What is the SECRET parameter in Symfony2 used for?

Question

can anyone tell me what is the SECRET parameter of parameters.yml in Symfony2?

Answer 1

It is a security-related parameter used by the framework. From the doc :

This is a string that should be unique to your application and it's commonly used to add more entropy to security related operations. Its value should be a series of characters, numbers and symbols chosen randomly and the recommended length is around 32 characters.

Symfony2 uses this secret parameter for example to generate csrf tokens.

You can find more details, examples in the doc regarding the secret parameter.

Answer 2

You just need to open console (on unix/mac/bsd) and run this command to get some random number with lenght 48:

$ sudo apt-get update && sudo apt-get install pwgen
$ pwgen 48 1 -By

which will produces something like this: bah7oTeixi~to.aFoh~quoh~Yee3eequomae7aib`ie#hoo7

or you just could use your dev/urandom for that: $ cat /dev/urandom | strings --bytes 1 | tr -d '\n\t [](){}"' | head --bytes 48

after that you could set it as value of secret parameter instead of ThisTokenIsNotSecretChangeIt

I also do not recommend to use http://nux.net/secret for that because of limited length and limited secret number's alphabet (a-f0-9+)