This PR marks a couple of fields as "sensitive" to avoid them being dumped into app/etc/config.php (a file that might be versioned).
Backwards Compatibility
No BC breaks under SemVer. Additionally:
Nothing will change for existing installations until they re-save the Sooqr store settings page, at which point the api_key field will be encrypted into the database for a seamless upgrade experience that most existing installations will hardly even notice.
I think the only flows that could "break" are those that (inappropriately) depend on these values being versioned in app/etc/config.php, but that's probably acceptable because it will lead to a more secure setup for those users.
With the above in mind, this could be released with just a revision bump (e.g. 1.1.5) along with simple upgrade instructions, e.g. After upgrading, go to the Sooqr settings page and click on 'Save' without making any other changes.
This PR marks a couple of fields as "sensitive" to avoid them being dumped into
app/etc/config.php
(a file that might be versioned).Backwards Compatibility
No BC breaks under SemVer. Additionally:
Nothing will change for existing installations until they re-save the Sooqr store settings page, at which point the
api_key
field will be encrypted into the database for a seamless upgrade experience that most existing installations will hardly even notice.I think the only flows that could "break" are those that (inappropriately) depend on these values being versioned in
app/etc/config.php
, but that's probably acceptable because it will lead to a more secure setup for those users.With the above in mind, this could be released with just a revision bump (e.g. 1.1.5) along with simple upgrade instructions, e.g.
After upgrading, go to the Sooqr settings page and click on 'Save' without making any other changes.