cs-akash-jarad
commented
3 years ago @GiveMeAllYourCats @Zombaya can you please check and merge this.
Closed cs-akash-jarad closed 3 years ago
cs-akash-jarad
commented
3 years ago @GiveMeAllYourCats @Zombaya can you please check and merge this.
Zombaya
commented
3 years ago I don't have write-access to this repository, so I'm not able to merge this.
As for solving your problem, I'd rather opt for simply injecting the secret (also see #29) and avoid having the library generate a new key out of the blue when the key can not be found.
I think injecting the secret itself is better is that it makes it easier for deploying the secret and possible encrypting the secret itself using environment variable processors and adds the possibility to not have the secret on disk but only in memory.
Using environment variables processors we would be able to still source it from the same file if needed.
# Old way
ambta_doctrine_encrypt:
encryptor_class: Halite # or Defuse
secret_directory_path: '%kernel.project_dir%' # Path where to store the keyfiles
# New way
ambta_doctrine_encrypt:
encryptor_class: Halite # or Defuse
secret: '%env(file:resolve:%kernel.project_dir%/.Halite.key)%This would however mean a breaking change so i'd make the current method parameter deprecated and have it show warnings.
This change would also require a new command to generate a secret so it can be stored somewhere.
cs-akash-jarad
commented
3 years ago yes correct, because of the breaking change I thought of this approach so that backward compatibility can be maintained.
https://github.com/GiveMeAllYourCats/DoctrineEncryptBundle/issues/54