{"id":18665666,"url":"https://github.com/gawsoftpl/laravel-secrets","last_synced_at":"2026-05-05T06:38:52.448Z","repository":{"id":60221226,"uuid":"541689840","full_name":"gawsoftpl/laravel-secrets","owner":"gawsoftpl","description":"Remove secrets from logs, read secrets from file. Ideal for Docker and Kubernetes","archived":false,"fork":false,"pushed_at":"2024-03-14T22:22:35.000Z","size":222,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-03-14T23:33:28.959Z","etag":null,"topics":["laravel","logs","secrets","security"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gawsoftpl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-09-26T16:50:56.000Z","updated_at":"2023-03-03T19:48:23.000Z","dependencies_parsed_at":"2024-03-14T23:40:39.378Z","dependency_job_id":null,"html_url":"https://github.com/gawsoftpl/laravel-secrets","commit_stats":{"total_commits":27,"total_committers":2,"mean_commits":13.5,"dds":0.07407407407407407,"last_synced_commit":"c451ad11bb6fbb97b65e88fea51d5f3f93afc3ad"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gawsoftpl%2Flaravel-secrets","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gawsoftpl%2Flaravel-secrets/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gawsoftpl%2Flaravel-secrets/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gawsoftpl%2Flaravel-secrets/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gawsoftpl","download_url":"https://codeload.github.com/gawsoftpl/laravel-secrets/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239493706,"owners_count":19647995,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["laravel","logs","secrets","security"],"created_at":"2024-11-07T08:28:37.611Z","updated_at":"2025-11-06T11:30:38.667Z","avatar_url":"https://github.com/gawsoftpl.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Laravel Secrets\nA Laravel package with 2 main functions:\n1. Remove secrets from Logs. Prevent from secrets being leaked in logs.\n2. Load kubernetes/docker secrets from file\n\n\n# Demo \u0026 Usage\n\n### 1. Remove secrets from Logs\nWithout laravel-secrets. secretpassword leaked in log\n```\n[2022-07-20 16:11:34] local.NOTICE: This is a notice level message.\n[2022-07-20 16:11:34] local.ALERT: Can't connect with https://login:secretpassword@example.com\n```\nWith laravel-secrets, secretpassword is redacted before send log\n```\n[2022-07-20 16:11:34] local.NOTICE: This is a notice level message.\n[2022-07-20 16:11:34] local.ALERT: Can't connect with https://login:[redacted]@example.com\n```\n\n### 2. Read secret from file.\n```php\nreturn [\n    'connections' =\u003e [\n        'mysql' =\u003e [\n            'driver' =\u003e 'mysql',\n            'port' =\u003e env('DB_PORT', '3306'),\n            'username' =\u003e laravel_secrets('/run/secrets/db/username', env('DB_USERNAME')),\n            'password' =\u003e laravel_secrets('db/password', env('DB_PASSWORD')),\n        ],\n]\n```\n\n# Minimum requirements\n- PHP 8.0\n- Laravel 8.0\n\n# Installation\n```sh\ncomposer require gawsoft/laravel-secrets\n```\n\nInstall package assets\n```\nphp artisan vendor:publish --provider=\"Gawsoft\\LaravelSecrets\\LaravelSecretsServiceProvider\"\n```\n\n# Configuration\n\nExample config/secrets.php:\n\n```php\n\u003c?php\n\nreturn [\n    'strategy' =\u003e [\n        # String with which secrets value will be replaced\n        'redaction' =\u003e '[redacted]',\n        # Default strategy to load secrets\n        'handler' =\u003e \\Gawsoft\\LaravelSecrets\\Secrets\\Providers\\ContainerStrategy::class,\n\n        # Config for strategy\n        'config' =\u003e [\n            # Default path to your secrets\n            # - when you run laravel_secrets('db/password') -\u003e Will check path /run/secrets/db/password\n            # - when you run laravel_secrets('/secrets/db/password') -\u003e Ignore default path and check /secrets/db/password\n            'path' =\u003e '/run/secrets/',\n            # If you encrypt secret all encrypted string will start with this string.