From 69228b82cc69280f2bb4e15cf7cce178eb6a16b4 Mon Sep 17 00:00:00 2001
From: Ludovic Pouzenc <ludovic@pouzenc.fr>
Date: Sat, 11 Jun 2016 19:49:03 +0200
Subject: Don't leak database passwords.

---
 .gitignore                                       |  1 +
 generator/before-bake/config/app.php             | 58 +-----------------------
 generator/before-bake/config/secrets.default.php | 43 ++++++++++++++++++
 3 files changed, 46 insertions(+), 56 deletions(-)
 create mode 100644 generator/before-bake/config/secrets.default.php

diff --git a/.gitignore b/.gitignore
index c10f5ca..b8eabb7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 api/d3
 api/test.php
 api/inc/config.php
+generator/before-bake/config/secrets.php
diff --git a/generator/before-bake/config/app.php b/generator/before-bake/config/app.php
index f8d0e1d..fbaa644 100644
--- a/generator/before-bake/config/app.php
+++ b/generator/before-bake/config/app.php
@@ -18,7 +18,7 @@
  * You should have received a copy of the GNU General Public License
  * along with CHD Gestion.  If not, see <http://www.gnu.org/licenses/>.
 **/
-return [
+return array_merge(include('secrets.php'), [
     /**
      * Debug Level:
      *
@@ -74,17 +74,6 @@ return [
     ],
 
     /**
-     * Security and encryption configuration
-     *
-     * - salt - A random string used in security hashing methods.
-     *   The salt value is also used as the encryption key.
-     *   You should treat it as extremely sensitive data.
-     */
-    'Security' => [
-        'salt' => 'eb74ed8697b7bc31587f48bec13cdcc0460debf26cec73137e4c6d390a93de4d',
-    ],
-
-    /**
      * Apply timestamps with the last modified time to static assets (js, css, images).
      * Will append a querystring parameter containing the time the file was modified.
      * This is useful for busting browser caches.
@@ -217,49 +206,6 @@ return [
     ],
 
     /**
-     * Connection information used by the ORM to connect
-     * to your application's datastores.
-     * Drivers include Mysql Postgres Sqlite Sqlserver
-     * See vendor\cakephp\cakephp\src\Database\Driver for complete list
-     */
-    'Datasources' => [
-        'default' => [
-            'className' => 'Cake\Database\Connection',
-            'driver' => 'Cake\Database\Driver\Mysql',
-            'persistent' => false,
-            'host' => 'localhost',
-            'username' => 'gestion',
-            'password' => 'cha6fus0EiPh',
-            'database' => 'gestion',
-            'encoding' => 'utf8',
-            'timezone' => 'UTC',
-            'cacheMetadata' => true,
-            'log' => false,
-            'quoteIdentifiers' => false,
-            //'init' => ['SET GLOBAL innodb_stats_on_metadata = 0'],
-        ],
-
-        /**
-         * The test connection is used during the test suite.
-         */
-        'test' => [
-            'className' => 'Cake\Database\Connection',
-            'driver' => 'Cake\Database\Driver\Mysql',
-            'persistent' => false,
-            'host' => 'localhost',
-            'username' => 'gestion_test',
-            'password' => 'cha6fus0EiPh',
-            'database' => 'gestion_test',
-            'encoding' => 'utf8',
-            'timezone' => 'UTC',
-            'cacheMetadata' => true,
-            'log' => false,
-            'quoteIdentifiers' => false,
-            //'init' => ['SET GLOBAL innodb_stats_on_metadata = 0'],
-        ],
-    ],
-
-    /**
      * Configures logging options
      */
     'Log' => [
@@ -318,4 +264,4 @@ return [
     'Session' => [
         'defaults' => 'php',
     ],
-];
+]);
diff --git a/generator/before-bake/config/secrets.default.php b/generator/before-bake/config/secrets.default.php
new file mode 100644
index 0000000..64f4271
--- /dev/null
+++ b/generator/before-bake/config/secrets.default.php
@@ -0,0 +1,43 @@
+<?php
+return [
+    'Security' => [
+        'salt' => 'eXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXd',
+    ],
+
+    'Datasources' => [
+        'default' => [
+            'className' => 'Cake\Database\Connection',
+            'driver' => 'Cake\Database\Driver\Mysql',
+            'persistent' => false,
+            'host' => 'localhost',
+            'username' => 'cake',
+            'password' => 'cake',
+            'database' => 'cake',
+            'encoding' => 'utf8',
+            'timezone' => 'UTC',
+            'cacheMetadata' => true,
+            'log' => false,
+            'quoteIdentifiers' => false,
+            //'init' => ['SET GLOBAL innodb_stats_on_metadata = 0'],
+        ],
+
+        /**
+         * The test connection is used during the test suite.
+         */
+        'test' => [
+            'className' => 'Cake\Database\Connection',
+            'driver' => 'Cake\Database\Driver\Mysql',
+            'persistent' => false,
+            'host' => 'localhost',
+            'username' => 'test',
+            'password' => 'test',
+            'database' => 'test',
+            'encoding' => 'utf8',
+            'timezone' => 'UTC',
+            'cacheMetadata' => true,
+            'log' => false,
+            'quoteIdentifiers' => false,
+            //'init' => ['SET GLOBAL innodb_stats_on_metadata = 0'],
+        ],
+    ],
+];
-- 
cgit v1.1