setup secrets variables for all of the environnements

.env

@@ -18,9 +18,14 @@ APP_DEBUG=0
 APP_SECRET=6a76497c8658bb23e2236f97a2627df3
 ###< symfony/framework-bundle ###
 
-###> doctrine/doctrine-bundle ###
+###> secret values <###
+# > @see doc/env.md
 DATABASE_URL=xxx
-###< doctrine/doctrine-bundle ###
+DATABASE_ADMINASSOS_URL=xxx
+DATABASE_AUDIT_URL=xxx
+DOLIBARR_API_TOKEN=xxx
+MERCURE_JWT_SECRET=xxx
+###< secret values ###
 
 ###> nelmio/cors-bundle ###
 CORS_ALLOW_ORIGIN=^https?://(localhost|127\.0\.0\.1)(:[0-9]+)$
@@ -38,7 +43,6 @@ OPENTALENT_CONFIG=/config/opentalent
 
 ###> dolibarr client ###
 DOLIBARR_API_BASE_URI=https://dev-erp.2iopenservice.com/api/index.php/
-DOLIBARR_API_TOKEN=Bocc4zC0J186v8J6QCqu7DnoIw4I7mCJ
 ###< dolibarr client ###
 
 ###> mobyt client ###
@@ -84,18 +88,8 @@ ELASTICSEARCH_PORT=9200
 MERCURE_URL=xxx
 # The public URL of the Mercure hub, used by the browser to connect
 MERCURE_PUBLIC_URL=xxx
-# The secret key used to sign the JWTs
-MERCURE_PUBLISHER_JWT_KEY=xxx
 ###< symfony/mercure-bundle ###
 
-###> AdminAssos configuration ###
-DATABASE_ADMINASSOS_URL=mysql://root:mysql660@db:3306/adminassos?serverVersion=5.7
-###< AdminAssos configuration ###
-
-###> Audit configuration ###
-DATABASE_AUDIT_URL=mysql://root:mysql660@db:3306/audit?serverVersion=5.7
-###< Audit configuration ###
-
 ###> typo3 client ###
 TYPO3_BASE_URI=http://docker.sub.opentalent.fr
 ###< typo3 client ###

.gitlab-ci.yml

@@ -2,7 +2,7 @@ stages:
   - test
 
 variables:
-  APP_ENV: ci
+  APP_ENV: staging
   SSH_PRIVATE_KEY: $SSH_PRIVATE_KEY
   XDEBUG_MODE: coverage
 

composer.json

@@ -133,6 +133,7 @@
   "scripts": {
     "auto-scripts": {
       "ot:setup:env": "symfony-cmd",
+      "secrets:decrypt-to-local --force": "symfony-cmd",
       "cache:clear": "symfony-cmd",
       "assets:install %PUBLIC_DIR%": "symfony-cmd"
     },

config/secrets/docker/docker.DATABASE_ADMINASSOS_URL.3cc6e9.php

@@ -0,0 +1,3 @@
+<?php // docker.DATABASE_ADMINASSOS_URL.3cc6e9 on Thu, 16 Nov 2023 10:19:24 +0000
+
+return "\x93\xE5\x8F\xE7\xE0X\x93\xB2dJ\x29\xB7\xF6\x27.\xB4~\x23\xE5\x5B\xCCu\x1E\xDC\x0FO\x28\xDA\x9B\xB5\xDC\x7F\x06\x1E\x8E\xC4\xF6ZrR-\xE1\xCEZ\x3BF\x05\x0C\xBE\xD5\x2B\xFE\x10\x09\xBE\xE9S-\xE7\x21u\xB8w\x99\xD8\xDE\x3F\x11\x81\x12\xFF\x3DV\xEC\x03\x88\x06\xD3\xEA\xB4\xC8\xD8\x00zhKv_\xB3\xB4\x29\xED_\xA3\x8D\x02\x95\x5C\xB1\x94\x90\xD0\x0C\x95\x97\x86";

config/secrets/docker/docker.DATABASE_AUDIT_URL.f1a8d2.php

@@ -0,0 +1,3 @@
+<?php // docker.DATABASE_AUDIT_URL.f1a8d2 on Thu, 16 Nov 2023 10:21:36 +0000
+
+return "\x92\x26\xEA\x07\xB9\xE90\x27\xCCX\x94W\x05\x5D\x1E\xDF\x27\xAFG\xD0\xADx\xF1\x96\x81\x01\xDFE\xAF\xA6\xF4s\x83\x9DL\x02\xFE\x06r\xE5\x5C\xF4\xB4\xBBc\x88\xA1n9\x19\xA5\xD52o\xAE\xAF\xA5Vk\x3Dc\x1Ds\x9E\xFC\xD0\xF2\xAAca\xBD\x93\xC7\x01\xAC\x91N\xD3\xED\xE0\xE1qh\x28\xCD\x83\x3F\x7F\x9A\x9D\xDF\xB8\xCCn\xD7\xE3\x9Ax\x0C\xC9\x27";

