[RFC] Move SECRETS in a new components📦️ #44151
Comments
|
Thank you for your proposal. This issue is open for quite some time now and I think we should decide on it. I think it would make sense to extract the secrets-related classes into a dedicated component to make it reusable. Regarding your use-case however:
If a dedicated component is released, it would as of now be released as part of Symfony 6.1 which requires PHP 8 already. If a PHP 7.1 backport is what you need, your fork would be the way to go. |
|
@derrabus For me, it would be enough to extract them for future Symfony versions and PHP versions. It would really be helpful to use it without the framework-bundle, as a separate component. Not sure about others but extracting them is definitely a new feature so not something that needs to be part of 5.4 |
|
Makes sense to me as well. |
|
Btw, I'm not sure if a new component is needed for this. Wouldn't it make more sense to integrate this with the Dotenv component (if we want to separate it from the framework bundle)? |
|
@wouterj possibly |
|
I wouldn't make secrets a Dotenv concern. Dotenv's job is to handle dotenv files, while secrets don't necessarily have to be in dotenv files. I think a dedicated component makes sense even if it is small at first, that would open more possibilities regarding how secrets can be loaded and dumped. |
|
Hmm. strictly speaking I could use the SodiumVault without ever needing DotEnv at all. This might be different for the DotEnv vault but the sodium would work standalone and DotEnv itself doesn't necessarily require the vaults. EDIT: Actually, even the DotEnvVault can be used independently from DotEnv. |
|
Any news regarding when the component will be created? Will it be ready for 6.2? |
|
@AndreasA Symfony is open source, there is no plan. If you're motivated to contribute this to Symfony, feel free to start a pull request. |
|
@wouterj OK. I might do so but how would I best go about creating a separate component for it? and what should the name be? otherwise it makes no sense 😄 I guess I would move it into should the current classes still be available at the beginning (for BC) or can I just remove them altogether in this case as they are marked internal anyway? |
|
Don't worry too much about the PR not being perfect at the start - almost no PR is (especially the ones introducing new components). As long as there is a starting point to the discussion, it's great. This means the most important thing to demonstrate is: the classes as-is are usable as a standalone component (e.g. they don't depend on things from the bundle or framework). I would suggest following the description of this issue as start: You also need to copy some basic files from another component - e.g. README, LICENSE, phpunit.xml.dist, etc. We have a CI check to see if all metadocuments are copied correctly, so even here you don't have to worry too much - CI will tell you if you're missing something. |
|
Closing as explained in #45571 (comment), thanks for proposing. |
…ctly outside Symfony (AndreasA) This PR was squashed before being merged into the 6.2 branch. Discussion ---------- [FrameworkBundle] Allow secrets vaults to be used directly outside Symfony | Q | A | ------------- | --- | Branch? | 6.2 | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | | License | MIT | Doc PR | This PR removes the internal tag from the secrets vaults. This allows developers to use them directly without the need to use Symfony config etc. They still have to install the whole framework bundle but that just means an overhead during download, they are still able to directly instantiate the vault using `new SodiumVault(....)` for instance. Furthermore, by removing internal from the AbstractVault, it is possible to add a custom vault and specify it replacing the `secrets.vault` service for instance. See ticket: #44151 and previous PR: #45571 Commits ------- df953f0 [FrameworkBundle] Allow secrets vaults to be used directly outside Symfony
…ctly outside Symfony (AndreasA) This PR was squashed before being merged into the 6.2 branch. Discussion ---------- [FrameworkBundle] Allow secrets vaults to be used directly outside Symfony | Q | A | ------------- | --- | Branch? | 6.2 | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | | License | MIT | Doc PR | This PR removes the internal tag from the secrets vaults. This allows developers to use them directly without the need to use Symfony config etc. They still have to install the whole framework bundle but that just means an overhead during download, they are still able to directly instantiate the vault using `new SodiumVault(....)` for instance. Furthermore, by removing internal from the AbstractVault, it is possible to add a custom vault and specify it replacing the `secrets.vault` service for instance. See ticket: symfony/symfony#44151 and previous PR: symfony/symfony#45571 Commits ------- df953f038e [FrameworkBundle] Allow secrets vaults to be used directly outside Symfony
…ctly outside Symfony (AndreasA) This PR was squashed before being merged into the 6.2 branch. Discussion ---------- [FrameworkBundle] Allow secrets vaults to be used directly outside Symfony | Q | A | ------------- | --- | Branch? | 6.2 | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | | License | MIT | Doc PR | This PR removes the internal tag from the secrets vaults. This allows developers to use them directly without the need to use Symfony config etc. They still have to install the whole framework bundle but that just means an overhead during download, they are still able to directly instantiate the vault using `new SodiumVault(....)` for instance. Furthermore, by removing internal from the AbstractVault, it is possible to add a custom vault and specify it replacing the `secrets.vault` service for instance. See ticket: symfony/symfony#44151 and previous PR: symfony/symfony#45571 Commits ------- df953f038e [FrameworkBundle] Allow secrets vaults to be used directly outside Symfony
Description
I really like the principle of symfony secrets, so much that I would like to use it with other frameworks.
In my case, I would like to use it with phalcon and php 7.1. The problem is that I don't need to have all the components of the FrameworkBundle.
I created a repository to extract the implementation of the symfony secrets. I just copied the code but it's not a viable long term alternative: https://github.com/casahugo/secrets
Thank you for your work.
Example
Create new repository
symfony/secrets(orsymfony/vault) in packagist to run the commandExtract the files
composer.json
{ "name": "symfony/secrets", "license": "MIT", "require": { "php": ">=7.2.5", "paragonie/sodium_compat": "^1.17", "symfony/console": "^4|^5" }, "require-dev": { "phpunit/phpunit": "^7.5.20", "symfony/dotenv": "^4|^5" }, "autoload": { "psr-4": { "Symfony\\Secrets\\": "src/" } }, "autoload-dev": { "psr-4": { "Symfony\\Secrets\\Tests\\": "tests/" } } }In https://github.com/symfony/framework-bundle edit
composer.jsonto avoid a BCBreak.The text was updated successfully, but these errors were encountered: