PHPackages nedsbeds/blt-secrets-management - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. nedsbeds/blt-secrets-management ActiveLibrary[Utility & Helpers](/categories/utility) nedsbeds/blt-secrets-management =============================== Easy secret management for Acquia BLT. v1.0(3y ago)896.2k↓36.5%2[1 PRs](https://github.com/nedsbeds/blt-secrets-management/pulls)GPL-2.0+PHP Since May 19Pushed 3y ago1 watchersCompare [ Source](https://github.com/nedsbeds/blt-secrets-management)[ Packagist](https://packagist.org/packages/nedsbeds/blt-secrets-management)[ RSS](/packages/nedsbeds-blt-secrets-management/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (3)DependenciesVersions (6)Used By (0) Acquia BLT Secret management ============================ [](#acquia-blt-secret-management) This is an [Acquia BLT](https://github.com/acquia/blt) plugin providing an easy way to control [secrets storage](https://docs.acquia.com/resource/secrets/) . This plugin is **community-created** and **community-supported**. Acquia does not provide any direct support for this software or provide any warranty as to its stability. The plugin uses ansible and ansible-vault to store secrets credentials encrypted in your repository. It then allows you to deploy these credentials in a secure and repeatable way, ensuring that secret settings files have correct syntax and are up to date. Installation and usage ---------------------- [](#installation-and-usage) To use this plugin, you must already have a Drupal project using BLT. The plugin assumes your drush aliases have ssh hostnames and usernames, and that you have SSH keys to access those environments already configured. In your project, require the plugin with Composer: `composer require nedsbeds/blt-secrets-management` Creating a new vault -------------------- [](#creating-a-new-vault) Initialize the new vault by calling `secrets:vault:init` which will prompt you for a new password to encrypt your vault. It will create a minimal vault file for adding your secrets. Editing your vault ------------------ [](#editing-your-vault) Call the command `secrets:edit` which will prompt for your password to decrypt the vault file. Your default editor will open with a temp file where you can make your changes. Once done, save and close the file for it to be re-enccrypted. You should now commit the vault file to your repository > Note: You can change the default editor by setting the environment variable DEFAULT\_EDITOR > > e.g. `export DEFAULT_EDITOR=subl -w` Diff command ------------ [](#diff-command) Call the command `secrets:diff` with a drush alias and the plugin will first create your secrets.settings.php file from your encrypted information, then run a php lint to ensure it is valid PHP. It will then show you any differences between the generated settings file and the file on that environment. Deploy command -------------- [](#deploy-command) Call the command `secrets:deploy` with a drush alias and the plugin will first create your secrets.settings.php file from your encrypted information, then run a php lint to ensure it is valid PHP. It will then overwrite the settings file on that environment with your new values. Adding new settings ------------------- [](#adding-new-settings) The plugin requires to elements. - the vault-file with your credentials - A settings.secrets.php template to show how your credentials are used The vault file is in JSON format and allows you to have a different credential per environment. ``` { "secrets": { "example_api_key": { "@local": "localsecret", "@dev": "devsecret", "@test": "stagesecret", "@prod": "prodsecret" } } } ``` You should add your own credentials in the `secrets` array, and update the environment names to match your drush aliases To edit this file, run `secrets:edit` The secrets.settings.php template is located in `/secrets/secrets.settings.php.j2` and uses the jinja templating language. ```