config/secrets/docker/docker.DATABASE_URL.8ea85a.php

@@ -0,0 +1,3 @@
+<?php // docker.DATABASE_URL.8ea85a on Thu, 16 Nov 2023 10:15:53 +0000
+
+return "\x7F\xDA\x2FU\xBD1\x01\xBC\xC7\xB8\xA0\xE1\x8EqWN\xD2\xEF\x8B\x00\x88V\x20\x0E\x7B\x12\x3E\xEB6\xD1n\x3E\x9Aaf\x9AS\x7D\x95\x02i\x04\xC0\x1D\x2B\x0F\x16\xFE\xCBF\x29\xF6\xD1R\xFCi\xA3D\xDF\xF3\xAF\xF6T\x2F\xCB4u\x27g\x93\xE1wP\x85v\x9F\x01\x8F\xBF\x82X8\x18\x89\xE5\x7C\xF1\x83\xE8f\xE5\xF3\x0Dc7\x96s_\x0C\x0ETh\x21\x16\x60\x7F";

config/secrets/docker/docker.DOLIBARR_API_TOKEN.bdeaba.php

@@ -0,0 +1,3 @@
+<?php // docker.DOLIBARR_API_TOKEN.bdeaba on Thu, 16 Nov 2023 10:28:37 +0000
+
+return "~\xF1fM\xEC\x7DK-\xD9\x95\x5C\x81\xF5\xA3\x8B\x9B\x1D\x0E\xDBxO\x2C\xC2\x5ET\xAF\xA7Q\x28b\xC6\x1DN\xC53FZ\x00\x02Z\x18q\x99\x15\x28\xBC\xA6c\x17\x1Fn\x21\x5B-Y\x91\x01\xD4\xF2\xDE\x94\xB2\x26\xF6\xFAHQ\x9F\x18\xCB\x29\x26\x23\x84-\x1AS\x3B\x8A\xD0";

config/secrets/docker/docker.MERCURE_PUBLISHER_JWT_KEY.e0f9f1.php

@@ -0,0 +1,3 @@
+<?php // docker.MERCURE_PUBLISHER_JWT_KEY.e0f9f1 on Thu, 16 Nov 2023 10:30:07 +0000
+
+return "\xD5\x89\xC7\x1F\xA72L\xF2\xCD\xA5\x1Em\xD3\x2A\xEF1\xC9\x91M\xC9\xF1\x09X\xC4G\x94\x2B\xFC\xDAW\x05\x0Fa\x11\x13\xDE\x04\x08\xD5\x9B\xA8\x40es\xE7O\xBD\x8E\x84\xE9\xEA\x84\x8A\x1F\xED\x8B\x98_\x8D\x2F\x84\xE6\xD1\x3C\x3F\xA6\xF1cV4Y\x8E\xDC\xEAAI\xA2\xE9\x8D8\x90C\xF7\xBD\xED\x00te\x60\x9F\xF5\xC9\xB7\xA9\xF1c\xC0\xDD~\xE8eH\x9C\x0D\x86m\x05t\xD5\x2F\x16\x22";

config/secrets/docker/docker.decrypt.private.php

@@ -0,0 +1,4 @@
+<?php // docker.decrypt.private on Thu, 16 Nov 2023 10:08:31 +0000
+
+// SYMFONY_DECRYPTION_SECRET=7omNksoSvy9aANXer7SmAB87Mup7gcTdtvkZXFaakCgPiNt/KfT24LCON4fMz0g/7Rx2cqkOHV3EsRFjFvS3LA==
+return "\xEE\x89\x8D\x92\xCA\x12\xBF\x2FZ\x00\xD5\xDE\xAF\xB4\xA6\x00\x1F\x3B2\xEA\x7B\x81\xC4\xDD\xB6\xF9\x19\x5CV\x9A\x90\x28\x0F\x88\xDB\x7F\x29\xF4\xF6\xE0\xB0\x8E7\x87\xCC\xCFH\x3F\xED\x1Cvr\xA9\x0E\x1D\x5D\xC4\xB1\x11c\x16\xF4\xB7\x2C";

config/secrets/docker/docker.encrypt.public.php

@@ -0,0 +1,3 @@
+<?php // docker.encrypt.public on Thu, 16 Nov 2023 10:08:31 +0000
+
+return "\x0F\x88\xDB\x7F\x29\xF4\xF6\xE0\xB0\x8E7\x87\xCC\xCFH\x3F\xED\x1Cvr\xA9\x0E\x1D\x5D\xC4\xB1\x11c\x16\xF4\xB7\x2C";

config/secrets/docker/docker.list.php

@@ -0,0 +1,9 @@
+<?php
+
+return [
+    'DATABASE_ADMINASSOS_URL' => null,
+    'DATABASE_AUDIT_URL' => null,
+    'DATABASE_URL' => null,
+    'DOLIBARR_API_TOKEN' => null,
+    'MERCURE_PUBLISHER_JWT_KEY' => null,
+];

