Tobion
commented
5 months ago Not sure about the current state. But this was unfortunatly already rejected before https://github.com/symfony/recipes/pull/1005
Closed tacman closed 5 months ago
Tobion
commented
5 months ago Not sure about the current state. But this was unfortunatly already rejected before https://github.com/symfony/recipes/pull/1005
tacman
commented
5 months ago Yeah. I've kinda given up on the vault. I thought I'd like it, because setting up environment variables on production is clunky, but the order of priority seems unintuitive with the current setup.
I want do defined the env vars in .env, then override them in the vault. But that's not how it works.
I do think it's odd to have a secret in the .env file, with all the warnings about not to put secrets there.
With more recent versions of Symfony, it's better not to put APP_SECRET in .env, since .env is committed to source control.
Ideally, we could run
As a way to kickstart the move away from .env files and toward using the secrets vault.
While .env files are easier to work with than secrets during development, it's soooo much easier to deploy to servers that create read-only images (like heroku and dokku) by setting just APP_ENV=prod and the SYMFONY_DECRYPTION_SECRET key.
I've (finally) started doing this with my own projects, and the first step is always to remove the APP_SECRET key that this recipe generates (mostly to avoid getting the warning about checking a secret into github).