Skip to content

Kévin Dunglas

Founder of Les-Tilleuls.coop (worker-owned cooperative). Creator of API Platform, Mercure.rocks, Vulcain.rocks and of some Symfony components.

Menu
  • Talks
  • Resume
  • Sponsor me
  • Contact
Menu

Generate a Symfony password hash from the command line

Posted on December 22, 2014December 23, 2014 by Kévin Dunglas

There is an easy way to generate a Symfony compliant password hash from the command line. Assuming you’re using the bcrypt algorithm (the preferred choice according to Symfony’s security best practices), the default cost (13) and you have PHP >= 5.5 installed, just run the following command:

php -r "echo password_hash('ThePassword', PASSWORD_BCRYPT, ['cost' => 13]) . PHP_EOL;"

 It will output something like: $2y$13$7mBTrD0lgdgBxt1.YbdvOOeSOrPUYOBfeC1Ra2osPs9lpCHdplw1m

You can directly use this value in your app/config/security.yml  file:

security:
    firewalls:
        secured_area:
            pattern:    ^/
            anonymous: ~
            http_basic:
                realm: "Secured Demo Area"

    access_control:
        - { path: ^/admin, roles: ROLE_ADMIN }

    providers:
        in_memory:
             memory:
                users:
                    admin: { password: "$2y$13$7mBTrD0lgdgBxt1.YbdvOOeSOrPUYOBfeC1Ra2osPs9lpCHdplw1m", roles: 'ROLE_ADMIN' }

    encoders:
        Symfony\Component\Security\Core\User\User: bcrypt

Thanks to Sarah Khalil, a built-in Symfony command will be available in a next release (and that command will support all installed algorithms).

Related posts:

  1. PHP Schema: generate a fully functional PHP / Doctrine / Symfony data model from Schema.org vocabulary in minutes
  2. API Platform 2.1 Feature Walkthrough: Create Blazing Fast Hypermedia APIs, Generate JS Apps
  3. DunglasAngularCsrfBundle: protect your Symfony / AngularJS apps against CSRF attacks
  4. Tag Suggestion for symfony

6 thoughts on “Generate a Symfony password hash from the command line”

  1. Javier Eguiluz says:
    December 23, 2014 at 9:04 am

    Kévin, thans for publishing this tip. I agree that when using bcrypt, the hash can be easily computed with PHP command line. The problem is when using the default password encoding method used by previous Symfony versions. That’s why I personally think we need this little new command.

    Reply
    1. Kévin Dunglas says:
      December 23, 2014 at 9:27 am

      I totally agree with you!

      Reply
  2. Pingback: Reset password user Laravel auth using php command - Just Another Sharing Site ...
  3. Pingback: Generador clave hash desde línea de comandos - GarberInformatica
  4. jerome diaz says:
    April 15, 2020 at 8:03 am

    you directly pass php bin/console security:encode-password since symfony 3 or 4.

    Reply
  5. Pingback: Generador clave hash desde línea de comandos - Garber Informática Soluciones Web

Leave a ReplyCancel reply

Subscribe to this blog

Recent Posts

  • The PHP Revolution Is Underway: FrankenPHP 1.0 Beta
  • 6x faster Docker builds for Symfony and API Platform projects
  • Mitigate Attacks on your PHP Supply Chain
  • How Can JSON-LD Help You Sell More?
  • Symfony ImportMaps: Manage Your JavaScript Dependencies Without Node

Top Posts & Pages

  • The PHP Revolution Is Underway: FrankenPHP 1.0 Beta
  • FrankenPHP: The Modern Php App Server, written in Go
  • Preventing CORS Preflight Requests Using Content Negotiation
  • JSON Columns and Doctrine DBAL 3 Upgrade
  • 6x faster Docker builds for Symfony and API Platform projects
  • Securely Access Private Git Repositories and Composer Packages in Docker Builds
  • Symfony's New Native Docker Support (Symfony World)
  • Goroutines, threads, and thread IDs
  • Generate a Symfony password hash from the command line
  • API Platform 3 Is Released!

Persistence in PHP with the Doctrine ORM

Persistence in PHP with the Doctrine ORM

Tags

Apache API API Platform Buzz Caddy Docker Doctrine Go Google GraphQL HTTP/2 Hydra hypermedia Hébergement Javascript JSON-LD Kubernetes La Coopérative des Tilleuls Les-Tilleuls.coop Lille Linux Mac Mercure Messagerie Instantanée MySQL performance PHP Punk Rock Python React REST Rock'n'Roll RSS Schema.org Security SEO SEO Symfony Symfony Live Sécurité Ubuntu Web 2.0 webperf XHTML XML

Archives

Categories

  • DevOps (27)
  • Mercure (5)
  • Opinions (91)
  • Programming (190)
    • Android (5)
    • Go (14)
    • JavaScript (45)
    • PHP (148)
      • API Platform (68)
      • Symfony (92)
    • Python (14)
      • Django (5)
  • Security (15)
  • SEO (24)
  • Talks (40)
  • Ubuntu (68)
  • Wordpress (6)

Social

  • Mastodon
  • Twitter
  • LinkedIn
  • YouTube
  • GitHub

Links

  • API Platform
  • Les-Tilleuls.coop
  • Mercure.rocks
  • Vulcain.rocks
© 2023 Kévin Dunglas | Powered by Minimalist Blog WordPress Theme