config/secrets/prod/prod.DATABASE_ADMINASSOS_URL.3cc6e9.php

@@ -0,0 +1,3 @@
+<?php // prod.DATABASE_ADMINASSOS_URL.3cc6e9 on Thu, 16 Nov 2023 10:19:48 +0000
+
+return "a\x7B\x7F\x82\x0A\xC3m\xE6\xC8R\xE6\xC8\x1F\x409\xC5\x23\xEC\x21\xBC\xB2\x0F\xC5.E\x0FU7T\x3F\xA7wk\x9Da\xAFAg\x06\x06GYB\xB4\xFC\xA1\x16R\xD5\xA1o\xD5sR\x27\x02\x97\xA2\x85U\xEC\x80o\x87j\xEE\x40pB\x2C5H\x2FhY\xCCS\x80\xF9\x23Z\xAF\xEE\x1F\x1B\x88\xFC\xC1\x03\x40\xADr\xA55\x21\x8B\xA6\xF2\x8A\x88\xF8\x0E\x02\x5BO\x05\x03\xF2\xBB\x18\xF3\xAF\xC6x\xE7\xFE\xB9D\xC5\x92\xCE\x1DcP\x3Fn\xF8\x15\xA0";

config/secrets/prod/prod.DATABASE_AUDIT_URL.f1a8d2.php

@@ -0,0 +1,3 @@
+<?php // prod.DATABASE_AUDIT_URL.f1a8d2 on Thu, 16 Nov 2023 10:22:22 +0000
+
+return "\xDFp\xA4\xE9\xF5\x01-\x5B\x7F\x8A\xC6\xC37\x953u\xB0\x0D9\x9B\x7COUX4J\x0E\xA2\xA1\xE3\x95\x21\xA1\xF5\xE3\x5EO\x3E\xD2Ih\xD3\xF6\x7D\xD6\x25\xA3\x08\x22\x91\xA1\xEB\x99O\x0C\x2A\xE1\xAA\xBC\xAC~\xEAX\x8A\x00\xF2P\xEE\xDC\x8E\xEB\x84\x3E\x04b\xA8\x02\x25DwI\xAF\x40\xC4B\x9A\x84\xC2\xA8\x8F\xF94\x5C1jW\xEA\xDAp\x7C\xDD\xEE9\xE7\xE6\xFA\x83\x13c\x8D\xC4Xb\x09\xE5W\x7D\x08\xDC\xA8l\xDE\xCCy";

config/secrets/prod/prod.DATABASE_URL.8ea85a.php

@@ -0,0 +1,3 @@
+<?php // prod.DATABASE_URL.8ea85a on Thu, 16 Nov 2023 10:16:28 +0000
+
+return "\xB7\x28\x0A\x29\xD7j\xD2\x271\xEDp\xDB\x9Es\xD33S\x2F\xDF\xFB\xA44\x10\x97\xA8\xA33R\x1Fkc\x10\x15\xE1\xEB3\x16W\xB5\xB0\xD0\x99\x09\x7D\xF6\xD0\xF6\x1B\xD0KC\xD96n\xD1\xC5\xEAH\x09\xD7\xBF\x9C\xDE\x0B\xD995C\x1Cw\xC4\x91\xC2\x27\xEE\xB5.u\x60A\xA4\xFBSP\x9CS\xE6t\x0AC\x26\xE6\xD5\x40\xA2\x7B\xA7\xE02\xB6\x90D\xAD\x28\xA4V\xDEF\x90\xBDB\xC6\xE9\xC6\x22\x81S\xD6\x23\xDA\xCD\xF4\x18ur\x7DDu\x1E";

config/secrets/prod/prod.DOLIBARR_API_TOKEN.bdeaba.php

@@ -0,0 +1,3 @@
+<?php // prod.DOLIBARR_API_TOKEN.bdeaba on Thu, 16 Nov 2023 10:28:49 +0000
+
+return "\x00\x9FWd\xFE\xFA\x11\xDA\x91\x1A\x5BxB\xB4\x95B\x28\xE7\xC0\xF8\xF4w\xB9\x84\xAB\x97\x91\xD4\xFF\x8CE\x40\x08D\xB7\xBD\xD5\x02\xD7\xA0.\x18\xE1\xEC\x84\xB1\x12-A.\x5E\x5B\x1D-\xEAI\xC2_\x80pw\xCB\xB1\x8D\x87Y\xAA\xEC\xED\xF9O\x16\xAES\x25\xCAG\x7C\x0D\xDC";

config/secrets/prod/prod.MERCURE_JWT_SECRET.88e4d2.php

@@ -0,0 +1,3 @@
+<?php // prod.MERCURE_JWT_SECRET.88e4d2 on Thu, 16 Nov 2023 10:30:29 +0000
+
+return "\xA3\xE8L\xD2\xCD\xB2\x0D\xBDc\x5Db\x5BV\x9B\x97\xBE\x3A\x157\xB5\x85w\xFA\xA0g\xFE\x0E\x81\x98\x26\xF0b\x83\xB3\x85\x82\x22\xDA\xF0\x21\x8Ex.\x0B\x5C\x88\x19r\x90\xEE\xFB\x21\x1F\xC3\xE1-\xA5\xA0~\x2A\x9C\xAD\x86\x5D\xB6\xEF\x98I\xFA\xD75\xAE\x8C\x26e0u\xCD\xA3\xD8\xF4\x81K\x9F\x0F\x9Al\x7DQ\xFCp\xF9Y\xCE\x0C\xB7T\x3E1n\xB9\x8C\xDB\x16\x86\xE7phX\x8A\xE5I";

