Affected: PHP SDK
Overview
Securing communication with data stores is crucial for maintaining the integrity and confidentiality of feature flag data.
Solution
Use one of the following options to configure TLS for Redis when using it as a datastore for LaunchDarkly's PHP SDK:
Utilizing predis_options parameter
When using Predis as the Redis client, the PHP SDK offers the ability to pass TLS options through the predis_options parameter in the featureRequester() method.
Example:
'services' => [
'launchDarkly' => [
'key' => env('LAUNCH_DARKLY_KEY'),
'configs' => [
'connect_timeout' => 3,
'feature_requester_class' => LaunchDarkly\Impl\Integrations\RedisFeatureRequester::class,
'redis_host' => env('LD_RELAY_REDIS_HOST'),
'redis_port' => env('LD_RELAY_REDIS_PORT'),
'redis_prefix' => env('APP_ENV'),
'predis_options' => [
'scheme' => 'tls'
]
],
]
]
Employing pre-configured Predis client
Another approach involves creating a Predis client instance with TLS enabled. This instance can then be passed to the LaunchDarkly PHP SDK using the predis_client parameter, which overrides all other Redis options.
Example:
use Predis\Client;
$predisClient = new Client([
'scheme' => 'tls',
'host' => env('LD_RELAY_REDIS_HOST'),
'port' => env('LD_RELAY_REDIS_PORT'),
]);
'services' => [
'launchDarkly' => [
'key' => env('LAUNCH_DARKLY_KEY'),
'configs' => [
'connect_timeout' => 3,
'feature_requester_class' => LaunchDarkly\Impl\Integrations\RedisFeatureRequester::class,
'predis_client' => $predisClient,
'redis_prefix' => env('APP_ENV'),
],
]
]