The cryptography layer ensures the environment can encrypt and decrypt data when necessary or requested.
To safely store the key, used to encrypt and decrypt, a UNIX environment variable, not to be confused with a Alumio environment variable, can be introduced. By setting a value to MAGEMENT_SECRET, it will be used as key.
To generate a new key to store in the environment variable, use the following:
vendor/bin/magement environment:key:generate
This will output something like:
{
"key": "generated-key"
}
Only select the "generated-key" part when copying the key.
Setting the secret
Depending on what part of Alumio is running on a given environment, the following shows how to set MAGEMENT_SECRET in different locations. These are just a few examples. Your hosting of choice may need a different approach.
The location of this file depends on the operating system and host configuration. A common place to look is in /etc/apache2/sites-available/*.conf
SetEnv MAGEMENT_SECRET "generated-key-goes-here"
For this to work, the env module is required. For more information, refer to the official Apache documentation.
sudo a2enmod env
Bash
New Bash sessions In ~/.bashrc add the following:
export MAGEMENT_SECRET="generated-key-goes-here"
Current shell session Run the following command in an active shell.
export MAGEMENT_SECRET="generated-key-goes-here"
System wide
It is strongly advised not to use this method when Alumio instances share the same server.
Use the file: /etc/environment.d/90-magement.conf
MAGEMENT_SECRET="generated-key-goes-here"
This file has to be created by the root user. Updating or creating it requires a full system reboot in order to take effect.