config/secrets/prod/prod.encrypt.public.php

@@ -0,0 +1,3 @@
+<?php // prod.encrypt.public on Thu, 16 Nov 2023 10:14:08 +0000
+
+return "\x5C\x82\x00\xA7\xAE\x2F\xF3\xAC\xC09\x0D\xE9\x8F\x7D\xF0LU\x82\x3A\x12\x3A\xDF\xC4r\xA2\x80\x95\xD4\x3B\x21ls";

config/secrets/prod/prod.list.php

@@ -0,0 +1,9 @@
+<?php
+
+return [
+    'DATABASE_ADMINASSOS_URL' => null,
+    'DATABASE_AUDIT_URL' => null,
+    'DATABASE_URL' => null,
+    'DOLIBARR_API_TOKEN' => null,
+    'MERCURE_JWT_SECRET' => null,
+];

config/secrets/staging/staging.DATABASE_ADMINASSOS_URL.3cc6e9.php

@@ -0,0 +1,3 @@
+<?php // staging.DATABASE_ADMINASSOS_URL.3cc6e9 on Thu, 16 Nov 2023 10:20:30 +0000
+
+return "\x13\x02-\xC7\xE3\x17\xB2\x93\x11\x7D\xBD\xF8mS\xF0\x3D\x99\xCFc\xD7\x0E\x3C\xBE\x88r\xBCP\xA6\xC5f\xB9\x3A\xFDK\x29\xECD\xED\xE9\x2FPS\x10\x99\x25\x92\x0B8\xDE\x18l_\x1F\xFD\x13\xA7E\x9F\xD5\xDEAk\x2B\xF9\xB5\x17Q\xAD\x86\xF1\x0F\xD7\x3B\x0Ch\xE9\xEC\x08\xCE\xDB0\xD0\xF4\xCA\xA8\x92\xC7\xFD\x2C\x02\x83\xDC\x3C\xA6\x00\xBB\xEE\xD0\x7F\x17\x92\x2B\xB4e\xE7\xEA\x10\x9EM\x9E\xE2";

config/secrets/staging/staging.DATABASE_AUDIT_URL.f1a8d2.php

@@ -0,0 +1,3 @@
+<?php // staging.DATABASE_AUDIT_URL.f1a8d2 on Thu, 16 Nov 2023 10:22:51 +0000
+
+return "5\x7D\x9C\xDF\x25\xF56\x81\xE8N\xDA\xB0\xA2\xCB\xCD\xDC\xD4\x12\x22O\x80\x0D\x22B\x09_\x0C\x02\xDE6\x2A8\xB5\xEB8m\xF9i\xF4\xED\x10\xBA\x18f\xA7\x13\x86\x27\xF0A\xE4\xDA\xFAY\x7B\xE3\x9D\x84\xBD\xED\x29\xC7\x15\x0B\xCC\xC0\x10\xE9\x87\x10\xDER\xB2\xBE\x1E\xC1\x29\xBFP\xEE\x82\x0D\x94C\xA4f\xABi\xD6\x0C\x3D\xC0\xA0\x7D\x2Bz\x223\x93\xC6\xF9\xF1.\x88\xD8\xFD";

config/secrets/staging/staging.DATABASE_URL.8ea85a.php

@@ -0,0 +1,3 @@
+<?php // staging.DATABASE_URL.8ea85a on Thu, 16 Nov 2023 10:17:49 +0000
+
+return "\x21\xF6\x09\x5Ce\xF2A\x21\xA3\xCDv\x0B\x07\x86\xC1\x5Dy\xD1\xCC\xE5\x1A\xE7Z\x1D\x0B\xCA\x11\x0C-v5\x05k\xAC\xAB\x20.\x244\x04\xEA\xB9\xB5\xFF\x07\x21\xCA\x17\xE68\xD2\x1A\x0C\x20\x98L\xD8\x0A\xC3A\xE3tl\xA1\x3C\x8B\x21k\x9F\x1AK\x5D\xAA\xE5\xCE\x0A\x3D\x90\xE3\x1F\xD1\xE9N\x7F\xA0\x28\xB0\xA1D5\xF5\xBB\x5E\xD8\x99\xCB\xAF\xD7\x23\x0F\x2A\xC2\xB3F\x8D\xBAef\x3D\xC2\xC5";

