Open rain2o opened 4 years ago
Hi @rain2o
The config.xml file can be stored outside Magento directory and the path of running migration can be 'bin/magento migrate:settings /home/user/config.xml'. Does it solve your security concern?
@victor-v-rad yes that is a workaround but it’s inconvenient. Since the config file contains other configurations around migration, steps, paths to other config files, etc... it would be useful to have this file managed in version control so that we don’t have to maintain this file in several places. Then having an external location to get sensitive information from. Does that make sense?
It make sense and MC-29164 was created to implement it. It is unlikely to happen in the nearest future but the tool is open source and you can implement the needed functionality and share with all Magento community in pull request.
Preconditions
Steps to reproduce
Expected result
Actual result
Additional notes
I suppose this is an enhancement, or I'm missing something that is already here, but the fact that this module requires database credentials to be put in the config.xml file directly inside our extension module is concerning. Whether we are creating a composer module or one directly in
app/code
, either way these files will be tracked in version control and should not contain any sensitive data, especially database credentials. The fact that this config file contains all other configurations like any custom mapping, ignored fields, etc... means that this file should be tracked in version control and maintained accordingly. Therefore the credentials should come from another source.It would be preferable if the database credentials could come from any of the following sources:
app/etc/env.php
just like core Magento uses. Or from ENV variables directly.var
or something. This file would be maintained directly on the server/environment and not in version control. It should only contain sensitive information. It would be merged with the other config file much like Magento core handles most XML files.setup:install
command to pass the DB host, name, user, password, source, and destination while running themigrate:[mode]
.Those are the first three options I could think of. I started to try and create an extension to add these, but as this module doesn't follow the standard Magento 2 module infrastructure, I ran into some issues trying to use
plugin
orpreference
.At this point our current migration is stalled until I can come up with a solution because storing these credentials in the module is not an option.