{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 The star\" 的问题《Should server/database config files, including pas》','https://www.manongdao.com/q-72483.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm looking to hear some best practices...
Assuming a web application that interacts with a few different production servers (databases, etc.)... should the configuration files that include database passwords be stored in source control (e.g., git, svn)?
If not, what's the best way to keep track of server database (or other related) passwords that your application needs access to?
Edit: added a bounty to encourage more discussion and to hear what more people consider best practice.
Without a proper build process, I'm using this strategy (for PHP apps):
/etc/companynameIn it, place two files:
Make both files readable only by your PHP process
Now your app's config file will be something like:
With this in place, the environment defines the credentials used, and you can move code between pre-configured environments (and control some options with
$env). This, of course, can be done with server environment variables, but this a) is simpler to setup and b) doesn't expose credentials to every script on the server (won't show up in a stray debugging junk likephpinfo()).For easier reading outside PHP you could make the credential files JSON or something and just put up with the tiny performance hit (APC won't cache them).