rodas / dotenvx
Dotenvx encryption for PHP
Installs: 2
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 1
Open Issues: 0
pkg:composer/rodas/dotenvx
Requires
- php: >=8.4
- ext-pcre: *
- paragonie/sodium_compat: ^2.4
- symfony/polyfill-iconv: ^1.33
- vlucas/phpdotenv: ^5.6
Requires (Dev)
- phpunit/php-code-coverage: ^12.4
- phpunit/phpunit: ^12.4
Suggests
- ext-ctype: For best performance
- ext-filter: Required to use the boolean validator.
- ext-iconv: For best performance
- ext-mbstring: For best performance
- ext-sodium: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security.
This package is auto-updated.
Last update: 2025-12-08 19:34:18 UTC
README
Plaintext .env files have been a major attack vector,
but they've also been undeniably useful.
"Dotenvx: Reducing Secrets Risk with Cryptographic Separation
Abstract. An ideal secrets solution would not only centralize secrets but also contain the fallout of a breach. While secrets managers offer centralized storage and distribution, their design creates a large blast radius, risking exposure of thousands or even millions of secrets. We propose a solution that reduces the blast radius by splitting secrets management into two distinct components: an encrypted secrets file and a separate decryption key.
..."
Dotenvx decrypts your .env files.
Using with cryptographic separation limiting their attack vector while
retaining their benefits.
Allowing use in small projects, on virtual servers, where it is not possible to
run an external startup script for the application.
Important
But for this to be effective, the decryption keys (private key) and the application must be in separate environments, while maintaining security in each environment.
This library also provides an adapter to dump the .env values into
an array and a multi-level array.
How to use
See the documentation.
Under the hood, this is all implemented using the same public-key cryptography as Bitcoin.
📦 Available at Packagist: rodas/dotenvx