izica/laravel-env-secure

Secure Laravel .env variables

1.13 2024-04-08 10:48 UTC

This package is auto-updated.

Last update: 2024-12-08 12:11:15 UTC


README

Latest Version on Packagist

PRs are welcome

Description

Simple Laravel package with zero dependencies for securing your env values, such as database passwords or API keys, to prevent exposure($_ENV or $_SERVER) due to mistakes

Prerequisites

This package using https://www.php.net/manual/en/ref.openssl.php

Installation

You can install the package via composer:

composer require izica/laravel-env-secure

Publish config(optional)

php artisan vendor:publish --provider="Izica\\EnvSecure\\EnvSecureServiceProvider"

Usage

1. Encrypt env value

php artisan env:secure {env key} {--cli} {--decrypt}

Options:

  • --cli - only print result in console don't rewrite .env
  • --decrypt - decrypt env value

Example:

php artisan env:secure DB_PASSWORD

Your env file will change from:

DB_PASSWORD=somepassword

to:

DB_PASSWORD=scr::zvzEOZDAE4k/7D/rx

2. Change config to

//config/database.php

use \Izica\EnvSecure\EnvSecure;

[
    //...
    'connections' => [
         //...
        'mysql' => [
            //...
            'password' => EnvSecure::env('DB_PASSWORD', ''),
        ]
    ]
]

Config

//config env-secure.php
return [
    "prefix"    => env('ENV_SECURE_PREFIX', 'scr::'),
    "algorithm" => env('ENV_SECURE_ALGORITHM', 'AES-128-CTR'),  // https://www.php.net/manual/en/function.openssl-get-cipher-methods.php
    "iv"        => env('ENV_SECURE_IV', 1234567891011121),
    "key"       => env('ENV_SECURE_KEY', null), //APP_KEY by default. If you change the key after the values have been secured, you will not be able to decrypt the values in the future.
];

Security recommendations

Set the key directly in the file, like:

//config env-secure.php
return [
   //...
    "key" => "kovdj43ksadjl32jlk"
];

Credits

License

The MIT License (MIT). Please see License File for more information.