Best practices to separate db connection credentials from main.php and git repository?

BiWinning · July 4, 2012, 9:30pm

As defined in the Data Access Objects (DAO) section of the Definitive Guide to Yii one can set the database connection credentials for their application site-wide in the application configuration file. My question is this: is there any best practice for putting these particular credentials in another file somewhere so that file (and hence those credentials) can be excluded from the application’s git repository?

Naturally there are many reasons one might want to do this: ranging from security implications with remote developers working on your application to simply having different credentials among your development, staging, and production servers.

Off the top of my head you could create a file protected/config/connections.php and then define the "db" array in it:




$db=array(

            'class'=>'CDbConnection',

            'connectionString'=>'mysql:host=localhost;dbname=testdb',

            'username'=>'root',

            'password'=>'password',

            'emulatePrepare'=>true,  // needed by some MySQL installations

        );

and then include the $db array in protected/config/main.php by including connections.php:




require_once "connections.php";

.....

    'components'=>array(

        ......

        'db'=>$db,

    ),

and then add protected/config/connections.php to .gitignore. The developer can then be instructed to fill connections.php with their own working credentials for their development environment.

I would think people have tackled this problem already. Is there a better way?

jacmoe · July 4, 2012, 10:13pm


    	'db' => require(dirname(__FILE__) . '/db.php'),

db.php:


<?php

return array(

        	'connectionString' => 'mysql:host={host_in};dbname={dbname_in}',

        	'emulatePrepare' => true,

        	'username' => '{username_in}',

        	'tablePrefix' => '{tablePrefix_in}',

        	'password' => '{password_in}',

        	'charset' => '{charset_in}',

        	//'nullConversion' => PDO::NULL_EMPTY_STRING,

		//'enableProfiling'=>true,

		//'enableParamLogging' => true,

    	);

BiWinning · July 4, 2012, 10:41pm

jacmoe:


    	'db' => require(dirname(__FILE__) . '/db.php'),

db.php:


<?php

return array(

        	'connectionString' => 'mysql:host={host_in};dbname={dbname_in}',

        	'emulatePrepare' => true,

        	'username' => '{username_in}',

        	'tablePrefix' => '{tablePrefix_in}',

        	'password' => '{password_in}',

        	'charset' => '{charset_in}',

        	//'nullConversion' => PDO::NULL_EMPTY_STRING,

		//'enableProfiling'=>true,

		//'enableParamLogging' => true,

    	);

Hi I thank you for your answer but I was hoping that someone with more of an "elite" status would reply joke This looks perfect.

jacmoe · July 4, 2012, 10:50pm

It’s basically the same thing, although slightly cleaner (IMO) -

fr0d0z · July 11, 2012, 4:59am

Yes, look at the Yii-Environment extension. It’s quite handy: http://www.yiiframework.com/extension/yii-environment/

redguy · July 11, 2012, 6:04am

I never put config files under version control (I put them in svnignore, etc). They are specific to almost every environment I place the source, and it includes:

local developers working directory
Continuous Integration server (automated builds and tests)
stage server
production-test (separate configuration on production environment to make just-before-deployment tests)
production

instead I put files like: main.php.example, console.php.example under version controll, which contain only common db credentials (root without password for mysql, postgres/postgres for postgresql). On every environment I maintain local configurations manually, CI server just rename *.example files before every build.

This way - I can version configuration changes without risk that update process could make any of those environments lost specific configuration changes.