Default secret configuration to avoid secret leak

[flohw]

Hi,

First issue/contribution here, let me know if I need to change something. :-)

As described in the documentation the config/secrets/prod/prod.decrypt.private.php file must not be committed to the repository. The recipe for this works as expected. But assuming we have other environments as staging which shouldn't be exposed either (at least to me) the private keys of these environments are not protected by the current configuration.

Maybe the framework-bundle/*/manifest.json should be updated like so in the gitignore section:

-        "/%CONFIG_DIR%/secrets/prod/prod.decrypt.private.php",
+        "/%CONFIG_DIR%/secrets/*/*.decrypt.private.php",
+        "!/%CONFIG_DIR%/secrets/dev/dev.decrypt.private.php",

What do you think?

As mentioned in the readme, recipes should not be updated for the previous versions so I was not sure how to propose the PR. Maybe in the framework-bundle/7.3/manifest.json? Should I copy the 7.2 structure and update only the proposed part?

Let me know, I can provide the PR if you think the change is appropriate.

[nicolas-grekas]

the test env is also a candidate for exclusion on the other hand, doing nothing is also an option: at some point, people need to tweak their config anyway

[flohw]

We could add a line for the test env. I intended to prevent the risk of secret leak by default, which should be the default regarding safety for me. The new default would prevent the leak of any private key except dev, then the developer is still able to intentionally commit the files if he really wants to.