Chapters
25 Chapters
|
2:34:05
|
Login to bookmark this video
-
Course Code
Subscribe to download the code!
Subscribe to download the code!
-
This Video
Subscribe to download the video!
Subscribe to download the video!
-
Subtitles
Subscribe to download the subtitles!
Subscribe to download the subtitles!
-
Course Script
Subscribe to download the script!
Subscribe to download the script!
Scroll down to the script below, click on any sentence (including terminal blocks) to jump to that spot in the video!
Subscribe to jump to this part in the video!
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
What PHP libraries does this tutorial use?
// composer.json
{
"require": {
"php": ">=8.1",
"ext-ctype": "*",
"ext-iconv": "*",
"knplabs/knp-time-bundle": "^1.18", // v1.19.0
"symfony/asset": "6.1.*", // v6.1.0-RC1
"symfony/console": "6.1.*", // v6.1.0-RC1
"symfony/dotenv": "6.1.*", // v6.1.0-RC1
"symfony/flex": "^2", // v2.4.5
"symfony/framework-bundle": "6.1.*", // v6.1.0-RC1
"symfony/http-client": "6.1.*", // v6.1.0-RC1
"symfony/monolog-bundle": "^3.0", // v3.8.0
"symfony/runtime": "6.4.3", // v6.4.3
"symfony/twig-bundle": "6.1.*", // v6.1.0-RC1
"symfony/ux-turbo": "^2.0", // v2.1.1
"symfony/webpack-encore-bundle": "^1.13", // v1.14.1
"symfony/yaml": "6.1.*", // v6.1.0-RC1
"twig/extra-bundle": "^2.12|^3.0", // v3.4.0
"twig/twig": "^2.12|^3.0" // v3.4.0
},
"require-dev": {
"symfony/debug-bundle": "6.1.*", // v6.1.0-RC1
"symfony/maker-bundle": "^1.41", // v1.42.0
"symfony/stopwatch": "6.1.*", // v6.1.0-RC1
"symfony/web-profiler-bundle": "6.1.*" // v6.1.0-RC1
}
}
6 Comments
Can you clarify something to me? Assume that the project is on private or enterprise repo on GitHub. If I understand well, collaborators would not be able to access the functionality that is provided by the secret value. Is this right?
If this is right, what is the point of creating a
devsecret vault?TIA
François
Hey @Francois
Anyone with access to the project will have access to the dev secret vault because the "dev private" file is committed to the repository, but they won't be able to see the production values (because the prod private file is missing). I hope it's more clear now
Cheers!
Hi, i wonder what is the advantage? Anyone with minium skill could download prod decrypt key on production server and use it in local to get theses infos.
Is that a real security plus to use that or just use .env file with real value not encrypt?
Hey @Frederic_H-F
yeah, that might be a problem, but how do they download it? As a minimum, they should know FTP/SSH access, but then I'd like to say that you may have more security issues than that.
Cheers!
We are all senior, so yes we can handle scp or anything else in SSH. The server has double auth with montly password change so the server is really secure. I think we will continue using .env file, thanks!
Yeah, of course, and once again, this storage is not about security, it's more about convenience, so you have some easy work tools to store and work with env variables.
Cheers!
"Houston: no signs of life"
Start the conversation!