Craft 3.1, DotAll Berlin, big tips, and other Craft CMS goodies
DotAll is just days away. What will be revealed? A new Craft powered iPhone? Odds are against that, but Craft 3.1 is sure to be a hot topic. Check out the top story below for a preview of that.
This issue features a very big tip on security keys to your Craft site. If that’s all you read this issue, be sure to check it out. As always, there is more to check out: Craft news, plugins and generally interesting links about web dev.
Thank you to this issue’s sponsor, fortrabbit. If you’re at DotAll in Berlin, you’re likely to run into their crew there. Say "hello".
I won’t be at DotAll this year. If you happen to collect some links while you’re there, please send them along.
Let’s hit the links.
Regarding plugin pricing.
I don't embed Slack links here in the newsletter, but while the thread lasts in Slack history, there's a discussion there in the #announcments channel to check out. In what one user called the longest thread in Slack history, the pricing of plugins got debated. Spoon, a $59 plugin, is the one that got the ball rolling. Is $59 an appropriate price for a plugin?
On one side, there was lament that Craft 3 plugins are more often paid plugins compared to their Craft 2 counterparts. For small projects, plugin costs can impact what you can build, especially when budgets are tight.
On the other side were plugin developers (and users) defending the cost of paid plugins given the time commitment to write and support them. Paying for imagery is normal in a site build and plugins should be thought of in a similar fashion.
Andrew Welch, who most of you know and whose plugins you may use, mentioned that "no one is forcing you to buy said [paid] plugin. If you think it's too expensive, use a free alternative, or write your own."
Do you agree or disagree? If you want to join in that discussion, head over Craft Slack. Or just buy or not buy a plugin.
(Note regarding quotes in CLL: Slack is a sudo-private place to talk and discuss. I seek consent from people who are quoted here in the newsletter before direct quotes. Slack is a safe place to talk and I want to keep it that way.)
Tools, tips and fundamentals
The importance of your Craft "Security Key".
During the installation process for Craft 3, you will have a security key automatically generated, or you can make one of your own. (See the documentation here.)
A recent discussion in Slack highlighted the importance of this key. So, for the record, the security key is very important. Don't lose it.
The security key is stored in an
.env file, which is typically not stored with your repo. Also, storing it with your files as an environment variable is probably not the safest thing to do either.
The problem is that this means that key is, by default, not stored anywhere in a safe manner. It's not part of your backup. You need to take the responsibility of storing that key safely somewhere on your own, like in a password manager.
Why? Image that your local repo gets deleted. This happens. Now imagine you have server troubles. This also happens. Now your key is lost which means any data in your database that was encrypted with that key is encrypted with a key you don't have. Without that key, you can't recover any data that's used that key to encrypt data.
The solution? For every Craft 3 site you work on, make a personal record of the security key and store it somewhere safely so you can recover your data when the time comes.