Git Product home page Git Product logo

laravel-envcoder's Introduction

Laravel Envcoder

Latest Version on Packagist Total Downloads Build Status StyleCI

Encrypts your Laravel .env so that it can be securely stored in source control and decrypted via a password.

It was written to quickly and easily share .env variables within source control instead of having to manually pass around variables or look them up in various 3rd party services.

Envcoder-Demo

Some highlights of the package include:

  • Commit an encrypted version of your .env into source control to share with your team
  • Written to be used in various automated deployment processes (password can be stored locally, conflict resolution)
  • Can be configured to overwrite, merge, or interactively decide how to deal with merge conflicts within your .env
  • Does not require any changes to your project to retrieve .env variables
  • Simply edit your .env files as normal (and encrypt them when you are ready to share)
  • Compare your encrypted .env with the current one and see what's different

Installation

Via Composer

$ composer require harmonic/laravel-envcoder --dev

Publish the config file (optional)

php artisan vendor:publish --provider="harmonic\LaravelEnvcoder"

Configuration

After publishing the config you can change the default behaviour for environment variable conflict resolution in config/laravel-envcoder.php.

  • 'merge' => Will merge changes in both files, and overwrite duplicates with what is in .env.enc (default)
  • 'prompt' => Will prompt you for each value that has a different value in .env.enc vs .env or is not in both files
  • 'overwrite' => Will completely overwrite your .env with what is in the encrypted version
  • 'ignore' => Will ignore any changes in your encrypted .env (ie. will not decrypt)

See config/laravel-envcoder.php for more details.

Usage

Encypting your .env

From your project root simply run:

php artisan env:encrypt

You will be prompted for a password, if you prefer to enter it from the command line you can use

php artisan env:encrypt --password=password

(replace password with your password)

Decrypting your .env

From your project root simply run:

php artisan env:decrypt

You will be prompted for a password, if you prefer to enter it from the command line you can use

php artisan env:decrypt --password=password

(replace the second password with your password)

Compare .env.enc with .env (Diff)

You can review any changes between your current .env and the encrypted one:

php artisan env:compare --password=password

(replace the second password with your password)

Include password in your .env file

You can add a variable to your .env file with the variable ENV_PASSWORD. This will be removed from the encrypted version but will allow simple encoding/decoding in development with no need for password. Simply add to your .env:

ENV_PASSWORD=passwordHere

(replace passwordHere with your password)

This way you will not be prompted for a password each time you encrypt/decrypt the .env file.

Some usage suggestions

You may wish to have your production deployment script delete the .env.enc file from your server each time you deploy.

If you include the password in your .env file for local development you could add the env:decrypt command to your composer post-install section to automatically updte your .env file each time you do a composer install, eg.

"scripts": {
	"post-install-cmd": [
		"@php artisan env:decrypt"
	]
}

Change log

Please see the changelog for more information on what has changed recently.

Testing

$ phpunit

Contributing

Please see contributing.md for details and a todolist.

Security

We have selected the defuse\php-encryption package to handle the encrytion and decryption of the .env file due to its ease of use and security. With that said, storing an encrypted .env file in your source control is less secure than not storing it at all. We believe only marginally, but it's up to you to weigh up the security vs. convience and make a decision for your project.

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

Credits

License

MIT. Please see the license file for more information.

laravel-envcoder's People

Watchers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.