Store Secrets Securely on Pantheon for Drupal Application

ByKarthik Kumar D Kon10th Jun 2022, 2022-06-10T19:00:00+05:30
Read Article
Pause
Resume
Stop
Store Secrets Securely on Pantheon for Drupal Application

In this article, we are going to see how people can store access keys and tokens securely, in the case of your drupal application that is managed on pantheon.

Generally, all the Access keys or Tokens or any Secret third party auth information should not be stored in the database or within the project web root, Its safe to store it encrypted and within a file, and keep the file outside of the project web root.

In the pantheon environment, we can store such information in a secrets.json file, which can be accessed via the terminus tool.

Below we are gonna see, how to do it?

  1. How to Login to Pantheon via terminus.
  2. How to Store the key/value pairs as secrets.
  3. How to Read the stored key/value pair secrets.

Login to Pantheon via terminus

Login via terminus, with the email id of the admin/maintainer of the environment. Below command will help you to do this.

terminus auth:login –email=<email-id>

Store the key/value pairs as secrets

After login to the terminus, use secrets:set command to set the key & value pair of secrets.

Best thing to do is, Value which you are passing should be encrypted via some encryption algorithm (AES or something tough).

Below command will help you to set the key value pair into secrets.

terminus secrets:set <pantheon-env> <key> <value>

Read the stored key/value pair secrets

To read the stored secret key & values to the settings.php, we can use the php function file_get_contents php. Below code will help to read the secrets to settings.php file.

Further the secrets can be used in your drupal application.

$secretsFile = $_SERVER[‘HOME’] . ‘/files/private/secrets.json’;
If (file_exists($secretsFile)) {
  $secrets = json_decode(file_get_contents($secretsFile), 1);
  If (!empty($secrets[‘<key>’])) {
    $settings[‘<drupal-any-settings>’] = $secrets[‘<value>’];
  }
}

And you can also see all the stored secrets via terminus with secrets:list command, as shared below.

terminus secrets:list <pantheon-env>

This way on the Pantheon environment, you can store the secrets and read secrets for your Drupal application.

Comments

We Need Your Consent
By clicking “Accept Cookies”, you agree to the storing of cookies on your device to enhance your site navigation experience.
I Accept Cookies