audunru / config-secrets
Retrieve secrets from 3rd party services and use them as config variables in Laravel
Requires
- php: ^8.2
- aws/aws-sdk-php: ^3.0
- laravel/framework: ^11.0
- spatie/laravel-package-tools: ^1.9
Requires (Dev)
- fakerphp/faker: ^1.12
- friendsofphp/php-cs-fixer: ^3.0
- mockery/mockery: ^1.0
- orchestra/testbench: ^9.0
- php-coveralls/php-coveralls: ^2.2
- phpmd/phpmd: ^2.10
- phpunit/phpunit: ^11.0
- roave/security-advisories: dev-latest
This package is auto-updated.
Last update: 2024-05-10 15:14:37 UTC
README
Retrieve secrets from AWS Secrets Manager and override config variables in Laravel.
As an example, you could store your database password in AWS Secrets Manager instead of your .env file. This package does not modify your .env file or config files. Instead, the configuration values are set using Laravel's config() helper right after your application has started.
Migration guides
Installation
Step 1: Install with Composer
composer require audunru/config-secrets
Step 2: Publish configuration
Publish the configuration file by running:
php artisan vendor:publish --tag=config-secrets-config
Step 3: Edit configuration
This package supports two config providers: aws retrieves secrets from AWS Secrets Manager, and the array provider simply retrieves them from config-secrets.php.
Aws
- Create a new secret.
- Set the secret value to any number of key/value pairs. You can prefix the secret value with
base64:followed by a base64 encoded string. This is useful for private and public keys, for instance.
In your Laravel application:
- Set
AWS_DEFAULT_REGIONin.envor set the region directly in config-secrets.php - Set
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEYin.envor use any of the other options that AWS SDK offers - Map Laravel configuration keys to secret keys under the
awsprovider'sconfigurationsection in config-secrets.php
Array
The array provider replaces configuration values with values from config-secrets.php. Look in config-secrets.php for an example. This allows you to keep environment specific configuration values in source control. For obvious reasons, do not use the array provider for values that should be kept secret.
Step 4: Update bootstrap/app.php
Add the following lines to bootstrap/app.php (recommended but not required):
use Illuminate\Foundation\Application; use Illuminate\Foundation\Bootstrap\LoadConfiguration; use audunru\ConfigSecrets\ConfigSecretsServiceProvider; $app->afterBootstrapping(LoadConfiguration::class, fn (Application $app) => ConfigSecretsServiceProvider::registerAndUpdate($app));
Loading the secrets in bootstrap/app.php instead of in a service provider ensures that you can override (probably) any configuration value. For instance, Laravel's RedisServiceProvider uses the available configuration values when it is registered. Without the code above, you won't be able to override the Redis password.
Step 5: Enable configuration cache
It is very important that you cache your Laravel configuration with php artisan config:cache or php artisan optimize when you use this package. If not, secrets will be retrieved for every request. This process is slow and costly!
Alternatives
Development
Testing
Run tests:
composer verify