I am recruiting new developers to work on a PHP project, and there is a configuration file that contains all the keys to the databases of my clients.
How can I make this new developer only have access to the connection to the development instance and not to the production instance?
Let's get by.
First of all, it is not interesting to have files with sensitive data in the versioning, configurations for example could be made using this library: link
Now, if the configuration files go along with the versioning, you may need to separate them. The configuration file for production, would be for example: config/production.php , this specific file you can use Git-Crypt , so it can create the local configuration file, that it should be in .gitignore and the production file is protected , sharing the key only with who can and with the servers.
