I know Magento stores the database connection details within the local.xml
file, however our firm is trying to avoid passwords and other sensitive data being stored within our git repo's for security purposes.
I know you can create Environment Variables easily via an .htaccess
file, but I'm hoping to find a workable solution that will enable me to set this database information dynamically from a environment variable.
As the local.xml
is an XML file and as this is a non dynamic/server-side filetype we cannot use it to read environment variables.
Would there be a way to somehow add in some hook/custom behaviour to Magento in which I could replace the local.xml
with a PHP file that will allow me to pull in these environment variables?
So in a sense, the local.XML
would become a local.PHP
file with the ability to read my own custom environment variables such DB_HOST, DB_USERNAME, DB_PASSWORD
rather than having them already set in the xml file as localhost, root, password123
etc.
Any ideas on how best to achieve this, or are there any existing Magento add-ons/extensions/mods that will allow me to do this?
I would suggest git ignore your local.xml and dynamically create it with your deploy script. your deploy script should have your sensitive data variables.
I found an alternative solution to the problem. I extended Mage_Core_Model_Config_Element and overrode the 'xmlentities' function to check if the configuration value it is returning starts with a dollar sign, and if so substitute it with the equivalent environment variable.
If it helps anyone else, here it is...
https://github.com/rossigee/magento-config-envvars
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With