—

Why it Matters

Personally Identifiable Information (PII) such as customer names, emails, phone numbers, and addresses should never be stored in configuration files. Magento configs (like app/etc/env.php or .env) are often shared between environments or stored in repositories. If PII is embedded there, it can leak through backups, version control, or deployment pipelines.

Minimizing PII in configuration ensures sensitive customer data is only kept in the database with proper access controls, not scattered in configs where it may be exposed to unauthorized users.

Verification Steps

# Check for PII in env.php or .env
grep -Ei "(email|name|phone|address)" app/etc/env.php
grep -Ei "(email|name|phone|address)" .env

# Expected: no PII values present

# Scan Git history for leaked PII
trufflehog git file://. --regex --entropy=False

Remediation / Fix Guidance

1. Never hardcode customer or employee PII in configuration files.
2. Use configs only for:
   • Connection strings
   • API keys (stored securely, not in VCS)
   • Environment-level toggles
3. Remove any existing PII from configs and rotate affected data (e.g., reset test emails to dummy values).
4. Use anonymized placeholders (like test@example.com) for testing environments.
5. Automate scanning of config files in CI/CD to prevent committing PII.

Examples

# app/etc/env.php
'admin' => [
  'email' => 'jane.doe@customer.com',   // PII in config → FAIL
]

# app/etc/env.php
'admin' => [
  'email' => 'test@example.com',   // Placeholder only, no PII
]

References

• OWASP Top 10 — A05: Security Misconfiguration
• OWASP — Sensitive Data Exposure
• GDPR — Data minimization principle