Adobe Commerce 2.3 reached end of support in September 2022.

Sensitive and environment settings

This topic discusses how third-party developers can create Magento components that designate configuration settings as being sensitive, system-specific, or both.

Guidelines

Use the following guidelines to determine which settings to designate as sensitive, system-specific, or both.

Magento stores these settings in <Magento root dir>/app/etc/env.php. Do not include this file in source control.

Sensitive values

Sensitive configuration values hold restricted or confidential information.

Examples of sensitive information include:

  • Keys (such as API keys)
  • Usernames and passwords
  • E-mail addresses
  • Any personally identifiable information (e.g., address, phone number, date of birth, government identification number, etc.)

In keeping with current security and privacy best practices, be sure you are aware of any potential legal and security risks associated with the storage of customers’ full date of birth (month, day, year) along with other personal identifiers, such as full name, before collecting or processing such data.

Environment or system-specific values

Environment or system-specific values are unique to the system where Magento is deployed.

Examples of environment or system-specific values include:

  • URLs
  • IP addresses
  • Ports
  • Hostnames
  • Domain names
  • Paths (e.g., custom paths, proxy host, proxy port)
  • “modes” (e.g, sandbox mode, debug mode, test mode)
  • SSL (only for non-payment)
  • E-mail recipients
  • Administrative settings between systems (e.g., password expiration limits)

How to specify values as sensitive or system-specific

Add a reference to Magento\Config\Model\Config\TypePool to the di.xml file to specify either a system-specific or sensitive configuration value.

Example: Sensitive settings

1
2
3
4
5
6
7
<type name="Magento\Config\Model\Config\TypePool">
   <arguments>
      <argument name="sensitive" xsi:type="array">
         <item name="payment/test/password" xsi:type="string">1</item>
      </argument>
   </arguments>
</type>

After specifying the sensitive setting, use the following commands to verify it:

1
bin/magento cache:clean
1
bin/magento app:config:dump

A message similar to the following is displayed:

1
2
3
The configuration file doesn't contain sensitive data for security reasons. Sensitive data can be stored in the following environment variables:
CONFIG__DEFAULT__PAYMENT__TEST__PASWORD for payment/test/password
Done.

Example: System-specific settings

1
2
3
4
5
6
7
<type name="Magento\Config\Model\Config\TypePool">
   <arguments>
      <argument name="environment" xsi:type="array">
         <item name="catalog/search/searchengine/port" xsi:type="string">1</item>
      </argument>
   </arguments>
</type>

Sensitive, system-specific setting

To set a configuration setting as both sensitive and system-specific, create two entries with the name property for argument set to sensitive for one entry and environment for the other.

Related topics