PRs are welcome
Simple Laravel package with zero dependencies for securing your env values, such as database passwords or API keys, to prevent exposure($_ENV or $_SERVER) due to mistakes
This package using https://www.php.net/manual/en/ref.openssl.php
You can install the package via composer:
composer require izica/laravel-env-securephp artisan vendor:publish --provider="Izica\\EnvSecure\\EnvSecureServiceProvider"php artisan env:secure {env key} {--cli} {--decrypt}Options:
- --cli - only print result in console don't rewrite .env
- --decrypt - decrypt env value
Example:
php artisan env:secure DB_PASSWORDYour env file will change from:
DB_PASSWORD=somepasswordto:
DB_PASSWORD=scr::zvzEOZDAE4k/7D/rx//config/database.php
use \Izica\EnvSecure\EnvSecure;
[
//...
'connections' => [
//...
'mysql' => [
//...
'password' => EnvSecure::env('DB_PASSWORD', ''),
]
]
]//config env-secure.php
return [
"prefix" => env('ENV_SECURE_PREFIX', 'scr::'),
"algorithm" => env('ENV_SECURE_ALGORITHM', 'AES-128-CTR'), // https://www.php.net/manual/en/function.openssl-get-cipher-methods.php
"iv" => env('ENV_SECURE_IV', 1234567891011121),
"key" => env('ENV_SECURE_KEY', null), //APP_KEY by default. If you change the key after the values have been secured, you will not be able to decrypt the values in the future.
];Set the key directly in the file, like:
//config env-secure.php
return [
//...
"key" => "kovdj43ksadjl32jlk"
];The MIT License (MIT). Please see License File for more information.