README

Introduction

Laravel SecretSync allows you to seamlessly sync secrets from external secret managers directly into your Laravel application.

Supported providers:

Once installed, syncing secrets is as simple as:

php artisan secretsync

Install via Composer:

composer require umar-jimoh/laravel-secretsync

Publish the configuration file:

php artisan vendor:publish --provider="UmarJimoh\SecretSync\SecretSyncServiceProvider" --tag=config

Before syncing, make sure your chosen secret manager is properly set up and your .env file contains the required credentials.

Infisical Configuration

SECRETSYNC_PROVIDER="infisical"
INFISICAL_API_ENDPOINT=
INFISICAL_TOKEN=
INFISICAL_ENV=
INFISICAL_WORK_ID="your-infisical-project-id"

Doppler Configuration (new in v1.2.0)

SECRETSYNC_PROVIDER="doppler"
DOPPLER_TOKEN=
DOPPLER_API_ENDPOINT=
DOPPLER_PROJECT=
DOPPLER_CONFIG=

Important: Your APP_KEY must come from your secret manager.
Do not define APP_KEY in your .env file.

Syncing Secrets

php artisan secretsync

This command fetches and applies secrets from your configured provider.

You can enable caching so secrets aren’t fetched on every sync:

SECRETSYNC_CACHE=true
SECRETSYNC_CACHE_TTL=300   # seconds
SECRETSYNC_CACHE_DRIVER=   # optional, defaults to Laravel's cache driver

Secrets stored in the cache are securely encrypted.

These settings can also be configured in config/secretsync.php.

For detailed error output:

php artisan secretsync --debug

Or enable debugging in .env:

SECRETSYNC_DEBUG=true

After running:

php artisan optimize

or clearing config:

php artisan config:clear

You must run:

php artisan secretsync

to ensure all secrets are properly loaded.

Please see the CONTRIBUTING guide for details.

If you have questions or suggestions, feel free to reach out:

This package is open-source and licensed under the MIT License.