--- title: "Storing private information in the file system" date: "2024-02-14T06:18:38+00:00" summary: "Learn how to securely store and retrieve sensitive information in Cloud Platform's file system using the nobackup directory." image: type: "page" url: "/acquia-cloud-platform/storing-private-information-file-system" id: "7db1fcbc-2dd5-4067-88dd-a2e9fe959441" --- Important The methods described on this page do not apply to Site Factory. Site Factory subscribers should instead use the procedures described in [Storing sensitive information outside of your codebase](/secrets). You can store sensitive keys, certificates, and other credentials securely on Cloud Platform by using a `nobackup` directory that is available in the file system. This is the best place to store environment-specific keys, as it is not in the [docroot](/definitions/docroot) or part of the code repository, but is protected by SSH access. To use the `nobackup` directory in [Cloud Next](/acquia-cloud-platform#cloud-next-cloud-classic) environments, ensure that you update all commands and logic referencing the directories described here and test the behavior thoroughly, especially after code, database, and file copy operations. Important The `nobackup` directory is not protected or covered by Cloud Platform [disaster recovery backups](/acquia-cloud-platform/architecture/security/availability#cloud-dr-multiregion). To place this directory: 1. Sign in to your infrastructure [using SSH](/acquia-cloud-platform/manage-apps/command-line/ssh/getting-started). 2. Create the following directory: /mnt/gfs/[sitename].[env]/nobackup 3. Create any required subdirectories in the `nobackup` directory for organizing your files, such as the following: * `/mnt/gfs/mysite.dev/nobackup/apikeys` * `/mnt/gfs/mysite.test/nobackup/apikeys` * `/mnt/gfs/mysite.prod/nobackup/apikeys` You can now use the `nobackup` directory and any of its subdirectories to store your private files. Retrieving sensitive keys ------------------------- If you are storing required credentials in the `nobackup` directory, you can use [Acquia-provided environmental variables](/acquia-cloud-platform/develop-apps/env-variable) to retrieve those credentials for your application. To enable this functionality: 1. In your `nobackup` directory or one of its subdirectories, create a PHP file. The PHP file can have any name, including the following example: /mnt/gfs/mysite.prod/nobackup/apikeys/mysite_apikeys.php 2. Edit the PHP file and add one or more environmental variables, similar to the following: putenv('MY_API_KEY_NAME=[key_value]'); 3. Save the PHP file. 4. Edit your application’s `settings.php` file and add code similar to the following to incorporate the new PHP file that you created into your `settings.php` file: if (file_exists('../acquia-files/nobackup/apikeys/mysite_apikeys.php')) { require '../acquia-files/nobackup/apikeys/mysite_apikeys.php'; } 5. Create settings variables for Drupal’s use by adding the following lines to your `settings.php` file: **Drupal version** **Code** Drupal 7 $conf['mysite_apiname'] = getenv('SOME_API_KEY_NAME'); $conf['mysite_apikey'] = getenv('SOME_API_KEY'); [Current Drupal version](/service-offerings/guide/software-life-cycle#supported-drupal-version) $settings['mysite_apiname'] = getenv('SOME_API_KEY_NAME'); $settings['mysite_apikey'] = getenv('SOME_API_KEY'); 6. Save the `settings.php` file.