Sensitive and environment settings
This topic discusses how third-party developers can create Magento components that designate configuration settings as being sensitive, system-specific, or both.
Use the following guidelines to determine which settings to designate as sensitive, system-specific, or both.
Magento stores these settings in
<Magento root dir>/app/etc/env.php.
Do not include this file in source control.
Sensitive configuration values hold restricted or confidential information.
Examples of sensitive information include:
- Keys (such as API keys)
- Usernames and passwords
- E-mail addresses
- Any personally identifiable information (e.g., address, phone number, date of birth, government identification number, etc.)
Environment or system-specific values
Environment or system-specific values are unique to the system where Magento is deployed.
Examples of environment or system-specific values include:
- IP addresses
- Domain names
- Paths (e.g., custom paths, proxy host, proxy port)
- “modes” (e.g, sandbox mode, debug mode, test mode)
- SSL (only for non-payment)
- E-mail recipients
- Administrative settings between systems (e.g., password expiration limits)
How to specify values as sensitive or system-specific
Example: Sensitive settings
<type name="Magento\Config\Model\Config\TypePool"> <arguments> <argument name="sensitive" xsi:type="array"> <item name="payment/test/password" xsi:type="string">1</item> </argument> </arguments> </type>
After specifying the sensitive setting, use the following commands to verify it:
A message similar to the following is displayed:
The configuration file doesn't contain sensitive data for security reasons. Sensitive data can be stored in the following environment variables: CONFIG__DEFAULT__PAYMENT__TEST__PASWORD for payment/test/password Done.
Example: System-specific settings
<type name="Magento\Config\Model\Config\TypePool"> <arguments> <argument name="environment" xsi:type="array"> <item name="catalog/search/searchengine/port" xsi:type="string">1</item> </argument> </arguments> </type>
Sensitive, system-specific setting
To set a configuration setting as both sensitive and system-specific, create two entries with the
name property for
argument set to
sensitive for one entry and
environment for the other.