qveronq / laravel-infisical-sync
Sync your Laravel .env secrets with Infisical. Push, pull and diff environment variables between your .env file and your Infisical vault using the official PHP SDK.
Fund package maintenance!
QveronQ
Installs: 2
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
pkg:composer/qveronq/laravel-infisical-sync
Requires
- php: ^8.2
- illuminate/contracts: ^11.0||^12.0
- infisical/php-sdk: ^0.0.1
- spatie/laravel-package-tools: ^1.16
Requires (Dev)
- larastan/larastan: ^3.0
- laravel/pint: ^1.14
- nunomaduro/collision: ^8.8
- orchestra/testbench: ^10.0.0||^9.0.0
- pestphp/pest: ^4.0
- pestphp/pest-plugin-arch: ^4.0
- pestphp/pest-plugin-laravel: ^4.0
- phpstan/extension-installer: ^1.4
- phpstan/phpstan-deprecation-rules: ^2.0
- phpstan/phpstan-phpunit: ^2.0
README
Sync your Laravel .env secrets with Infisical. Push, pull, diff and sync environment variables between your .env file and your Infisical vault using the official PHP SDK.
Installation
composer require qveronq/laravel-infisical-sync
Publish the config file:
php artisan vendor:publish --tag="laravel-infisical-sync-config"
Then add the following to your .env:
INFISICAL_URL=https://app.infisical.com # Optional, for self-hosted instances INFISICAL_CLIENT_ID=your-machine-identity-client-id INFISICAL_CLIENT_SECRET=your-machine-identity-client-secret INFISICAL_PROJECT_ID=your-project-id INFISICAL_ENVIRONMENT=dev
Usage
Pull secrets from Infisical into your .env
php artisan infisical:pull
Options: --env=, --path=, --force, --backup, --dry-run, --show-values
Push your .env variables to Infisical
php artisan infisical:push
Options: --env=, --path=, --force, --dry-run, --show-values
Compare local .env with Infisical
php artisan infisical:diff
Options: --env=, --path=, --show-values
Bidirectional sync
Sync both ways in a single command: pushes local-only variables to Infisical and pulls remote-only variables to your .env.
php artisan infisical:sync
Options: --env=, --path=, --conflict=, --force, --backup, --dry-run, --show-values
Conflict resolution
When a variable exists on both sides with different values, the --conflict option (or config sync_conflict_strategy) controls the behavior:
| Strategy | Behavior |
|---|---|
skip (default) |
Conflicts are ignored and shown as warnings |
remote |
Infisical value overwrites local |
local |
Local value overwrites Infisical |
# Use Infisical as source of truth for conflicts php artisan infisical:sync --conflict=remote # Force sync without confirmation (useful for CI/CD) php artisan infisical:sync --force --conflict=remote
Configuration
// config/infisical-sync.php return [ 'url' => env('INFISICAL_URL', 'https://app.infisical.com'), 'client_id' => env('INFISICAL_CLIENT_ID'), 'client_secret' => env('INFISICAL_CLIENT_SECRET'), 'project_id' => env('INFISICAL_PROJECT_ID'), 'environment' => env('INFISICAL_ENVIRONMENT', 'dev'), 'secret_path' => env('INFISICAL_SECRET_PATH', '/'), 'exclude_keys' => [ 'INFISICAL_*', // Supports wildcards ], 'sync_conflict_strategy' => env('INFISICAL_SYNC_CONFLICT_STRATEGY', 'skip'), 'env_file' => base_path('.env'), ];
Testing
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.