Add system check for CIVICRM_CRED_KEYS
The crypto changes in 5.34 are helpful, and I like the direction for how new installs work. However, in a year or so, we're going to start assuming CIVICRM_CRED_KEYS
is set since all of the buildkit sites have it, all the new sites have it, and many of us will have gone back through sites to set it. However, there will be a good chunk of sites lacking it, and most of them will have no idea. If we start encrypting more values in the database, we could find a lot of edge cases or needlessly unhandled sites because of this.
I am really thankful for all of the communication in #2258 (closed), PR 19239, the docs, and CIVI-PSA-2021-01. However, despite all that, I don't think it's apparent to the typical site admin that they could/should make a simple edit to their settings file in order to support encryption of SMTP passwords and other values. Each of the communications has (rightly) focused on more urgent or relevant situations as the feature rolled out.
The good news is that this should be a simple thing to check for on a site: is CIVICRM_CRED_KEYS
set. I propose that this be a system check and that a NOTICE
-level message be generated if it's missing. The message could even suggest a line to include.
-
Why
NOTICE
? LackingCIVICRM_CRED_KEYS
isn't a big problem right now, but it does mean that your site has diverged from how a standard, newly-installed site is configured. That means it shouldn't beWARNING
or higher, but it's not a mereINFO
-level item: if we thought it was good to lackCIVICRM_CRED_KEYS
, we wouldn't bother setting it on install. -
Don't people get annoyed by system checks? Yes, but that's because many have historically been too alarmist or confusing. This is at least as significant as being on PHP 7.2, which generates a
NOTICE
.