Sensitive and environment-specific settings
This topic discusses how third-party developers can create components that designate configuration settings as being sensitive, environment-specific, or both.
Use the following guidelines to determine which settings to designate as sensitive, system-specific, or both.
Adobe Commerce and Magento Open Source store these settings in
<Application root dir>/app/etc/env.php.
Do not include this file in source control.
Sensitive configuration values hold restricted or confidential information.
Examples of sensitive information include:
- Keys (such as API keys)
- Usernames and passwords
- E-mail addresses
- Any personally identifiable information (e.g., address, phone number, date of birth, government identification number, etc.)
In keeping with current security and privacy best practices, be sure you are aware of any potential legal and security risks associated with the storage of customers’ full date of birth (month, day, year) along with other personal identifiers, such as full name, before collecting or processing such data.
Environment or system-specific values#
Environment or system-specific values are unique to the system where the application is deployed.
Examples of environment or system-specific values include:
- IP addresses
- Domain names
- Paths (e.g., custom paths, proxy host, proxy port)
- "modes" (e.g, sandbox mode, debug mode, test mode)
- SSL (only for non-payment)
- E-mail recipients
- Administrative settings between systems (e.g., password expiration limits)
How to specify values as sensitive or system-specific#
Example: Sensitive settings#
Copied to your clipboard1<type name="Magento\Config\Model\Config\TypePool">2 <arguments>3 <argument name="sensitive" xsi:type="array">4 <item name="payment/test/password" xsi:type="string">1</item>5 </argument>6 </arguments>7</type>
After specifying the sensitive setting, use the following commands to verify it:
Copied to your clipboardbin/magento cache:clean
Copied to your clipboardbin/magento app:config:dump
A message similar to the following is displayed:
Copied to your clipboard1The configuration file doesn't contain sensitive data for security reasons. Sensitive data can be stored in the following environment variables:2CONFIG__DEFAULT__PAYMENT__TEST__PASWORD for payment/test/password3Done.
Example: System-specific settings#
Copied to your clipboard1<type name="Magento\Config\Model\Config\TypePool">2 <arguments>3 <argument name="environment" xsi:type="array">4 <item name="catalog/search/searchengine/port" xsi:type="string">1</item>5 </argument>6 </arguments>7</type>
Sensitive, system-specific setting#
To set a configuration setting as both sensitive and system-specific, create two entries with the
name property for
argument set to
sensitive for one entry and
environment for the other.