-
Notifications
You must be signed in to change notification settings - Fork 6
Home
Sites running on the Pantheon Platform can access secrets at PHP Runtime with a simple function. This is great for securely handling API keys or plugin license keys.
To get started, install the Secrets Manager terminus plugin:
terminus self:plugin:install terminus-secrets-manager-plugin
Add a secret to your site with the web scope:
terminus secret:site:set <site> <secret-name> --scope=web
You can now access this secret with any PHP 7.4 or 8.x site with the following:
if ( function_exists('pantheon_get_secret') ) {
$secret_key = pantheon_get_secret( 'secret-name' ) );
}See the main readme for details on organization and environment-override secrets.
Since secrets set via Secrets Manager are only available when the site is running on the Pantheon platform, you may choose to create a pantheon_get_secret() local alternative. An officially paved path for local development will be available before Secrets Management hits General Availability.
For example, you can add the following to your wp-config-local.php:
if ( ! function_exists( 'pantheon_get_secret' ) ) {
function pantheon_get_secret($key) {
$jsonString = file_get_contents('secrets.json');
$secrets = json_decode($jsonString, true);
// Check if the key exists in the decoded JSON
if (isset($secrets[$key])) {
return $secrets[$key];
} else {
// Key not found
return null;
}
}
}Then add a file called secrets.json to your repo with a local version of your keys:
{
"key_name": "value"
}
Be sure to add this file to your .gitignore so it is not committed to your repo.