Skip to content

enable additional/external config location -- outside of install/web-root #16472

@pgnd

Description

@pgnd

For NC installs, configs are in

	server/config/config.php

That's INSIDE server webroot.

On install, it's populated with secure credentials -- including 'secret', 'passwordsalt', 'dbuser' & 'dbpassword'.

Yes, config files can be excluded from webserver view & ignored by git.

That's subject to 'unfortunate mistakes'.

and, yes, injecting ENV vars is available

Support for config files outside the installation
#7976

Override config.php values through environment variables
#3966

but having params floating around in ENV is not uniquely ideal; e.g. discussion at

https://techbeacon.com/devops/how-keep-your-container-secrets-secure

It'd be useful, at least, to be able to specify an additional config dir outside of webroot.

Perhaps (just) as an option to a cmd-line install, e.g.

	php occ maintenance:install \
	...
	--data-dir="/absolute/path1/to/data/" \
+	--additional-config-dir="/absolute/path2/to/additional-configs/"

Ideally, for config keys/values defined in that additional-config dir, they'd be used by NC -- both at install-time, if preexisting, as well as runtime.

So, e.g, if

/absolute/path2/to/additional-configs/secure.config.php
	$CONFIG = array (
	  'passwordsalt' => 'A...A',
	  'secret'       => 'B...B',
	  'dbpassword'   => 'C...C',
	);

NC would use/write those values ONLY in that file, and not populate them in (webroot)server/config/*

Metadata

Metadata

Assignees

No one assigned

    Labels

    0. Needs triagePending check for reproducibility or if it fits our roadmapenhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions