Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/izica/laravel-env-secure
Safe and secured with encryption Laravel env (environment) variables with zero dependencies
https://github.com/izica/laravel-env-secure
decryption ecnrypt env environment environment-variables laravel laravel-framework safe-settings safety secure secure-coding security zero-dependency
Last synced: 2 days ago
JSON representation
Safe and secured with encryption Laravel env (environment) variables with zero dependencies
- Host: GitHub
- URL: https://github.com/izica/laravel-env-secure
- Owner: izica
- License: mit
- Created: 2024-04-07T17:59:17.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2024-04-08T10:49:44.000Z (6 months ago)
- Last Synced: 2024-09-14T03:27:53.611Z (13 days ago)
- Topics: decryption, ecnrypt, env, environment, environment-variables, laravel, laravel-framework, safe-settings, safety, secure, secure-coding, security, zero-dependency
- Language: PHP
- Homepage: https://github.com/izica/laravel-env-secure
- Size: 157 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
Awesome Lists containing this project
README
# Laravel env secure
[![Latest Version on Packagist](https://img.shields.io/packagist/v/izica/laravel-env-secure.svg?style=flat-square)](https://packagist.org/packages/izica/laravel-env-secure)PRs are welcome
## Description
Simple Laravel package with zero dependencies for securing your env values, such as database passwords or API keys, to prevent exposure($_ENV or $_SERVER) due to mistakes## Prerequisites
This package using https://www.php.net/manual/en/ref.openssl.php## Installation
You can install the package via composer:
```bash
composer require izica/laravel-env-secure
```## Publish config(optional)
```bash
php artisan vendor:publish --provider="Izica\\EnvSecure\\EnvSecureServiceProvider"
```## Usage
#### 1. Encrypt env value
```php
php artisan env:secure {env key} {--cli} {--decrypt}
```
Options:
* --cli - only print result in console don't rewrite .env
* --decrypt - decrypt env valueExample:
```php
php artisan env:secure DB_PASSWORD
```*Your env file will change*
from:
```env
DB_PASSWORD=somepassword
```to:
```env
DB_PASSWORD=scr::zvzEOZDAE4k/7D/rx
```#### 2. Change config to
```php
//config/database.phpuse \Izica\EnvSecure\EnvSecure;
[
//...
'connections' => [
//...
'mysql' => [
//...
'password' => EnvSecure::env('DB_PASSWORD', ''),
]
]
]
```## Config
```php
//config env-secure.php
return [
"prefix" => env('ENV_SECURE_PREFIX', 'scr::'),
"algorithm" => env('ENV_SECURE_ALGORITHM', 'AES-128-CTR'), // https://www.php.net/manual/en/function.openssl-get-cipher-methods.php
"iv" => env('ENV_SECURE_IV', 1234567891011121),
"key" => env('ENV_SECURE_KEY', null), //APP_KEY by default. If you change the key after the values have been secured, you will not be able to decrypt the values in the future.
];
```#### Security recommendations
Set the key directly in the file, like:```php
//config env-secure.php
return [
//...
"key" => "kovdj43ksadjl32jlk"
];
```## Credits
- [izica](https://github.com/izica)
- [All Contributors](../../contributors)## License
The MIT License (MIT). Please see [License File](LICENSE.md) for more information.