Comments (12)
I like that idea! I'm not sure about the syntax, though, I don't like adding an arbitrary flag to config set
like that.
How about this:
wp config shuffle-salts [--key=<key>] [--force]
<key>
is the specific key to shuffle. core-group
or something similar could be a value to denote the default ones, and it could be set as the default value for --key
to cover BC.
--force
would basically mean "update if it exists or create if it doesn't exist".
from config-command.
@schlessera Didn't think of that, good point. Behind a flag would be great. But what about taking it a step further and adding a flag to generate a salt for anything? For example, setting a JWT secret:
wp config set JWT_SECRET --salt
or to regenerate the cache key:
wp config set WP_CACHE_KEY_SALT --salt
Being able to generate secure strings for anything would be fantastic
from config-command.
It's more about semantics: "shuffle" implies that there is something already there to shuffle.
from config-command.
I just added a PR that makes shuffle-salts
accept positional arguments for cache keys to shuffle. So while this still does not shuffle the cache key salt by default (which I think is not a safe default as explained above), it allows you to shuffle it easily with the single command: wp config shuffle-salt WP_CACHE_KEY_SALT
.
Adding --force
will generate it as needed if it is not yet present.
from config-command.
I helped myself with first wp config shuffle-salts
and then
wp config set WP_CACHE_KEY_SALT '$WP_CACHE_KEY_SALT'
Is there a better (shorter) way?
from config-command.
Hit this again today. Would very much like to be able to generate WP_CACHE_KEY_SALT
with wp cli.
What do we need to do to unblock this task?
Core folks are aggressively nope-ing out on this one:
https://meta.trac.wordpress.org/ticket/3678
https://core.trac.wordpress.org/ticket/44425
from config-command.
This would be very helpful to have included even if you had to include the key specifically when you ran the command.
wp config shuffle-salts --key=WP_CACHE_KEY_SALT
from config-command.
@tillkruss Does not look like they have https://github.com/wp-cli/config-command/pulls
from config-command.
I'm not sure we should shuffle the cache key salt by default, because:
- it will invalidate the entire caching subsystem, maybe leading to a cache stampede.
- it might be set to a very specific value to coordinate multiple servers using the same cache.
I'm open to adding this behind a separate flag, but I don't think it should be part of the default behavior.
from config-command.
Nice! Would --force
be necessary though? Specifying any key other than core-group
could either replace an existing key's value with a new salt, or create the key if it doesn't. Similar to how wp config set
works.
from config-command.
@lukecav has anyone opened a PR on this?
from config-command.
@schlessera
I tried running that command and it does not work.
Maybe a typo on shuffle-salt - shuffle-salts?
Also with salts i got the "Success: Shuffled the salt keys." but no WP_CACHE_KEY_SALT generated.
This is the command I am running:
wp config shuffle-salts WP_CACHE_KEY_SALT --force --allow-root
And this is affecting all salts but not the WP_CACHE_KEY_SALT that is not shuffled at all.
It works the same for other salts:
wp config shuffle-salts NONCE_SALT --force --allow-root
That one shuffle all salts
I have no idea but maybe it needs to be added to the default list:
config-command/src/Config_Command.php
Line 28 in cb5ec2b
from config-command.
Related Issues (20)
- `wp config create` : Error Config Create on mysql --no-default --execute HOT 1
- Error on Windows 11 with WP CLI 2.6 and PHP 8.1.6 HOT 8
- Validate constants provided with --extra-php to avoid PHP notices HOT 1
- Infinite loop... Error: 'wp-config.php' not found. Infinite loop... HOT 3
- wp config get return 2048 with unquoted defined value HOT 8
- Test MySQL connection using native PHP functions HOT 3
- WP Config set gives Error: Could not process the 'wp-config.php' transformation. HOT 1
- WP Config has returning wrong values when using "defined() or define()" HOT 1
- Error: Could not create new 'wp-config.php' file. HOT 6
- Add "wp config true" command to assert a config value is truthy HOT 6
- wp config shuffle-salts adds an extra line feed to most lines HOT 1
- Show literal "true"/"false" when reading boolean values instead of an empty string
- SQLite Compatibility HOT 1
- WP Config Create is broken with 2.9.0 if socks MySQL connectivity is being used HOT 5
- `wp config set` fails to update string values due to empty line comments HOT 1
- Could not create new 'wp-config.php' file. HOT 1
- Improve message for config shuffle-salts result HOT 7
- Incorrect message shuffling salt in PHP 5.6 HOT 1
- [ wp config set WP_DEBUG false --raw –no-add ] - –no-add doesn't override HOT 3
- "wp config create" generates wrong DB_PASSWORD in wp-config.php when db password has " HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from config-command.