Log message #4101239

# At Username Text
# Dec 5th 2017, 17:34 dereuromark makes sense, because it could contain dangerous HTML
# Dec 5th 2017, 17:34 dereuromark it does, yeah
# Dec 5th 2017, 17:34 hmic escape => true escapes the placeholder?!
# Dec 5th 2017, 17:32 dereuromark How do you do placeholder newlines in textareas? 'and#10;' would be escaped, but I also dont want to disable escape here completely. Couldnt we have PHP_EOL transformed into 'and#10;' for escape => true?
# Dec 5th 2017, 17:25 hmic you can use the very same concepts in 2.x already! works exactly the same way
# Dec 5th 2017, 17:24 hmic and this for the env reading: https://github.com/cakephp/app/blob/master/config/app.default.php#L260
# Dec 5th 2017, 17:24 xapak Yeah, looks like 3.X thing. But totally, gonna tell them to set something like that for their project.
# Dec 5th 2017, 17:24 hmic https://github.com/cakephp/app/blob/master/config/bootstrap.php#L80
# Dec 5th 2017, 17:23 hmic this one instead: https://github.com/cakephp/app/blob/master/config/bootstrap.php
# Dec 5th 2017, 17:23 hmic if you check the app.php in the cake3 base app, you will notice it tries to read many settings from the environment too already
# Dec 5th 2017, 17:22 xapak https://github.com/cakephp/cakephp/blob/10fcd7633d40b100a57054025dd38cd008fded80/app/Config/bootstrap.php
# Dec 5th 2017, 17:22 xapak Hmm, don’t see the app_local.php reference in bootstrap.php for 2.10. Maybe a 3.X thing?
# Dec 5th 2017, 17:22 hmic says the same like i just did
# Dec 5th 2017, 17:21 dereuromark See also http://sandbox.dereuromark.de/pages/best-practices#config
# Dec 5th 2017, 17:20 xapak Awesome, let me check.
# Dec 5th 2017, 17:20 xapak Something like that.
# Dec 5th 2017, 17:20 xapak That!
# Dec 5th 2017, 17:20 hmic this is the common and best practices. - if you check the bootstrap.php you will notice a reference to app_local.php, it's just commented, remove the comment and put your local config/secrets there.
# Dec 5th 2017, 17:19 hmic that overwrites and adds to the version controlled app.php file
# Dec 5th 2017, 17:18 hmic or have a - git excluded - app_local.php file
# Dec 5th 2017, 17:18 hmic on your question: you can either inject the configuration needed via the environment
# Dec 5th 2017, 17:18 xapak Alright, so, to keep things in context: What’s the state of the art on how CakePHP 3.5 handles secrets then?
# Dec 5th 2017, 17:18 hmic really really do!
# Dec 5th 2017, 17:17 hmic go with 3.5!
# Dec 5th 2017, 17:17 hmic you said it's a new project started on cake
# Dec 5th 2017, 17:17 xapak They have legacy project on PHP 5.3 and stuff like that.
# Dec 5th 2017, 17:17 xapak They are not necessarily just copy-pasting, but they are kind of adapting it.
# Dec 5th 2017, 17:17 xapak hmic, I understand, problem is this is kind of new, but they are just leveraging from the project they already have in 2.4 (yah, I know).
# Dec 5th 2017, 17:16 hmic xapak: don't start a new project in 2.10
# Dec 5th 2017, 17:14 xapak I’m already researching things like Hashicorp Vault, but I’m curious in the state of the art of this.
# Dec 5th 2017, 17:14 xapak Just want them to start doing things “the right way” since the beginning.
# Dec 5th 2017, 17:13 xapak DevOps here
# Dec 5th 2017, 17:13 xapak Developers are going to start working on a v2.10 project (to start migrating from legacy), but since it’s a new project, I’m curious: What’s the suggested way for CakePHP to store things like API keys or credentials? I have legacy project generating a new bootstrap.php with the secrets in it during deployment, but I’m curious if CakePHP has any conventions on what file to use for such things.
# Dec 5th 2017, 17:11 hmic but as you said it's request bound - it's not gonna work in a shell context anyways
# Dec 5th 2017, 17:11 xapak Hello.
# Dec 5th 2017, 17:11 hmic if you need it in a shell context and controller context - build a custom lib to include in both.
# Dec 5th 2017, 17:10 hmic they are bound to controllers
# Dec 5th 2017, 17:10 hmic of course not
# Dec 5th 2017, 17:07 meder do they load in cli?
# Dec 5th 2017, 17:07 meder are there limitations to components, hmic?
# Dec 5th 2017, 16:43 hmic meder: request related: controller/component, response related: controller/component too, model "conditions": table with custom finder