Contrib.social

Investigation config export

Open on Drupal.org β†’
Created on 5 May 2023, over 1 year ago
Updated 14 July 2023, about 1 year ago

Problem/Motivation

The exported config contains hashes, which it might not be desired to include in a repo.

We need to investigate a way to ignore this config by default and decide if this is a better approach.

Alternatively we should at least update the README and maybe project page to highlight that the config export does this, that way userscan make decisions based on the knowledge.

Steps to reproduce

Install the module.
Export the config.
Examine the config exported.

Proposed resolution

Either remove the hashes from the export or update the Documentation

Remaining tasks

Make a decision on whether the hashes should be exported.
Remove the hashes from the exported config.
or
Update the README and maybe project page to highlight the config that is exported

User interface changes

None

API changes

None

Data model changes

None

✨ Feature request
Status

Fixed

Version

1.0

Component

Code

Created by

πŸ‡¬πŸ‡§United Kingdom the_g_bomb

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @the_g_bomb
  • Assigned to i-trokhanenko
  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡¦Ukraine i-trokhanenko Lutsk πŸ‡ΊπŸ‡¦
  • Issue was unassigned.
  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡¦Ukraine i-trokhanenko Lutsk πŸ‡ΊπŸ‡¦

    I think we should leave everything as it is. Most modules use configs to store private keys, passwords, etc. The Site Guardian hash can be easily overwritten in settings.php if needed.

    For example, the Stripe module uses the same way to store public/private API keys, see below.
    https://git.drupalcode.org/project/stripe/-/blob/8.x-1.x/config/install/...

    As an alternative solution, we can use the Drupal State APi β†’ if we don't want to share the same hash between different site environments (dev/stage/prod).

    Let me know what do you think. Thanks!

  • Assigned to the_g_bomb
  • Status changed to Needs review over 1 year ago
  • Comment over 1 year ago β†’
    seeduardo

    Thanks so much for this useful input @i-trokhanenko - I would tend to agree, but we can discuss further first if you like @the_g_bomb.

  • Comment over 1 year ago β†’
    πŸ‡¬πŸ‡§United Kingdom the_g_bomb

    I agree that we should leave it as it.
    If we want to update the README to highlight things, we could add something like;

    ## Configuration management
When exporting the site configuration, the site_guardian_key will be included in the config file with everything else. This is not unusual, as most modules use the configs to store private keys, passwords, etc., but there are any number of reasons why you may not wish to store the exported value and there are several ways to avoid this.
You may try overwriting the value in the settings.php for example. You could also consider the [State API](https://www.drupal.org/docs/8/api/state-api/overviewduckduckgo.com) or perhaps even the [Config ignore module](https://www.drupal.org/project/config_ignore) to help with this.
  • Status changed to RTBC over 1 year ago
  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡¦Ukraine i-trokhanenko Lutsk πŸ‡ΊπŸ‡¦

    That makes sense to me, let's add notes from the #5 comment to the README. Thank you @the_g_bomb

  • @the_g_bomb opened merge request.
  • Status changed to Fixed about 1 year ago
  • Comment about 1 year ago β†’
    πŸ‡¬πŸ‡§United Kingdom the_g_bomb

    Merged. Perhaps we should update the project page with the new info included in the README, now.

  • Comment about 1 year ago β†’
    System Message

    Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024