Which would be the best way to store encrypted parameters to use in your services in symfony?

Question

I\'m currently storing the secrets in parameters.yml which is a plain text.

I would like to keep some parameters and environment vars as secrets so only myself and S

Answer 1

Yes, you can solve it in 2 different approaches:

Build a compiler pass that decrypt the parameters

http://symfony.com/doc/current/service_container/compiler_passes.html

Choose a suitable encryption/decryption algorithm: https://paragonie.com/blog/2015/11/choosing-right-cryptography-library-for-your-php-project-guide

Your compiler pass

class DecryptParameterPass implements CompilerPassInterface
{
    public function process(ContainerBuilder $container)
    {
        if ($container->hasParameter('you_paramater_enc') && (!$container->hasParameter('you_paramater') or !!$container->getParameter('you_paramater'))) {
            $container->setParameter('you_paramater', your_decrypt_method($container->getParameter('you_paramater_enc')));
        }
    }
}

Your bundle

class AppBundle extends Bundle
{
    public function build(ContainerBuilder $container)
    {
        $container->addCompilerPass(new DecryptParameterPass());
    }
} 

You can use complex expressions to call a service that decrypts the parameters

https://symfony.com/doc/current/service_container/expression_language.html