config/secrets/staging/staging.DOLIBARR_API_TOKEN.bdeaba.php

@@ -0,0 +1,3 @@
+<?php // staging.DOLIBARR_API_TOKEN.bdeaba on Thu, 16 Nov 2023 10:31:36 +0000
+
+return "\x14\x1D0\x3A\xFD\xB0t\x09\x85\xF6Z\xFCe\x94Q\x93\xF4\xB0\x7FC\x8D\x96\x93\x12\xE6\xF9\x89\xF7\x9A\xE0\x8F2\x95x\xEE\xDC\xA27\x3B\x23\xC0\x3A\x3C\xFC\xEA\xFD\x865S\xB5\xE6";

config/secrets/staging/staging.decrypt.private.php

@@ -0,0 +1,4 @@
+<?php // staging.decrypt.private on Thu, 16 Nov 2023 10:17:25 +0000
+
+// SYMFONY_DECRYPTION_SECRET=XLWVeOSrseUae7uUxswNnWdmCI+CoYP4sHhaYOZuByHjVy53OLwZUpkzmLnFHf9GWm4Ta0NTss7Gy2rbf9gSSg==
+return "\x5C\xB5\x95x\xE4\xAB\xB1\xE5\x1A\x7B\xBB\x94\xC6\xCC\x0D\x9Dgf\x08\x8F\x82\xA1\x83\xF8\xB0xZ\x60\xE6n\x07\x21\xE3W.w8\xBC\x19R\x993\x98\xB9\xC5\x1D\xFFFZn\x13kCS\xB2\xCE\xC6\xCBj\xDB\x7F\xD8\x12J";

config/secrets/staging/staging.encrypt.public.php

@@ -0,0 +1,3 @@
+<?php // staging.encrypt.public on Thu, 16 Nov 2023 10:17:25 +0000
+
+return "\xE3W.w8\xBC\x19R\x993\x98\xB9\xC5\x1D\xFFFZn\x13kCS\xB2\xCE\xC6\xCBj\xDB\x7F\xD8\x12J";

config/secrets/staging/staging.list.php

@@ -0,0 +1,8 @@
+<?php
+
+return [
+    'DATABASE_ADMINASSOS_URL' => null,
+    'DATABASE_AUDIT_URL' => null,
+    'DATABASE_URL' => null,
+    'DOLIBARR_API_TOKEN' => null,
+];

config/secrets/test/test.DATABASE_ADMINASSOS_URL.3cc6e9.php

@@ -0,0 +1,3 @@
+<?php // test.DATABASE_ADMINASSOS_URL.3cc6e9 on Thu, 16 Nov 2023 10:20:08 +0000
+
+return "a\xD9\x08bvL\xE5J\xF3\x40\x00y\xDER\xC8\xC2~\xF3\x97G\x25\x2A\xFF\x8A\xFF\xFF\x9FwQ\x9B\xE7GL\xD2\x84\x0CS\xE3\xF9\xD4\x83\xB4\xC0\x05\xFC\xAEW\xEE\x9B\xC5\xC1\x8F\xEDj\xA3.\xD6\x09\x40\x90\xC7\xDAU\xDE\xB1\x8Clg\x9C\xA6\xCE\xCF\xA0J\x13\x22\x0Bx\xB6x\x97o\x60\xF4h7\x0D\xF4I\x93\x3B\x8B\x88\x00\xC3V\xF4\x3FA\xFB\xBA\x8AX\x24\xD9\x9D\xF1\xA4\x16\x3C\xFA\xC8wS\x13p94z\xEE\xA3\x3C\xC0R";

config/secrets/test/test.DATABASE_AUDIT_URL.f1a8d2.php

@@ -0,0 +1,3 @@
+<?php // test.DATABASE_AUDIT_URL.f1a8d2 on Thu, 16 Nov 2023 10:22:36 +0000
+
+return "\xA2\x7F\xD6\x0B5\xA0p\x11\x89\xFA4d\xF7\xEC\x8FN\x11\xF8\xF2\x87q\xEAb\xB9\xF6\x3C.\x14j\x2B\x2B\x00lv\xD6zY\xB6\xF7\x8E\xB86\xFC\xBA\x2C\xAB\xB5\x87\x16\xE3\x2F\x90K\xC7\x92\xB8_Hq\xAE\xDC\xA2Rq\xE2o\x1Cq\xD5\xC1\x11\x1C\xF4D\xDD\x9F\xBC\xBC\x7B\x1F\x3A\xE3\x96\x1A\xEC\x5C\x04\x1D\xA0\x5B\xC1Lm8\x21\x0F5\x0D\xD6\xCB\x11\x25\xAC\x1C\x3DG\xD0\xCA\x95\xB3\x08A\x0F\xD9\x19\xA3\x06\xE1\x9F";

config/secrets/test/test.DATABASE_URL.8ea85a.php

@@ -0,0 +1,3 @@
+<?php // test.DATABASE_URL.8ea85a on Thu, 16 Nov 2023 10:17:09 +0000
+
+return "h1\x9Dv\xE2\x1C\x5D5Slnf\xE8\x22_\x22\xF7\x021\x21\xE3\x1C\xA9pQr\xA3E\x7D\xEAr\x3F\x5C3_j\x86\x0F\x28L\xA8uy\x0C\xB33c\x24I\xE0\x18\xEFo\x8D\xAE\x3F7\x1B\x2Af\xA9BH\x1F\x85\xDBO\xEDg\xCD\xD5vA\x13\x2F\x18\xD0\x5D\xB9\xA4B\x2C\xBBm\x87\xA6\x85L\x8AV\xF8Z\xC0O\xB8\xFC\x91\xAD\xF8\xC7\x1C\xDA\xD9_\xB7\x9F\xD4\xF9~.G\x9ErY\x7B\xAF\x07\xB3\x83\x05o\x83\x3B\xEFv\xC0\x21\x1B\x40";

