From time to time, your website needs access to sensitive credentials, passwords, or other private information to function properly, but do not store the information in your version control repository for privacy reasons.
For example, the following modules or third-party integrations may require a secret or access key:
s3fs_awssdk2_access_key
,
s3fs_awssdk2_secret_key
, s3fs_bucket
)push_notifications_gcm_api_key
)recaptcha_secret_key
,
recaptcha_site_key
)To make the information available uniquely to your website, while keeping sensitive information out of your codebase, use one of the following methods:
Storing sensitive credentials in a secrets file instead of in your website’s database means your private data will not exist in your database backups, allowing you to distribute database backups to team members who may need a database snapshot, but not full access to external systems.
To create and use a secrets file with your website, complete the following steps:
Connect to your server using SSH.
Navigate to the /mnt/files/[sitename].[env]/
directory, where
[sitename]
is your website’s name and [env]
is your website’s
environment. For more information about your sitename, see the
Sitename definition page.
If the secrets.settings.php
file does not already exist, create it.
Important
Do not create the file in /mnt/gfs/[sitename].[env]/files/
, as files
in the directory are publicly accessible.
To make the secrets file available to your application, add the lines in the following example to the appropriate location based on your installed product:
Cloud Platform: To your website’s settings.php
file
Site Factory: To a post-settings-php hook named secrets.php
Important
Add the secrets file to all Site Factory environments. During the
Site Factory staging process,
the secrets.settings.php
file will not copy down to lower
environments.
$secrets_file = sprintf('/mnt/files/%s.%s/secrets.settings.php', $_ENV['AH_SITE_GROUP'],$_ENV['AH_SITE_ENVIRONMENT']);
if (file_exists($secrets_file)) {
require $secrets_file;
}
Since the code uses $_ENV['AH_SITE_ENVIRONMENT']
to build the
link to the secrets.settings.php
file, you can provide
unique files for each of your website’s environments.
Important
Keep your own backups of your secrets.settings.php
file. It is stored
outside of your website’s files area, so the Site Factory full-website
backups will not back up the
secrets.settings.php
file.
You can also create a special nobackup
directory where you can place
files containing sensitive credentials. For information about using
the method, see Storing private information in the file system.