It is a common requirement to have an up to date copy of a database for local development. However, this can present a number of challenges, including exposure of Personally Identifiable Information (PII).
We've all read the headlines about data breaches due to database dumps being left on a developers machine or publicly accessible server. This can be a PR disaster for your clients and lead to real world consquences for users.
The traditional approach
The traditional approach for securely sharing database images usually involves:
- Manual shelling into an environment
- Run a mysql dump
- Sync the files back to local
- Import the dump file into a local database
Giving developers access to manually shell into an environment opens up a security risk, not to mention the possibility of someone unintentionally dropping a live database.
The Skpr solution
Skpr mitigates this risk by providing nightly snapshots of sanitised databases as docker images.
An automated nightly job looks like:
- Dump the database
- Sanitise the personally identifiable information
- Create a docker image of the database
- Push to a private repository
By default, the sanitisation rules are configured for Drupal, but this can be configured to your use case.
Using a simple command, developers can get the latest database image:
skpr mysql pull <env>
In addition, a snapshot can be created on demand using:
skpr mysql create <env>
How do I use database images?
Database images can also be easily integrated into your own local development workflow. Below is an example docker-compose.yml configuration.
mysql: image: xxxxxx.dkr.ecr.region.amazonaws.com/project/mysql:dev-default-latest
Database images are also a perfect fit for Continuous Integration. When using platforms like CircleCI you can specify the database image you want to test on.
By using Skpr, and running these scheduled tasks overnight you can rest assured that your sites and clients will never have PII leaks and that your databases are ready to go the next morning.