\n            # This string cannot be empty!\n            'encrypted_prefix' =\u003e 'encrypted:',\n        ]\n    ],\n    // Remove from logs sensitive keys\n    'logs' =\u003e [\n        // When set empty whitelist array, all config values will be redacted.\n        // When set min one value only this value will be redacted.\n        'whitelist' =\u003e [\n          //  'app.key',\n          //  'mail.mailers.smtp.password',\n          //  'database.connections.mysql.password'\n        ],\n        'blacklist' =\u003e [\n            'app.name',\n            'logging.level',\n        ],\n    ]\n];\n```\n\n\n## 1. Read secrets from file\nWhen you install laravel in docker or kubernetes for security reason your devops team inject secrets to file in the container. \nThis package will read this secret with function laravel_secrets. \n\n```php\nlaravel_secrets('\u003cPATH-TO-FILE\u003e', '\u003cDEFAULT-VALUE\u003e');\n```\n## 2. Read encrypted secrets from file\nYou can also encrypt secrets with Laravel App Key and auto encrypt after loaded encrypted string to Laravel config.\n```sh\n# Encrypt password by artisan command\necho \"abc\" \u003e /tmp/password\ncat /tmp/password | php artisan laravel-secrets:encrypt --stdin\n\n# Decrypt password\necho \"encrypted:eyJpdiI6InhQbEhUREJQa21mcW85M0tYSEhhOUE9PSIsInZhbHVlIjoiY2pXZ0lqUlY4YVoydDdyZzVHak9XUT09IiwibWFjIjoiMWFlZjA4MGIyN2Q2YmEwMzc4ZGNjNTYzYTgyOTNiMzFiOWM0OTVmZWFkNGYzZTFiNDAwM2Y1NzgyYWJlMDEwMCIsInRhZyI6IiJ9\" \u003e /tmp/encrypted\ncat /tmp/encrypted | php artisan laravel-secrets:decrypt --stdin\n```\n\n## 3. Remove secrets from Logs\nDuring logs process in Laravel my package will remove sensitive data from log message. \n**Default will remove all values saved in all configs**.\nYou can change this options in config/secrets.php via set whitelist and blacklist.\n\n```php\n#config/secrets.php\nreturn [\n    // Remove sensitive keys from logs \n    'logs' =\u003e [\n        // When set empty whitelist array, all config values will be redacted.\n        // When set min one value only this value will be redacted.\n        'whitelist' =\u003e [\n          //  'app.key',\n          //  'mail.mailers', # Alle mailers secrets will be redacted\n          //  'database.connections.mysql.password'\n        ],\n        // Do not redact values from blacklist. Those values will show in logs\n        'blacklist' =\u003e [\n            'app.name',\n            'logging.level',\n        ],\n    ]\n];\n```\n# Tests\n```sh\ncomposer test\n```\n\n# RoadMap\n- Add Strategy for AWS Secret Manager\n- Add Strategy for Hashicorp Vault\n\n# How to write new strategy\n1. Create new file LaravelSecrets\\Secrets\\Providers\\MySecretProvider.php\n2. Write your driver\n```php\n\u003c?php\n\nnamespace MyCompany\\MyPackage\\LaravelSecrets\\Secrets\\Providers\\MySecretProvider;\n\nuse Gawsoft\\LaravelSecrets\\Abstracts\\SecretsProviderAbstract;\nuse Gawsoft\\LaravelSecrets\\Interfaces\\SecretProviderInterface;\n\n\nclass ContainerStrategy extends SecretsProviderAbstract implements SecretProviderInterface\n{\n    function getSecret(string $name): string | null\n    {\n        // Get secret from your source\n    }\n\n}\n```\n3. Register as default strategy in configs/secrets.php\n```php\nreturn [\n    'strategy' =\u003e [\n        ...\n        'handler' =\u003e \\MyCompany\\MyPackage\\LaravelSecrets\\Secrets\\Providers\\MySecretProvider::class,\n        ...\n    ]\n```\n\n# License\nMIT\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgawsoftpl%2Flaravel-secrets","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgawsoftpl%2Flaravel-secrets","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgawsoftpl%2Flaravel-secrets/lists"}