{"id":15525067,"url":"https://github.com/staabm/secure_dotenv","last_synced_at":"2026-04-13T16:01:01.420Z","repository":{"id":207536447,"uuid":"719490862","full_name":"staabm/secure_dotenv","owner":"staabm","description":"A secure .env handler with encrypted key/value storage","archived":false,"fork":false,"pushed_at":"2025-10-13T05:22:27.000Z","size":73,"stargazers_count":5,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-10-24T02:56:41.210Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"psecio/secure_dotenv","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/staabm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["staabm"]}},"created_at":"2023-11-16T09:29:18.000Z","updated_at":"2025-10-02T16:23:20.000Z","dependencies_parsed_at":"2024-04-22T08:27:18.252Z","dependency_job_id":"313dde8d-6bd8-4a00-91be-be07262b471e","html_url":"https://github.com/staabm/secure_dotenv","commit_stats":{"total_commits":41,"total_committers":8,"mean_commits":5.125,"dds":0.5365853658536586,"last_synced_commit":"5e65a22883401a0dc3a88d25d0d96e8b43d35adb"},"previous_names":["staabm/secure_dotenv"],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/staabm/secure_dotenv","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/staabm%2Fsecure_dotenv","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/staabm%2Fsecure_dotenv/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/staabm%2Fsecure_dotenv/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/staabm%2Fsecure_dotenv/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/staabm","download_url":"https://codeload.github.com/staabm/secure_dotenv/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/staabm%2Fsecure_dotenv/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31759540,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-13T15:25:13.801Z","status":"ssl_error","status_checked_at":"2026-04-13T15:25:09.162Z","response_time":93,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-02T10:54:28.892Z","updated_at":"2026-04-13T16:01:01.358Z","avatar_url":"https://github.com/staabm.png","language":"PHP","funding_links":["https://github.com/sponsors/staabm"],"categories":[],"sub_categories":[],"readme":"# secure_dotenv\n\nThe `secure_dotenv` library provides an easy way to handle the encryption and decryption of the information in your `.env` file.\n\nOne of the generally accepted security best practices is preventing the use of hard-coded, plain-text credentials of any kind. This library allows you to store the values in your `.env` as encrypted strings but still be able to access them transparently without worrying about implementing your own encryption method.\n\n## Installation\n\n### Download Composer package\n\nYou can install the library easily with a Composer `require` call on the command line:\n\n```\ncomposer require staabm/secure_dotenv\n```\n\n### Generate the key\n\nFirst, you'll need to generate your encryption key. The library makes use of the [defuse/php-encryption](https://github.com/defuse/php-encryption) library for it's encryption handling.\n\n```\nphp vendor/bin/generate-defuse-key\n```\n\nThis will result in a randomized string to use with the `php-encryption` library's default encryption. This string should be placed in a file where the script can access it.\n\n\u003e **NOT:** According to security best practices, this key file should remain outside of the document root (not web accessible) but should be readable by the web server user (or executing user).\n\n### Create the `.env` file\n\nYou'll then need to make the `.env` file you're wanting to place the values in:\n\n```\ntouch /project/root/dir/.env\n```\n\n### Loading the values\n\nWith the key file and .env created, you can now create a new instance that can be used to read the encrypted values:\n\n```php\n\u003c?php\nrequire_once __DIR__.'/vendor/autoload.php';\n\n$keyfile = __DIR__.'/keyfile';\n$envFile = __DIR__.'/.env';\n\n$d = new \\staabm\\SecureDotenv\\Parser($keyfile, $envFile);\n\n// The contents here is the set of all decrypted values fron the .env\nprint_r($d-\u003egetContent());\n?\u003e\n```\n\nYou don't have to use a file as a source for the key either - you can use a string (potentially something fron an `$_ENV` variable or some other source):\n\n```php\n\u003c?php\nrequire_once __DIR__.'/vendor/autoload.php';\n\n$key = $_ENV['ENCRYPTION_KEY'];\n$envFile = __DIR__.'/.env';\n\n$d = new \\staabm\\SecureDotenv\\Parser($key, $envFile);\n\n?\u003e\n```\n\nThis can be useful to help prevent the key from being read by a [local file inclusion](https://en.wikipedia.org/wiki/File_inclusion_vulnerability#Local_File_Inclusion) attack.\n\n\nIf there are values currently in your `.env` file that are unencrypted, the library will pass them over and just return the plain-text version as pulled directly from the `.env` configuration.\n\n## Setting values\n\nYou can also dynamically set values into your `.env` file using the `save()` method on the `Parser` class:\n\n```php\n\u003c?php\nrequire_once __DIR__.'/vendor/autoload.php';\n\n$keyfile = __DIR__.'/keyfile';\n$envFile = __DIR__.'/.env';\n\n$d = new \\staabm\\SecureDotenv\\Parser($keyfile, $envFile);\n\n$keyName = 'test1';\n$keyValue = 'foobarbaz';\n\nif ($d-\u003esave($keyName, $keyValue)) {\n    echo 'Save successful';\n} else {\n    echo 'There was an error while saving the value.';\n}\n```\n\nThere's no need to worry about encrypting the value as the library takes care of that for you and outputs the encrypted result to the `.env` file.\n\n## Encrypting values via CLI\n\nThis library also comes with a handy way to encrypt values and write them out to the `.env` configuration automatically:\n\n```\nvendor/bin/encrypt-env --keyfile=/path/to/keyfile\n```\n\nThis tool will ask a few questions about the location of the `.env` file and the key/value pair to set. When it completes it will write the new, encrypted, value to the `.env` file. If a value is already set in the configuration and you want to overwrite it, call the `encrypt` script with the `--override` command line flag.\n\n\n## Credits\n\nthis package is a maintained for of https://github.com/psecio/secure_dotenv originally created by [Chris Cornutt aka @enygma](https://github.com/enygma) ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstaabm%2Fsecure_dotenv","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstaabm%2Fsecure_dotenv","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstaabm%2Fsecure_dotenv/lists"}