The best practise of using application secrets in production is to use environmental variables at system level. For example, exporting them in terminal or keeping them in Apache/Nginx configuration. However, if you want to keep them in .env file (not adviced for production but it is OK for development environment) you can follow this example. I am not going to go through setting up whole structure so you can read previous posts if you want to.


Application


Install The Dotenv Component with $ composer require symfony/dotenv command and create files below.


.env


APP_ENV=prod
APP_SECRET=123123

config/services.yaml


This is just for test purposes to see if our application can access to variables or not.



parameters:

services:
...

App\Controller\DefaultController:
tags: ['controller.service_arguments']
arguments:
$env: '%env(APP_ENV)%'
$secret: '%env(APP_SECRET)%'

Files below are capistrano related.


.gitattributes


/deploy export-ignore
Capfile export-ignore
Gemfile export-ignore
Gemfile.lock export-ignore

Gemfile


source 'https://rubygems.org'

gem 'capistrano', '~> 3.10'
gem 'capistrano-symfony', '~> 1.0.0.rc3'

Capfile


set :deploy_config_path, "deploy/deploy.rb"
set :stage_config_path, "deploy/stages"

require "capistrano/setup"
require "capistrano/deploy"
require "capistrano/symfony"
require "capistrano/scm/git"

install_plugin Capistrano::SCM::Git

# If you use rake files
Dir.glob('deploy/tasks/*.rake').each { |r| import r }

deploy/deploy.rb


# Locked capistrano version.
lock "3.10.2"

# The name of the application.
set :application, "api"

# The path on the remote server where the application will be deployed.
set :deploy_to, "/srv/www/#{fetch(:application)}"
set :tmp_dir, "/tmp/capistrano"

# The application repository.
set :repo_url, "git@github.com:BentCoder/api.git"

# Share files and folders between releases
set :linked_files, [".env"]
set :linked_dirs, ["var/logs"]

# Output styling.
set :format, :airbrussh

# Amount of releases to keep.
set :keep_releases, 5

# Asks branch to deploy.
ask :branch, `git rev-parse --abbrev-ref HEAD`.chomp

deploy/stages/production.rb


# The settings for remote servers to deploy at same time
server "192.168.99.60", user: "deployer", roles: %w{app db web}
server "192.168.99.70", user: "deployer", roles: %w{app db web}

Production servers


You can follow previous posts for details.



Deployment server


You can follow previous posts for details.