Cryptography

The cryptography layer ensures the environment can encrypt and decrypt data when necessary or requested.

To safely store the key, used to encrypt and decrypt, a UNIX environment variable, not to be confused with a Alumio environment variable, can be introduced. By setting a value to MAGEMENT_SECRET, it will be used as key.

To generate a new key to store in the environment variable, use the following:

vendor/bin/magement environment:key:generate

This will output something like:

{
"key": "generated-key"
}

Only select the "generated-key" part when copying the key.

Setting the secret

Depending on what part of Alumio is running on a given environment, the following shows how to set MAGEMENT_SECRET in different locations. These are just a few examples. Your hosting of choice may need a different approach.

Apache 2

The location of this file depends on the operating system and host configuration. A common place to look is in /etc/apache2/sites-available/*.conf

SetEnv MAGEMENT_SECRET "generated-key-goes-here"

For this to work, the env module is required. For more information, refer to the official Apache documentation.

sudo a2enmod env

Bash

New Bash sessions In ~/.bashrc add the following:

export MAGEMENT_SECRET="generated-key-goes-here"

Current shell session Run the following command in an active shell.

export MAGEMENT_SECRET="generated-key-goes-here"

System wide

It is strongly advised not to use this method when Alumio instances share the same server.

Use the file: /etc/environment.d/90-magement.conf

MAGEMENT_SECRET="generated-key-goes-here"

This file has to be created by the root user. Updating or creating it requires a full system reboot in order to take effect.