Best practices to separate db connection credentials from main.php and git repository?

As defined in the Data Access Objects (DAO) section of the Definitive Guide to Yii one can set the database connection credentials for their application site-wide in the application configuration file. My question is this: is there any best practice for putting these particular credentials in another file somewhere so that file (and hence those credentials) can be excluded from the application’s git repository?

Naturally there are many reasons one might want to do this: ranging from security implications with remote developers working on your application to simply having different credentials among your development, staging, and production servers.

Off the top of my head you could create a file protected/config/connections.php and then define the "db" array in it:






            'emulatePrepare'=>true,  // needed by some MySQL installations


and then include the $db array in protected/config/main.php by including connections.php:

require_once "connections.php";






and then add protected/config/connections.php to .gitignore. The developer can then be instructed to fill connections.php with their own working credentials for their development environment.

I would think people have tackled this problem already. Is there a better way?

    	'db' => require(dirname(__FILE__) . '/db.php'),



return array(

        	'connectionString' => 'mysql:host={host_in};dbname={dbname_in}',

        	'emulatePrepare' => true,

        	'username' => '{username_in}',

        	'tablePrefix' => '{tablePrefix_in}',

        	'password' => '{password_in}',

        	'charset' => '{charset_in}',

        	//'nullConversion' => PDO::NULL_EMPTY_STRING,


		//'enableParamLogging' => true,


Hi I thank you for your answer but I was hoping that someone with more of an "elite" status would reply joke This looks perfect.

It’s basically the same thing, although slightly cleaner (IMO) - :)

Yes, look at the Yii-Environment extension. It’s quite handy:

I never put config files under version control (I put them in svnignore, etc). They are specific to almost every environment I place the source, and it includes:

  • local developers working directory

  • Continuous Integration server (automated builds and tests)

  • stage server

  • production-test (separate configuration on production environment to make just-before-deployment tests)

  • production

instead I put files like: main.php.example, console.php.example under version controll, which contain only common db credentials (root without password for mysql, postgres/postgres for postgresql). On every environment I maintain local configurations manually, CI server just rename *.example files before every build.

This way - I can version configuration changes without risk that update process could make any of those environments lost specific configuration changes.