Where to keep OXID "var" config files?

Hi all,
I have short question :slight_smile:
Where you keep your OXID var files?
In project git repository or these files are somekind of environment files and should exist only on the server specific?

In the repository. But not the files within generated.

The ones in environment are environment specific but only the one symlinked to 1.yaml (in this example) is really active.


  1. and how about passwords which are stored in shops/1.yaml file with plain text (amazonPay, PayPalPLUS credentials)?
  2. " In the repository. But not the files within generated ." - why not?

p.s thanks for response

generated files sometimes have full path of the server

thanks you are right :slight_smile: in that case

passwords are secrets that only the operator should know. accordingly, they are only entered once by the operator and then remain in the database. subsequent deployments may not overwrite the configuration afterwards, of course. In practice this has some disadvantages, but whichever way you turn it, you always end up in a separate place where you store passwords anyway (.env etc.). But the main thing is that they do not end up in the repository. In an ideal world, the programmer would not need productive credentials of his customers. He only needs his own sandbox data for the development environment.

Regarding not overwriting configuration a separate question: Are existing values actually replaced by empty or missing values in the configuration?

I agree with you… but let’s check this case:

  • I have already stored PayPal credentials in database
  • This credentials are stored also in var/configuration/1.yml which is stored in repo

… and now when I will remove this credentials from var/configuration/1.yml and I will execute apply:configuration command in my CI/CD process, it will override credentials in database with empty values… right?
… from were OXID takes module configuration first if we use var config strategy? from database or from file?