Best practice sharing credentials with developers (especially on Cloudways)
I’ve been talking to Cloudways support and they say they only support one set of MySQL access credentials. So, unlike for SFTP, I can’t give each developer unique access credentials.
Is this the same with other hosting providers? If so, how do you deal with the security implications? Do you change the MySQL credentials manually regularly?
It is. Once someone has sftp they can get the mysql access from looking at the settings file.
Trusting your developer or hiring a developer you trust is the best practice.
OK, good to know.
The problem for me is not with the developers I use regularly, but say I have 10 modules from different developers and I only need them to take a look at something once. I’d rather give them each a revocable access.
Perhaps I should set up a mirror site and let them work on that instead.
You can set up access just to their module directory in cpanel. I have never tried to set a document root for sftp on cloudways, but I am sure you can.
That’s a good idea. That would solve it if one could have different MySQL logins.