Skip to content

Kévin Dunglas

Founder of Les-Tilleuls.coop (worker-owned cooperative). Creator of API Platform, Mercure.rocks, Vulcain.rocks and of some Symfony components.

Menu
  • Talks
  • Resume
  • Sponsor me
  • Contact
Menu

Generate a Symfony password hash from the command line

Posted on December 22, 2014December 23, 2014 by Kévin Dunglas

There is an easy way to generate a Symfony compliant password hash from the command line. Assuming you’re using the bcrypt algorithm (the preferred choice according to Symfony’s security best practices), the default cost (13) and you have PHP >= 5.5 installed, just run the following command:

php -r "echo password_hash('ThePassword', PASSWORD_BCRYPT, ['cost' => 13]) . PHP_EOL;"

 It will output something like: $2y$13$7mBTrD0lgdgBxt1.YbdvOOeSOrPUYOBfeC1Ra2osPs9lpCHdplw1m

You can directly use this value in your app/config/security.yml  file:

security:
    firewalls:
        secured_area:
            pattern:    ^/
            anonymous: ~
            http_basic:
                realm: "Secured Demo Area"

    access_control:
        - { path: ^/admin, roles: ROLE_ADMIN }

    providers:
        in_memory:
             memory:
                users:
                    admin: { password: "$2y$13$7mBTrD0lgdgBxt1.YbdvOOeSOrPUYOBfeC1Ra2osPs9lpCHdplw1m", roles: 'ROLE_ADMIN' }

    encoders:
        Symfony\Component\Security\Core\User\User: bcrypt

Thanks to Sarah Khalil, a built-in Symfony command will be available in a next release (and that command will support all installed algorithms).

Related posts:

  1. PHP Schema: generate a fully functional PHP / Doctrine / Symfony data model from Schema.org vocabulary in minutes
  2. API Platform 2.1 Feature Walkthrough: Create Blazing Fast Hypermedia APIs, Generate JS Apps
  3. DunglasAngularCsrfBundle: protect your Symfony / AngularJS apps against CSRF attacks
  4. Tag Suggestion for symfony

6 thoughts on “Generate a Symfony password hash from the command line”

  1. Javier Eguiluz says:
    December 23, 2014 at 9:04 am

    Kévin, thans for publishing this tip. I agree that when using bcrypt, the hash can be easily computed with PHP command line. The problem is when using the default password encoding method used by previous Symfony versions. That’s why I personally think we need this little new command.

    Reply
    1. Kévin Dunglas says:
      December 23, 2014 at 9:27 am

      I totally agree with you!

      Reply
  2. Pingback: Reset password user Laravel auth using php command - Just Another Sharing Site ...
  3. Pingback: Generador clave hash desde línea de comandos - GarberInformatica
  4. jerome diaz says:
    April 15, 2020 at 8:03 am

    you directly pass php bin/console security:encode-password since symfony 3 or 4.

    Reply
  5. Pingback: Generador clave hash desde línea de comandos - Garber Informática Soluciones Web

Leave a Reply Cancel reply

Follow me on Twitter

My Tweets

Subscribe to this blog

Recent Posts

  • New in Caddy 2.5: Redact Sensitive Data from Your Logs
  • Building Decentralized Web Apps with Solid and PHP
  • JSON Columns and Doctrine DBAL 3 Upgrade
  • Preventing CORS Preflight Requests Using Content Negotiation
  • Symfony’s New Native Docker Support (Symfony World)

Top Posts & Pages

  • JSON Columns and Doctrine DBAL 3 Upgrade
  • Generate a Symfony password hash from the command line
  • Using the "103 Early Hints" Status Code in Go Applications
  • Symfony and API Platform get "push" and real-time capabilities (Mercure protocol)
  • API Platform 2.6: PHP 8 support, Next.js and Nuxt.js app generator, Caddy server, ActivityPub and much more!
  • Symfony's New Native Docker Support (Symfony World)
  • Preventing CORS Preflight Requests Using Content Negotiation
  • Using Next.js and Material UI Together
  • Building Decentralized Web Apps with Solid and PHP
  • Introducing the SocialShare PHP library

Persistence in PHP with the Doctrine ORM

Persistence in PHP with the Doctrine ORM

Tags

Android Apache API API Platform Buzz Caddy Docker Doctrine Go Google HTTP/2 Hydra hypermedia Hébergement Javascript JSON-LD Kubernetes La Coopérative des Tilleuls Les-Tilleuls.coop Lille Linux Mac Mercure Messagerie Instantanée MySQL Open Source PHP Punk Rock Python React REST Rock'n'Roll RSS Schema.org Security SEO SEO Symfony Symfony Live Sécurité Ubuntu Web 2.0 Wordpress XHTML XML

Archives

Categories

  • DevOps (24)
  • Mercure (3)
  • Opinions (91)
  • Programming (178)
    • Android (5)
    • Go (11)
    • JavaScript (43)
    • PHP (136)
      • API Platform (60)
      • Symfony (89)
    • Python (14)
      • Django (5)
  • Security (15)
  • SEO (24)
  • Talks (37)
  • Ubuntu (68)
  • Wordpress (6)

Blogoliste

  • API Platform
  • Les-Tilleuls.coop
  • Mercure.rocks
  • Vulcain.rocks
© 2022 Kévin Dunglas | Powered by Minimalist Blog WordPress Theme