Reputation: 2735
Symfony2 setting up (my own) secure Variables
Where is the best place to put sensible data in Symfony2, i.e. PayPal Variables (API Username, Password etc.)?
Since app/config/ is not accessible from outside, I think this might actually be the best location. Am I correct? If above is correct, can I add an additional paypalconfig.yml file to the app/config/ folder or is it recommend to add those things to app/config/parameters.ini?
How can I access that data later?
Thanks!
Upvotes: 0
Views: 418
Answers (2)
Reputation: 44831
Here is how I do it. I have the parameters.yml.dist (or *.ini.dist) file with dummy data in app/config and it's checked into the git repo. When deploying an app, I copy it to parameters.yml — which I configured to be ignored by git — and fill with the real data.
If you go with the same approach, your secure data will be in parameters.yml only and thus won't be kept in the repo.
Upvotes: 1
Reputation: 8425
Yes, app/config is safe as long as server is setup correctly.
You could create paypalconfig.yml, but it's recommended to store in /app/config/parameters.ini
You can access it later on as DIC parameter, for example in controller: $this->container->getParameter("my_private_paypal_param");
Upvotes: 2
Related Questions
- Symfony access control with variable inside route
- Symfony2 Security: Using encryption settings in code
- Symfony2 secure whole controller
- Security In Symfony2?
- Security in Symfony2
- Symfony secured pages
- Secure area in Symfony2
- Symfony2 - Security authentication
- Symfony 2 Custom Security Provider
- how to secure an application by environment in symfony?