| # |
Dec 5th 2017, 17:34 |
 dereuromark |
as could any other attr |
| # |
Dec 5th 2017, 17:34 |
dereuromark |
makes sense, because it could contain dangerous HTML |
| # |
Dec 5th 2017, 17:34 |
dereuromark |
it does, yeah |
| # |
Dec 5th 2017, 17:34 |
hmic |
escape => true escapes the placeholder?! |
| # |
Dec 5th 2017, 17:32 |
dereuromark |
How do you do placeholder newlines in textareas? 'and#10;' would be escaped, but I also dont want to disable escape here completely. Couldnt we have PHP_EOL transformed into 'and#10;' for escape => true? |
| # |
Dec 5th 2017, 17:25 |
hmic |
you can use the very same concepts in 2.x already! works exactly the same way |
| # |
Dec 5th 2017, 17:24 |
hmic |
and this for the env reading: https://github.com/cakephp/app/blob/master/config/app.default.php#L260 |
| # |
Dec 5th 2017, 17:24 |
xapak |
Yeah, looks like 3.X thing. But totally, gonna tell them to set something like that for their project. |
| # |
Dec 5th 2017, 17:24 |
hmic |
https://github.com/cakephp/app/blob/master/config/bootstrap.php#L80 |
| # |
Dec 5th 2017, 17:23 |
hmic |
this one instead: https://github.com/cakephp/app/blob/master/config/bootstrap.php |
| # |
Dec 5th 2017, 17:23 |
hmic |
if you check the app.php in the cake3 base app, you will notice it tries to read many settings from the environment too already |
| # |
Dec 5th 2017, 17:22 |
xapak |
https://github.com/cakephp/cakephp/blob/10fcd7633d40b100a57054025dd38cd008fded80/app/Config/bootstrap.php |
| # |
Dec 5th 2017, 17:22 |
xapak |
Hmm, don’t see the app_local.php reference in bootstrap.php for 2.10. Maybe a 3.X thing? |
| # |
Dec 5th 2017, 17:22 |
hmic |
says the same like i just did |
| # |
Dec 5th 2017, 17:21 |
dereuromark |
See also http://sandbox.dereuromark.de/pages/best-practices#config |
| # |
Dec 5th 2017, 17:20 |
xapak |
Awesome, let me check. |
| # |
Dec 5th 2017, 17:20 |
xapak |
Something like that. |
| # |
Dec 5th 2017, 17:20 |
xapak |
That! |
| # |
Dec 5th 2017, 17:20 |
hmic |
this is the common and best practices. - if you check the bootstrap.php you will notice a reference to app_local.php, it's just commented, remove the comment and put your local config/secrets there. |
| # |
Dec 5th 2017, 17:19 |
hmic |
that overwrites and adds to the version controlled app.php file |
| # |
Dec 5th 2017, 17:18 |
hmic |
or have a - git excluded - app_local.php file |
| # |
Dec 5th 2017, 17:18 |
hmic |
on your question: you can either inject the configuration needed via the environment |
| # |
Dec 5th 2017, 17:18 |
xapak |
Alright, so, to keep things in context: What’s the state of the art on how CakePHP 3.5 handles secrets then? |
| # |
Dec 5th 2017, 17:18 |
hmic |
really really do! |
| # |
Dec 5th 2017, 17:17 |
hmic |
go with 3.5! |
| # |
Dec 5th 2017, 17:17 |
hmic |
you said it's a new project started on cake |
| # |
Dec 5th 2017, 17:17 |
xapak |
They have legacy project on PHP 5.3 and stuff like that. |
| # |
Dec 5th 2017, 17:17 |
xapak |
They are not necessarily just copy-pasting, but they are kind of adapting it. |
| # |
Dec 5th 2017, 17:17 |
xapak |
hmic, I understand, problem is this is kind of new, but they are just leveraging from the project they already have in 2.4 (yah, I know). |
| # |
Dec 5th 2017, 17:16 |
hmic |
xapak: don't start a new project in 2.10 |
| # |
Dec 5th 2017, 17:14 |
xapak |
I’m already researching things like Hashicorp Vault, but I’m curious in the state of the art of this. |
| # |
Dec 5th 2017, 17:14 |
xapak |
Just want them to start doing things “the right way” since the beginning. |
| # |
Dec 5th 2017, 17:13 |
xapak |
DevOps here |
| # |
Dec 5th 2017, 17:13 |
xapak |
Developers are going to start working on a v2.10 project (to start migrating from legacy), but since it’s a new project, I’m curious: What’s the suggested way for CakePHP to store things like API keys or credentials? I have legacy project generating a new bootstrap.php with the secrets in it during deployment, but I’m curious if CakePHP has any conventions on what file to use for such things. |
| # |
Dec 5th 2017, 17:11 |
hmic |
but as you said it's request bound - it's not gonna work in a shell context anyways |
| # |
Dec 5th 2017, 17:11 |
xapak |
Hello. |
| # |
Dec 5th 2017, 17:11 |
hmic |
if you need it in a shell context and controller context - build a custom lib to include in both. |
| # |
Dec 5th 2017, 17:10 |
hmic |
they are bound to controllers |
| # |
Dec 5th 2017, 17:10 |
hmic |
of course not |
| # |
Dec 5th 2017, 17:07 |
meder |
do they load in cli? |
| # |
Dec 5th 2017, 17:07 |
meder |
are there limitations to components, hmic? |