PHPCredLocker: Post Installation Steps

There are a few steps you should take following installation of PHPCredLocker, though only one that you have to take. All are, however, strongly recommended;

  • Create Credential Types
  • Backup Encryption Keys
  • Set up User Groups
  • Create a non-privileged user
  • Set up a Cron Job

Create Credential Types - Not Optional

Before you can add credentials to the system, you need to add Credential types. To do so, log into PHPCredLocker as a super-administrator and click the administration cog (in the top-right corner). Select Credential Types.

Click the button labelled 'Add Credential Type' and then enter a name for the credential type (i.e. Joomla Password). Next you need to help generate some entropy for key generation, so move your mouse about whilst clicking inside the box until it turns green. 

Finally, click the button labelled 'Add Credential Type'.

 

Backup your Encryption Keys

If you don't want to run the risk of losing access to the stored credentials, you need to backup the keys file conf/crypto.php. You should back this file up whenever you add a new credential type (as each has it's own encryption key). Store any copies somewhere very safe (like on a USB stick inside a safe)!

If you have backup systems configured on your server, it'd be wise to exclude the keys file (so you don't end up with multiple copies of the keys available). How you do so will depend on the backup system you're using, but CPanel users should just be able to edit (create if it doesn't exist) the file /home/yourcpanelusername/cpbackup-exclude.conf to contain a line reading

crypto.php

 

Set up user groups

If you're going to have multiple users, all with a need to access slightly different credentials (i.e. server admins, web developers, database admins etc.) you should set up a group for each so that you can prevent users from viewing credentials that they do not need to see.

 

Set up a non-Super Administrator user

Good practice dictates that you should only run as a super-administrator when you absolutely need to. You should therefore create yourself a new user without super-administration rights.

 

Set up your Cron Job

During install you specified a cron password, now you need to schedule the cronjob. Once every 24 hours is more than sufficient (you can go less frequently if you want) as it simply involves tidying up old sessions etc. 

Assuming your cron password was set to 123456 add the following job

CRON_PASS="123456" php /path/to/credlocker/cron.php

Note: For security reasons, the cron job can only be triggered from the shell. You can't call it with a web-browser or wget.