config/secrets/test/test.DOLIBARR_API_TOKEN.bdeaba.php

@@ -0,0 +1,3 @@
+<?php // test.DOLIBARR_API_TOKEN.bdeaba on Thu, 16 Nov 2023 10:29:33 +0000
+
+return "\xEB\x0D\xEAp\xCA\xD9\x19\xCD\xD9\x13\xA1\x955\x83\xC8\xED\xE07\xE6\xCF6\x26\xAE\x0Eq7\xEAH\xCD\xE7\xC65B\xFC\xDB\x10\xAC\xED\xF5j\xA1S\x94\xE8Z\xD3\xCF\xE0\x93\xAB\xD7\x17\xE0\x9Bk\xC9c\x0CL\xF1H\x0E\x15yF\xFB\xEE\x97\xD3\xFB\xAC\xAEw1\x8D\x9EI8N\xC8";

config/secrets/test/test.MERCURE_JWT_SECRET.88e4d2.php

@@ -0,0 +1,3 @@
+<?php // test.MERCURE_JWT_SECRET.88e4d2 on Thu, 16 Nov 2023 10:32:12 +0000
+
+return "\x81\x26O\xBC\x10\xD8\xB7\x81\x20\xD5\x0A\xD4\x3E\xF5\xDC\x0B\xC66\xD1EH\xBE\x96l\x13\x22K\xFE\xDA\xC0\x05\x19\xD4t\xB7\x93rZ\x27\x04\x99\xA3\xA0\xD4\xA7\xB7\xFD\x88\xCE\x0EmJ\xDB\xE3\x15\xB5\x17\xE5G\x1B\xF7\xACp\xB6k\x86\x1C\x84\xB8\x1F\x95yT\x7F\x17\x3D3\xE6G\xEA\x3D\xB6\xB9\x87A_\x96\x00\x22\xC3\xE2\x7B\xE2\xF9\x83\xEE\xC2B\xEA\x98\x0E\xFC\x99\x0FJI\x2A\xF4\xAB\xC2\x26\x3A";

config/secrets/test/test.decrypt.private.php

@@ -0,0 +1,4 @@
+<?php // test.decrypt.private on Thu, 16 Nov 2023 10:13:56 +0000
+
+// SYMFONY_DECRYPTION_SECRET=U/ZT3zSbTufU3kD1t528eRUvRD/6J2CviMj0qKvN+Olw+z8L2R8FMAJCwWcwUtheJEwNepPoJj09ME5xQw9kcQ==
+return "S\xF6S\xDF4\x9BN\xE7\xD4\xDE\x40\xF5\xB7\x9D\xBCy\x15\x2FD\x3F\xFA\x27\x60\xAF\x88\xC8\xF4\xA8\xAB\xCD\xF8\xE9p\xFB\x3F\x0B\xD9\x1F\x050\x02B\xC1g0R\xD8\x5E\x24L\x0Dz\x93\xE8\x26\x3D\x3D0NqC\x0Fdq";

config/secrets/test/test.encrypt.public.php

@@ -0,0 +1,3 @@
+<?php // test.encrypt.public on Thu, 16 Nov 2023 10:13:56 +0000
+
+return "p\xFB\x3F\x0B\xD9\x1F\x050\x02B\xC1g0R\xD8\x5E\x24L\x0Dz\x93\xE8\x26\x3D\x3D0NqC\x0Fdq";

config/secrets/test/test.list.php

@@ -0,0 +1,9 @@
+<?php
+
+return [
+    'DATABASE_ADMINASSOS_URL' => null,
+    'DATABASE_AUDIT_URL' => null,
+    'DATABASE_URL' => null,
+    'DOLIBARR_API_TOKEN' => null,
+    'MERCURE_JWT_SECRET' => null,
+];

doc/env.md

@@ -6,6 +6,8 @@ Les variables d'environnement sont définies dans les fichiers .env (dotenv)
 
 ### Principe général
 
+#### Les fichiers d'environnement
+
 Les fichiers dotenv s'organisent ainsi :
 
 * Un fichier `.env` commun à tous les environnements, il définit des valeurs par défaut.
@@ -13,8 +15,17 @@ Les fichiers dotenv s'organisent ainsi :
 
 Il existe d'autres manières de surcharger le fichier d'environnement, mais elles ne nous seront pas utiles ici.
 
