0

I'm using Roots.io's Trellis/Bedrock/Sage.

In the trellis/group_vars/development/vault.yml there is an entry for vault_mysql_root_password and env: db_password: but then within the site/.env file there is an entry for a MySQL DB password.

I'm getting confused as to why I need to enter 3 passwords over two files. Can anyone provide a clear explanation for the purpose behind all three and whether I can just reference the .env for everything?

Example .env

DB_NAME=database_name
DB_USER=database_user
DB_PASSWORD=database_password
DB_HOST=database_host

WP_ENV=development
WP_HOME=http://example.com
WP_SITEURL=${WP_HOME}/wp

# Generate your keys here: https://roots.io/salts.html
AUTH_KEY='generateme'
SECURE_AUTH_KEY='generateme'
LOGGED_IN_KEY='generateme'
NONCE_KEY='generateme'
AUTH_SALT='generateme'
SECURE_AUTH_SALT='generateme'
LOGGED_IN_SALT='generateme'
NONCE_SALT='generateme'

Example vault.yml

# Documentation: https://roots.io/trellis/docs/vault/
vault_mysql_root_password: B3LkKUpcZVx4bpLXKXpiez%R

# Variables to accompany `group_vars/development/wordpress_sites.yml`
# Note: the site name (`example.com`) must match up with the site name in the above file.
vault_wordpress_sites:
  roots-example-project.com:
    admin_password: admin
    env:
      db_password: example_dbpassword
ProEvilz
  • 5,310
  • 9
  • 44
  • 74

1 Answers1

1

.env file is auto generated by Ansible using parameters from yaml files.
You should not touch .env file manually, if you deploy with Ansible.

vault_mysql_root_password is mysql root password.

env.db_password is a password for specific database for a given site, it's a good practice to not use the same password for root and wordpress users.

So you should define vault_mysql_root_password for root account, db_password for specific site in your vault.yml.

Konstantin Suvorov
  • 65,183
  • 9
  • 162
  • 193