laravel-env-secure maintained by izica
Laravel env secure
PRs are welcome
Description
Simple Laravel package with zero dependencies for securing your env values, such as database passwords or API keys, to prevent exposure($_ENV or $_SERVER) due to mistakes
Prerequisites
This package using https://www.php.net/manual/en/ref.openssl.php
Installation
You can install the package via composer:
composer require izica/laravel-env-secure
Publish config(optional)
php artisan vendor:publish --provider="Izica\\EnvSecure\\EnvSecureServiceProvider"
Usage
1. Encrypt env value
php artisan env:secure {env key} {--cli} {--decrypt}
Options:
- --cli - only print result in console don't rewrite .env
- --decrypt - decrypt env value
Example:
php artisan env:secure DB_PASSWORD
Your env file will change from:
DB_PASSWORD=somepassword
to:
DB_PASSWORD=scr::zvzEOZDAE4k/7D/rx
2. Change config to
//config/database.php
use \Izica\EnvSecure\EnvSecure;
[
//...
'connections' => [
//...
'mysql' => [
//...
'password' => EnvSecure::env('DB_PASSWORD', ''),
]
]
]
Config
//config env-secure.php
return [
"prefix" => env('ENV_SECURE_PREFIX', 'scr::'),
"algorithm" => env('ENV_SECURE_ALGORITHM', 'AES-128-CTR'), // https://www.php.net/manual/en/function.openssl-get-cipher-methods.php
"iv" => env('ENV_SECURE_IV', 1234567891011121),
"key" => env('ENV_SECURE_KEY', null), //APP_KEY by default. If you change the key after the values have been secured, you will not be able to decrypt the values in the future.
];
Security recommendations
Set the key directly in the file, like:
//config env-secure.php
return [
//...
"key" => "kovdj43ksadjl32jlk"
];
Credits
License
The MIT License (MIT). Please see License File for more information.