Encrypts your Laravel .env so that it can be securely stored in source control and decrypted via a password.

It was written to quickly and easily share .env variables within source control instead of having to manually pass around variables or look them up in various 3rd party services.

Some highlights of the package include:

• Commit an encrypted version of your .env into source control to share with your team
• Written to be used in various automated deployment processes (password can be stored locally, conflict resolution)
• Can be configured to overwrite, merge, or interactively decide how to deal with merge conflicts within your .env
• Does not require any changes to your project to retrieve .env variables
• Simply edit your .env files as normal (and encrypt them when you are ready to share)
• Compare your encrypted .env with the current one and see what's different

Via Composer

$ composer require harmonic/laravel-envcoder --dev

Publish the config file (optional)

php artisan vendor:publish --provider="harmonic\LaravelEnvcoder"

After publishing the config you can change the default behaviour for environment variable conflict resolution in config/laravel-envcoder.php.

• 'merge' => Will merge changes in both files, and overwrite duplicates with what is in .env.enc (default)
• 'prompt' => Will prompt you for each value that has a different value in .env.enc vs .env or is not in both files
• 'overwrite' => Will completely overwrite your .env with what is in the encrypted version
• 'ignore' => Will ignore any changes in your encrypted .env (ie. will not decrypt)

See config/laravel-envcoder.php for more details.

From your project root simply run:

php artisan env:encrypt

You will be prompted for a password, if you prefer to enter it from the command line you can use

php artisan env:encrypt --password=password

(replace password with your password)

From your project root simply run:

php artisan env:decrypt

You will be prompted for a password, if you prefer to enter it from the command line you can use

php artisan env:decrypt --password=password

(replace the second password with your password)

You can review any changes between your current .env and the encrypted one:

php artisan env:compare --password=password

(replace the second password with your password)

You can add a variable to your .env file with the variable ENV_PASSWORD. This will be removed from the encrypted version but will allow simple encoding/decoding in development with no need for password. Simply add to your .env:

ENV_PASSWORD=passwordHere

(replace passwordHere with your password)

This way you will not be prompted for a password each time you encrypt/decrypt the .env file.

You may wish to have your production deployment script delete the .env.enc file from your server each time you deploy.

If you include the password in your .env file for local development you could add the env:decrypt command to your composer post-install section to automatically updte your .env file each time you do a composer install, eg.

"scripts": {
	"post-install-cmd": [
		"@php artisan env:decrypt"
	]
}

Please see the changelog for more information on what has changed recently.

$ phpunit

Please see contributing.md for details and a todolist.

We have selected the defuse\php-encryption package to handle the encrytion and decryption of the .env file due to its ease of use and security. With that said, storing an encrypted .env file in your source control is less secure than not storing it at all. We believe only marginally, but it's up to you to weigh up the security vs. convience and make a decision for your project.

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

• Craig Harman
• All Contributors

MIT. Please see the license file for more information.