picodexter / parameter-encryption-bundle
Symfony PcdxParameterEncryptionBundle
Installs: 396
Dependents: 3
Suggesters: 0
Security: 0
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Type:symfony-bundle
Requires
- php: ^7.1
- ext-mbstring: *
- symfony/console: ^2.7 || ^3.0 || ^4.0
- symfony/framework-bundle: ^2.7 || ^3.0 || ^4.0
Requires (Dev)
- friendsofphp/php-cs-fixer: ^2.0
- phpunit/phpunit: ^6.2
- symfony/phpunit-bridge: ^4.2
This package is auto-updated.
Last update: 2020-07-11 23:40:31 UTC
README
DEPRECATION WARNING!
THIS BUNDLE IS NOW DEPRECATED / ABANDONED
The Symfony Secrets management that was introduced with Symfony 4.4 offers an official solution for the original purpose of this bundle.
Please refer to it instead.
Active development on this project has therefore been stopped.
END OF DEPRECATION WARNING
This bundle lets you save Symfony parameters in an encrypted form and automatically decrypt them during runtime.
Purpose
What It Does
This bundle allows developers to save sensitive information in Symfony
parameters in an encrypted form so that it can be committed to a VCS. The only
remaining sensitive information, the decryption key, could then be saved in an
unversioned parameters.yml
file or simply passed in an environment variable.
Through this approach you can easily keep all stage-specific configuration files in the VCS and use a switch mechanism to detect which one to load. This helps you keep the number of stage-specific (automatically) deployed but unversioned files to an absolute minimum.
What It Does Not Do
The intention is not to provide security in a way that an attacker with access to the webspace file system wouldn't be able to decrypt the parameters.
The PHP process needs to read both the encrypted data as well as the decryption key(s), be it in the file system or in memory as an environment variable. Someone who manages to infiltrate the process therefore automatically gains relevant read access to both pieces of information as well.
Additionally, anyone who can read the Symfony application cache would be able to extract the dumped container including all decrypted parameters anyway.
Features
- Provides encryption for Symfony parameters
- Does not impact overall application performance when container is cached
- Allows defining keys in base64 encoded format to support binary values
- Allows generating keys with PBKDF2
- Allows specifying multiple algorithm configurations to enable usage of different methods of encryption in the same application
- Modular approach to harness encryption ciphers from reputable third-party Composer packages
- Highly configurable
- Highly extensible (custom encrypters, decrypters, key transformers, ...)
- 100% code coverage
Furthermore, this bundle comes with the following ciphers out-of-the-box:
Symmetric Ciphers
- Caesar
Documentation
The documentation source files are located in the Resources/doc/
directory of
this bundle.
Installation
Please refer to the Getting Started guide.
License
This bundle is released under the MIT license.
Authors
- picodexter | GitHub | picodexter.io
See also the list of contributors.
Contributing
The official project repository with the issue tracker can be found on GitHub.
Please refer to the contributing document.