File tree Expand file tree Collapse file tree 1 file changed +8
-6
lines changed Expand file tree Collapse file tree 1 file changed +8
-6
lines changed Original file line number Diff line number Diff line change @@ -233,17 +233,19 @@ manually store this file somewhere and deploy it. There are 2 ways to do that:
233233
2342341) Uploading the file:
235235
236- The first option is to copy the **decryption key ** -
237- ``/ config/secrets/prod/prod.decrypt.private.php
236+ The first option is to copy the **production decryption key
237+ ``config/secrets/prod/prod.decrypt.private.php `` to your server(s).
238238
2392392) Using an Environment Variable
240240
241241The second way is to set the ``SYMFONY_DECRYPTION_SECRET `` environment variable
242- to the base64 encoded value of the **decryption key **. A fancy way to fetch the
243- value of the key is:
242+ to the base64 encoded value of the **production decryption key
243+ fetch the value of the key is:
244244
245245.. code-block :: terminal
246246
247+ # this command only gets the value of the key; you must also set an env var
248+ # in your system with this value (e.g. `export SYMFONY_DECRYPTION_SECRET=...`)
247249 $ php -r 'echo base64_encode(require "config/secrets/prod/prod.decrypt.private.php");'
248250
249251
@@ -253,8 +255,8 @@ your secrets during deployment to the "local" vault:
253255
254256 $ php bin/console secrets:decrypt-to-local --force --env=prod
255257
256- put all the decrypted secrets into ``.env.prod.local ``. After doing this,
257- the decryption key does *not * need to remain on the server.
258+ write all the decrypted secrets into the ``.env.prod.local `` file.
259+ After doing this, the decryption key does *not * need to remain on the server.
258260
259261Rotating Secrets
260262----------------
You can’t perform that action at this time.
0 commit comments