+#### Variables secrètes
+
+Certaines informations sensibles sont stockées de manière cryptée, telles que les informations permettant l'accès aux 
+bases de données. Toutes ces données sont stockées par environnement dans le répertoire `config/secrets`.
+
+Pour plus d'informations sur le fonctionnement des secrets : https://symfony.com/doc/current/configuration/secrets.html
+
 ### Mise en pratique
 
+#### Génération du symlink vers le fichier d'environnement
+
 On trouve dans le répertoire `env` des fichiers `.env.<environnement>` correspondant aux différents environnements 
 de développement, test, production, etc.
 
@@ -35,8 +46,23 @@ Ou en définissant une variable d'environnement `HOST` :
 
     HOST=ci bin/console ot:setup:env
 
+#### Génération du fichier des variables secrètes
+
+Par ailleurs, la commande `bin/console secrets:decrypt-to-local --force` est aussi exécutée, et génère un fichier
+`.env.{env}.local` contenant les variables secrètes. (@see https://symfony.com/doc/current/configuration/secrets.html#deploy-secrets-to-production)
+secrètes 
+
+
 ### Déboguer
 
 Les variables d'environnement actives peuvent être affichées au moyen de la commande :
 
     php bin/console debug:container --env-vars
+
+Les variables secrètes peuvent être lues avec :
+
+    php bin/console secrets:list --reveal
+
+Ou pour un autre environnement : 
+
+    APP_RUNTIME_ENV={env} php bin/console secrets:list --reveal

env/.env.ci

@@ -1,30 +0,0 @@
-###> symfony/framework-bundle ###
-APP_ENV=ci
-APP_DEBUG=1
-###< symfony/framework-bundle ###
-
-###> doctrine/doctrine-bundle ###
-# >>> No database shall be needed by unit tests
-DATABASE_URL=mysql://root:xxx@none:3306/opentalent?serverVersion=5.7
-###< doctrine/doctrine-bundle ###
-
-###> AdminAssos configuration ###
-# >>> No database shall be needed by unit tests
-DATABASE_ADMINASSOS_URL=mysql://root:xxx@preprod:3306/none?serverVersion=5.7
-###< AdminAssos configuration ###
-
-###> typo3 client ###
-TYPO3_BASE_URI=http://docker.sub.opentalent.fr
-###< typo3 client ###
-
-###> bindfile populate buffer file
-BIND_FILE_BUFFER_FILE=var/subdomain.txt
-###< bindfile populate buffer file
-
-###> filename log ###
-LOG_FILE_NAME=ci
-###< filename log ###
-
-###> api v1 ###
-API_LEG_BASE_URL=https://api.ci.opentalent.fr/api
-###< api v1 ###

env/.env.docker

@@ -3,10 +3,6 @@ APP_ENV=dev
 APP_DEBUG=1
 ###< symfony/framework-bundle ###
 
-###> doctrine/doctrine-bundle ###
-DATABASE_URL=mysql://root:mysql660@db:3306/opentalent?serverVersion=5.7
-###< doctrine/doctrine-bundle ###
-
 ###> nelmio/cors-bundle ###
 CORS_ALLOW_ORIGIN=^https?:\/\/(localhost|127\.0\.0\.1|(local.(admin|app|app|frames|agenda).opentalent.fr))(:[0-9]+)?$
 ###< nelmio/cors-bundle ###
@@ -15,14 +11,6 @@ CORS_ALLOW_ORIGIN=^https?:\/\/(localhost|127\.0\.0\.1|(local.(admin|app|app|fram
 API_LEG_BASE_URL=http://nginx/
 ###< api v1 ###
 
-###> AdminAssos configuration ###
-DATABASE_ADMINASSOS_URL=mysql://root:mysql660@db:3306/adminassos?serverVersion=5.7
-###< AdminAssos configuration ###
-
-###> Audit configuration ###
-DATABASE_AUDIT_URL=mysql://root:mysql660@db:3306/audit?serverVersion=5.7
-###< Audit configuration ###
-
 ###> typo3 client ###
 TYPO3_BASE_URI=http://docker.sub.opentalent.fr
 ###< typo3 client ###
@@ -33,8 +21,6 @@ TYPO3_BASE_URI=http://docker.sub.opentalent.fr
 MERCURE_URL=http://mercure/.well-known/mercure
 # The public URL of the Mercure hub, used by the browser to connect
 MERCURE_PUBLIC_URL=https://local.mercure.opentalent.fr/.well-known/mercure
-# The secret used to sign the JWTs
-MERCURE_JWT_SECRET=gEwnJpcR8k0xE2sfBpEJzzuP2b2TXhZnzImIqCUk3j4RStBZa2pQjbEMsnGE4iGM
 ###< symfony/mercure-bundle ###
 
 ###> bindfile populate buffer file

env/.env.prod

@@ -1,11 +1,6 @@
 ###> doctrine/doctrine-bundle ###
 APP_ENV=prod
 
-# Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
-# IMPORTANT: You MUST configure your server version, either here or in config/packages/doctrine.yaml
-DATABASE_URL=mysql://root:mysql2iopenservice369566@prod-back:3306/opentalent?serverVersion=5.7
-###< doctrine/doctrine-bundle ###
-
 ###> api v1 ###
 API_LEG_BASE_URL=https://api.opentalent.fr/api
 ###< files management ###
@@ -14,14 +9,6 @@ API_LEG_BASE_URL=https://api.opentalent.fr/api
 TYPO3_BASE_URI=http://ohcluses.opentalent.fr
 ###< typo3 client ###
 
