Geek Answers Handbook

Magento - Using custom environment variables for sensitive database information

I know that Magento stores database connection data in a local.xml file, however, our company is trying to avoid using passwords and other sensitive data in our git registry for security purposes.

I know that you can easily create environment variables through a .htaccess file, but I hope to find a workable solution that will allow me to dynamically set this database information from an environment variable.

Since local.xml is an XML file, and since this file type is not dynamic / server-side, we cannot use it to read environment variables.

Is there any way to add some kind of hook / custom behavior to Magento in which I could replace local.xml a PHP file that will allow me to use these environment variables?

So, in a sense, local.xml will become a local.PHP file with the ability to read my own custom environment variables such as DB_HOST, DB_USERNAME, DB_PASSWORD , instead of setting them in the XML file as localhost, root, password123 , etc. .

Any ideas on how best to achieve this, or are there any existing Magento add-ons / extensions / extensions / mods that will allow me to do this?

+6
source share
4 answers

I suggest git ignore your local.xml and dynamically create it using a deployment script. your deployment script should have your important data variables.

+4
source

I found an alternative solution to the problem. I expanded Mage_Core_Model_Config_Element and tried the "xmlentities" function to check if the configuration value that it returns is returned with a dollar sign and, if so, will replace it with an equivalent environment variable.

If this helps someone else, here it is ...

https://github.com/rossigee/magento-config-envvars

+3
source

Try this solution:

copy the application / code / kernel /Mage/Core/Model/App.php to app / code / local / Mage / Core / Model / App.php and replace the _initBaseConfig () method as follows:

 protected function _initBaseConfig() { Varien_Profiler::start('mage::app::init::system_config'); $this->_config->loadBase(); /* Read DB connection config from environment variables */ $connection = $this->_config->getNode('global/resources/default_setup/connection'); $connection->setNode('host', $_ENV['DB_HOST']); $connection->setNode('username', $_ENV['DB_USERNAME']); $connection->setNode('password', $_ENV['DB_PASSWORD']); Varien_Profiler::stop('mage::app::init::system_config'); return $this; }

This should help.

* EDIT

 protected function _initBaseConfig() { Varien_Profiler::start('mage::app::init::system_config'); $this->_config->loadBase(); /* Read DB connection config from environment variables */ $this->_config->getNode('global/resources/default_setup/connection') ->setNode('host', $_ENV['DB_HOST']) ->setNode('username', $_ENV['DB_USERNAME']) ->setNode('password', $_ENV['DB_PASSWORD']); Varien_Profiler::stop('mage::app::init::system_config'); return $this; }
+1
source

Have you considered simply adding local.xml to .gitignore and creating / updating it as part of the deployment process? Note that local.xml usually stores more than just the database credentials. For example, it can also save the configuration for caching and session storage backends. They are usually also server specific and will be very messy if you try to avoid using local.xml .

0
source

More articles:


All Articles