在 symfony 中存储加密参数以在您的服务中使用的最佳方法是什么? [英] Which would be the best way to store encrypted parameters to use in your services in symfony?
问题描述
我目前将机密存储在 parameters.yml 中,这是一个纯文本.
I'm currently storing the secrets in parameters.yml which is a plain text.
我想保留一些参数和环境变量作为秘密,所以只有我自己和 Symfony 知道数据库的凭据.
I would like to keep some parameters and environment vars as secrets so only myself and Symfony knows the credentials to the database.
有没有办法在 Symfony 3.2 中保护我的机密、环境变量和参数?
Is there a way to protect my secrets, environment vars and parameters in Symfony 3.2?
我可以举个例子吗?
谢谢.
推荐答案
是的,您可以通过 2 种不同的方法来解决:
Yes, you can solve it in 2 different approaches:
http://symfony.com/doc/current/service_container/compiler_passes.html
选择合适的加密/解密算法:https://paragonie.com/blog/2015/11/choosing-right-cryptography-library-for-your-php-project-guide
Choose a suitable encryption/decryption algorithm: https://paragonie.com/blog/2015/11/choosing-right-cryptography-library-for-your-php-project-guide
你的编译器通过
class DecryptParameterPass implements CompilerPassInterface
{
public function process(ContainerBuilder $container)
{
if ($container->hasParameter('you_paramater_enc') && (!$container->hasParameter('you_paramater') or !!$container->getParameter('you_paramater'))) {
$container->setParameter('you_paramater', your_decrypt_method($container->getParameter('you_paramater_enc')));
}
}
}
您的捆绑包
class AppBundle extends Bundle
{
public function build(ContainerBuilder $container)
{
$container->addCompilerPass(new DecryptParameterPass());
}
}
可以使用复杂的表达式调用解密参数的服务
https://symfony.com/doc/current/service_container/expression_language.html
这篇关于在 symfony 中存储加密参数以在您的服务中使用的最佳方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!