-###> AdminAssos configuration ###
-DATABASE_ADMINASSOS_URL=mysql://root:mysql2iopenservice369566@prod-back:3306/adminassos?serverVersion=5.7
-###< AdminAssos configuration ###
-
-###> Audit configuration ###
-DATABASE_AUDIT_URL=mysql://root:mysql2iopenservice369566@prod-back:3306/audit?serverVersion=5.7
-###< Audit configuration ###
-
 ###> dolibarr client ###
 DOLIBARR_API_BASE_URI=https://prod-erp.2iopenservice.com/api/index.php/
 ###< dolibarr client ###
@@ -32,8 +19,6 @@ DOLIBARR_API_BASE_URI=https://prod-erp.2iopenservice.com/api/index.php/
 MERCURE_URL=https://mercure.opentalent.fr/.well-known/mercure
 # The public URL of the Mercure hub, used by the browser to connect
 MERCURE_PUBLIC_URL=https://mercure.opentalent.fr/.well-known/mercure
-# The secret used to sign the JWTs
-MERCURE_JWT_SECRET=iz3XZPCfxZTOMjJUeJ5IUHNs1WxToeo4ApIdEKjxOwR906uU08noSjwwAJDAPegm
 ###< symfony/mercure-bundle ###
 
 ###> bindfile populate buffer file

env/.env.staging

@@ -2,10 +2,6 @@
 APP_ENV=staging
 APP_DEBUG=1
 
-###> doctrine/doctrine-bundle ###
-DATABASE_URL=mysql://root:mysql660@db:3306/opentalent_test?serverVersion=5.7
-###< doctrine/doctrine-bundle ###
-
 ###> nelmio/cors-bundle ###
 CORS_ALLOW_ORIGIN=^$
 ###< nelmio/cors-bundle ###
@@ -19,14 +15,6 @@ ELASTICSEARCH_HOST=es
 ELASTICSEARCH_PORT=9200
 ###< elasticsearch ###
 
-###> AdminAssos configuration ###
-DATABASE_ADMINASSOS_URL=mysql://root:mysql660@db:3306/adminassos_test?serverVersion=5.7
-###< AdminAssos configuration ###
-
-###> Audit configuration ###
-DATABASE_AUDIT_URL=mysql://root:mysql660@db:3306/audit_test?serverVersion=5.7
-###< Audit configuration ###
-
 ###> typo3 client ###
 TYPO3_BASE_URI=https://none
 ###< typo3 client ###

env/.env.test

@@ -3,10 +3,6 @@ APP_ENV=test
 APP_DEBUG=1
 ###< symfony/framework-bundle ###
 
-###> doctrine/doctrine-bundle ###
-DATABASE_URL=mysql://root:mysql2iopenservice369566@localhost:3306/opentalent?serverVersion=5.7
-###< doctrine/doctrine-bundle ###
-
 ###> api v1 ###
 API_LEG_BASE_URL=https://api.test.opentalent.fr/api
 ###< files management ###
@@ -15,22 +11,12 @@ API_LEG_BASE_URL=https://api.test.opentalent.fr/api
 TYPO3_BASE_URI=http://test.opentalent.fr/ohcluses
 ###< typo3 client ###
 
-###> AdminAssos configuration ###
-DATABASE_ADMINASSOS_URL=mysql://root:mysql2iopenservice369566@test:3306/adminassos?serverVersion=5.7
-###< AdminAssos configuration ###
-
-###> Audit configuration ###
-DATABASE_AUDIT_URL=mysql://root:mysql2iopenservice369566@test:3306/audit?serverVersion=5.7
-###< Audit configuration ###
-
 ###> symfony/mercure-bundle ###
 # See https://symfony.com/doc/current/mercure.html#configuration
 # The URL of the Mercure hub, used by the app to publish updates (can be a local URL)
 MERCURE_URL=https://mercure.test.opentalent.fr/.well-known/mercure
 # The public URL of the Mercure hub, used by the browser to connect
 MERCURE_PUBLIC_URL=https://mercure.test.opentalent.fr/.well-known/mercure
-# The secret used to sign the JWTs
-MERCURE_JWT_SECRET=NQEupdREijrfYvCmF2mnvZQFL9zLKDH9RCYter6tUWzjemPqzicffhc2fSf0yEmM
 ###< symfony/mercure-bundle ###
 
 ###> filename log ###

src/Commands/SetupEnvCommand.php

@@ -31,7 +31,7 @@ class SetupEnvCommand extends Command
         'test3' => '.env.test3',
         'test4' => '.env.test4',
         'test5' => '.env.test5',
-        'ci' => '.env.ci',
+        'ci' => '.env.staging',
     ];
 
     private string $projectDir;