MariaRomanov
Depends where you are deploying. If you’re deploying to AWS or Azure you can use their secret manager and replace the secret text in the config.php file with the path to the secret, then write a simple utility file to read the secret. If you are deploying to a Windows Server you can store an encrypted value in the registry and write a class to decrypt/read from the registry.
Yeah, or just continue to have two separate config files.
My team is in a bit of a different situation as we are cloud hosted but I suspect it’s a similar approach. We have secrets hosted in AWS and our config file just references the secret name. We then have a SecretReader utility in our code which we reference to pull the secret from AWS at runtime, that way it doesn’t show up as plaintext in our code. Our CI/CD doesn’t touch the secret at all in that use case – we only use secrets in our CI/CD if there is a step such as connecting to a DB that is part of our pipeline.
I guess this may be standard, but I’m running unit tests as part of my CI. Integration tests that can’t be mocked go in the CD pipeline. For automated UAT, I have a branch on the CD pipeline that runs on the agent after a deploy, but in order to make the agent more agnostic I am toying with the idea of running the tests on a VM or on the deployed location.
I yearn to be free
To plant a tall tree
Or maybe five or fifty
A greener world would be nifty
/
Power corrupts
So why should we bother
With coups so abrupt
And Dictator Father?
/
Yet democracy still
Gives me a chill
Tyranny of the masses
Why the rose colored glasses?
/
Corporate greed
Is not immune
From society’s bleed
Into authoritarian noon
/
So what, then? A king?
Or anarchy’s kiss?
How do we give up the bling?
Live a life full of bliss?
/
The truth lies inside
The life we observe
Is the one that we chose
And thus, what we deserve
/
If we want to be free
Change from a few’s not enough
Not just a million and three
But collectively, all of us