From time to time, your website needs access to sensitive credentials, passwords, or other private information to function properly, but do not store the information in your version control repository for privacy reasons.
For example, the following modules or third-party integrations may require a secret or access key:
Drupal modules (Shield)
Amazon S3 configuration variables (s3fs_awssdk2_access_key,
s3fs_awssdk2_secret_key, s3fs_bucket)
Google Cloud Messaging integration variables
(push_notifications_gcm_api_key)
Google CAPTCHA variables (recaptcha_secret_key,
recaptcha_site_key)
To make the information available uniquely to your website, while keeping sensitive information out of your codebase, use one of the following methods:
Create a secrets.settings.php file
Create a nobackup directory containing your sensitive data
Note
Acquia recommends that Cloud Next users create a nobackup directory to store their senstitive information.
Storing sensitive credentials in a secrets file and not in your website’s database means your private data won’t exist in your database backups. With this, you can distribute database backups to team members who might need a database snapshot, but do not need full access to external systems.
To create and use a secrets file with your website:
Connect to your server using SSH.
Navigate to your home directory.
If the secrets.settings.php file doesn’t exist, create it.
Important
In Cloud Classic, do not create the file in the
/mnt/gfs/[sitename].[env]/files/ directory, as files in this are
publicly accessible.
To make the secrets file available to your application, add the lines in the following example to the appropriate location based on your installed product:
Cloud Platform: To your website’s settings.php file
Site Factory: To a post-settings-php hook named secrets.php
Important
Add the secrets file to all Site Factory environments. During the
Site Factory staging process,
the secrets.settings.php file will not copy down to lower
environments.
$secrets_file = $_ENV['HOME'] . '/secrets.settings.php';
if (file_exists($secrets_file)) {
require $secrets_file;
}
Since the code uses $_ENV['HOME'] to build the
link to the secrets.settings.php file, you can
provide unique files for your production and
non-production environments.
Important
Keep your own backups of your secrets.settings.php file. Backups are stored
outside your website’s files area. The Site Factory full-website
backups do not back up the
secrets.settings.php file.
While upgrading from Cloud Classic to Cloud Next, ensure that you
migrate the $HOME/APP_NAME folder.
You can also create a special nobackup directory where you can place
files containing sensitive credentials. For information about using
the method, see Storing private information in the file system.
53 State Street, 10th Floor
Boston, MA 02109
United States
Phone: 888-922-7842