There is an easy way to generate a Symfony compliant password hash from the command line. Assuming you’re using the bcrypt algorithm (the preferred choice according to Symfony’s security best practices), the default cost (13) and you have PHP >= 5.5 installed, just run the following command:
php -r "echo password_hash('ThePassword', PASSWORD_BCRYPT, ['cost' => 13]) . PHP_EOL;"
It will output something like: $2y$13$7mBTrD0lgdgBxt1.YbdvOOeSOrPUYOBfeC1Ra2osPs9lpCHdplw1m
You can directly use this value in your app/config/security.yml file:
security:
firewalls:
secured_area:
pattern: ^/
anonymous: ~
http_basic:
realm: "Secured Demo Area"
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
providers:
in_memory:
memory:
users:
admin: { password: "$2y$13$7mBTrD0lgdgBxt1.YbdvOOeSOrPUYOBfeC1Ra2osPs9lpCHdplw1m", roles: 'ROLE_ADMIN' }
encoders:
Symfony\Component\Security\Core\User\User: bcrypt
Thanks to Sarah Khalil, a built-in Symfony command will be available in a next release (and that command will support all installed algorithms).
Kévin, thans for publishing this tip. I agree that when using bcrypt, the hash can be easily computed with PHP command line. The problem is when using the default password encoding method used by previous Symfony versions. That’s why I personally think we need this little new command.
I totally agree with you!
you directly pass php bin/console security:encode-password since symfony 3 or 4.