Using Symfony Secrets

1. Introduction

One of the great things about using symfony bundles and configuration is that we can take full potential of the features Symfony provides. One of those features is secrets (see the following link to the documentation)

Symfony secrets allows us to safely store sensitive values encrypted in a "vault". Plus these values can also be defined per environment.

In our SAML configuration this could be used to store the certificates and the private keys, which we don’t want to be easily accessible.

To add secrets, first start by following the setup steps on Symfony’s documentation: How to Keep Sensitive Information Secret

2. Adding a new secret

After setting up all that is required to add secrets, you can now add new secrets by running the following command.

Run php bin/console secrets:set <NAME_OF_ENV_VARIABLE> (the console should show a prompt to set the value)

  • e.g: php bin/console secrets:set SAML_SP_PRIVATE_KEY

2. Using a secret on configuration

Secrets can be added to the config like all other env properties, using '%env(…​)'

The following example is a partial snippet taken from the saml configuration:

hslavich_onelogin_saml:

  # ...

  sp:

     ...

    # SuiteCRM's private key for SAML (sp)
    privateKey: '%env(SAML_SP_PRIVATE_KEY)%'

    # ...

3. Clear Symfony cache

⚠️ After making a change to your .env.local please be sure to run ./bin/console cache:clear from root or Repair and Rebuild from the Admin Menu.

Content is available under GNU Free Documentation License 1.3 or later unless otherwise noted.