It is sometimes necessary to store sensitive information in Magento. Noteably within the system configuration.

A password perhaps?

There is a lovely way to do this.

When defining your field in the system.xml, you can use the following backend model;


I was doing this for a password field so I also used <frontend_type>password</frontend_type> to stop those sneakypoos looking over my shoulder and taking my passwords.

The backend model alone will cause the value to be saved encrypted using the crypt key from your app/etc/local.xml.

That is to say you would not be able to look at the database and know what the password was.


So the information is now encrypted.

How do you go about using it?!

The system configuration will deal with decrypting it for you when it displays it but if you want to use the value elsewhere in your application you will need to use the following code to get it;


$value = Mage::getModel('core')->decrypt(

Secure all the things!

Credits: @p3mbo

  • magento
  • security

Like this post? Share it :)

Related Posts