recipes icon indicating copy to clipboard operation
recipes copied to clipboard

Published 20 hours ago verified publisher icon symfony

Default secret configuration to avoid secret leak

Open flohw opened this issue 8 months ago • 2 comments

Hi,

First issue/contribution here, let me know if I need to change something. :-)

As described in the documentation the config/secrets/prod/prod.decrypt.private.php file must not be committed to the repository. The recipe for this works as expected. But assuming we have other environments as staging which shouldn't be exposed either (at least to me) the private keys of these environments are not protected by the current configuration.

Maybe the framework-bundle/*/manifest.json should be updated like so in the gitignore section:

-        "/%CONFIG_DIR%/secrets/prod/prod.decrypt.private.php",
+        "/%CONFIG_DIR%/secrets/*/*.decrypt.private.php",
+        "!/%CONFIG_DIR%/secrets/dev/dev.decrypt.private.php",

What do you think?

As mentioned in the readme, recipes should not be updated for the previous versions so I was not sure how to propose the PR. Maybe in the framework-bundle/7.3/manifest.json? Should I copy the 7.2 structure and update only the proposed part?

Let me know, I can provide the PR if you think the change is appropriate.

flohw avatar Jun 04 '24 07:06 flohw