_KEY_NAME=[key_value]');

  3. Save the PHP file.

  4. Edit your application’s settings.php file and add code similar to the following to incorporate the new PHP file that you created into your settings.php file:

    if (file_exists('../acquia-files/nobackup/apikeys/mysite_apikeys.php')) {
   require '../acquia-files/nobackup/apikeys/mysite_apikeys.php';
}

  5. Create settings variables for Drupal’s use by adding the following lines to your settings.php file:

    • Drupal 9 or later

      $settings['mysite_apiname'] = getenv('SOME_API_KEY_NAME'); $settings['mysite_apikey'] = getenv('SOME_API_KEY');

    • Drupal 7

      $conf['mysite_apiname'] = getenv('SOME_API_KEY_NAME'); $conf['mysite_apikey'] = getenv('SOME_API_KEY');

  6. Save the settings.php file.

53 State Street, 10th Floor
Boston, MA 02109
United States
Phone: 888-922-7842