Sensitive and environment settings
This topic discusses how third-party developers can create Magento components that designate configuration settings as being sensitive, system-specific, or both.
Use the following guidelines to determine which settings to designate as sensitive, system-specific, or both.
Magento stores these settings in
<Magento root dir>/app/etc/env.php.
Do not include this file in source control.
Sensitive configuration values hold restricted or confidential information.
Examples of sensitive information include:
- Keys (such as API keys)
- Usernames and passwords
- E-mail addresses
- Any personally identifiable information (e.g., address, phone number, date of birth, government identification number, etc.)
Environment or system-specific values
Environment or system-specific values are unique to the system where Magento is deployed.
Examples of environment or system-specific values include:
- IP addresses
- Domain names
- Paths (e.g., custom paths, proxy host, proxy port)
- “modes” (e.g, sandbox mode, debug mode, test mode)
- SSL (only for non-payment)
- E-mail recipients
- Administrative settings between systems (e.g., password expiration limits)
How to specify values as sensitive or system-specific
Example: Sensitive settings
After specifying the sensitive setting, use the following commands to verify it:
php bin/magento cache:clean php bin/magento app:config:dump
A message similar to the following is displayed:
The configuration file doesn't contain sensitive data for security reasons. Sensitive data can be stored in the following environment variables: CONFIG__DEFAULT__PAYMENT__TEST__PASWORD for payment/test/password Done.
Example: System-specific settings
Sensitive, system-specific setting
To set a configuration setting as both sensitive and system-specific, create two entries with the
name property for
argument set to
sensitive for one entry and
environment for the other.