Sling Academy
Home/PHP/How to Encrypt Environment Files in Laravel

How to Encrypt Environment Files in Laravel

Last updated: January 21, 2024

Table of Contents

  1. Introduction
  2. Encrypting Environment Files
    1. Step 1: Setting Up Laravel
    2. Step 2: Generating Encryption Keys
    3. Step 3: Encrypting Environment Values
      1. Creating a Custom Artisan Command
      2. EncryptEnv.php
    4. Step 4: Decrypting The Environment File
    5. Handling Environment Encryption in Production
  3. Conclusion

Introduction

Handling environment files securely is a critical aspect of modern web application development. Laravel, being a robust PHP framework, offers various ways to secure application secrets. This tutorial will take you through the steps to encrypt the environment files in Laravel effectively.

Encrypting Environment Files

In Laravel, environment files (typically .env) store configuration settings that vary with the environment the application is running in, such as local, staging, or production. These settings may include sensitive information, such as database passwords or API keys, thus should be protected adequately.

Step 1: Setting Up Laravel

composer create-project --prefer-dist laravel/laravel encrypt-env-example

This command will create a new Laravel project named ‘encrypt-env-example’. After getting Laravel set up, navigate to the project directory and prepare for the environment encryption process.

Step 2: Generating Encryption Keys

php artisan key:generate
php artisan tinker
// Inside tinker
'base64:' . base64_encode(Illuminate\Support\Str::random(32))

We use the artisan command to generate a fresh encryption key which is added to the APP_KEY entry in the .env file. The tinker part helps us create an encryption key that we’ll use to encrypt our environment files.

Step 3: Encrypting Environment Values

To encrypt environment values, we’ll use Laravel’s inbuilt encryption facilities. You might need to create a custom artisan command or perform manual encryption using Tinker.

Creating a Custom Artisan Command

php artisan make:console EncryptEnv --command=env:encrypt

This creates a new command class in app/Console/Commands. Now add the logic to read the .env file, encrypt its contents, and save the results to an encrypted file.

EncryptEnv.php

<?php

namespace App\Console\Commands;

use Illuminate\Console\Command;
use Illuminate\Support\Facades\Crypt;
use Illuminate\Support\Facades\Storage;
use Illuminate\Support\Str;

class EncryptEnv extends Command
{
    protected $signature = 'env:encrypt';
    protected $description = 'Encrypts the .env file';

    public function handle()
    {
        $this->info('Encrypting the environment file ...');

        // Load the .env file contents
        $envContents = file_get_contents($this->laravel->environmentFilePath());

        // Encrypt the contents
        $encrypted = Crypt::encryptString($envContents);

        // Handle the encrypted data
        // For example, save it to a file or output it
        // Here, we'll save it to the storage directory as encrypted_env.txt
        $filename = 'encrypted_env.txt';
        Storage::disk('local')->put($filename, $encrypted);

        $this->info("The environment file has been encrypted and saved as {$filename}.");
    }
}

In this example:

  1. The .env file contents are read using file_get_contents().
  2. The contents are then encrypted using Crypt::encryptString().
  3. The encrypted data is saved to a file in the storage/app directory. This is just an example, and you might want to handle the encrypted data differently depending on your requirements.

Step 4: Decrypting The Environment File

As much as we encrypt our environment files, we need to be able to decrypt them when the application loads, else it is unable to read the configurations.

Create a middleware and hook it up in the bootstrapping process to ensure that before Laravel starts up, it decrypts the necessary environment values securely.

First, create the middleware:

php artisan make:middleware DecryptEnvironmentMiddleware

hen, implement the middleware (app/Http/Middleware/DecryptEnvironmentMiddleware.php):

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\Crypt;
use Illuminate\Support\Facades\Storage;

class DecryptEnvironmentMiddleware
{
    public function handle($request, Closure $next)
    {
        // Assuming the encrypted environment file is stored as encrypted_env.txt in the storage directory
        $encryptedEnv = Storage::disk('local')->get('encrypted_env.txt');

        // Decrypt the environment file
        $decryptedEnv = Crypt::decryptString($encryptedEnv);

        // Parse the decrypted string and set the config values
        $lines = explode("\n", $decryptedEnv);
        foreach ($lines as $line) {
            if (!empty($line) && strpos($line, '=') !== false) {
                list($key, $value) = explode('=', $line, 2);
                $key = trim($key);
                $value = trim($value);

                // Set the environment variable
                putenv("$key=$value");

                // Set the config variable, if necessary
                // Config::set($key, $value);
            }
        }

        return $next($request);
    }
}

Finally, register the middleware in your application’s kernel (app/Http/Kernel.php):

protected $middleware = [
    // ...
    \App\Http\Middleware\DecryptEnvironmentMiddleware::class,
];

This middleware reads the encrypted environment file, decrypts it, and sets the environment variables at runtime.

Handling Environment Encryption in Production

When deploying to production, automate the encryption process through your continuous integration and deployment pipeline. Ensure file permissions and access are properly managed to protect the encrypted files.

Conclusion

In this tutorial, we key-strode through the pivotal steps to encrypt your Laravel environment files securely. Implementing these techniques will significantly enhance the security of your application’s sensitive data.

Next Article: Laravel folder structure: Understanding the big picture

Previous Article: How to determine the current environment in Laravel

Series: Laravel & Eloquent Tutorials

PHP

You May Also Like

  • Pandas DataFrame.value_counts() method: Explained with examples
  • Constructor Property Promotion in PHP: Tutorial & Examples
  • Understanding mixed types in PHP (5 examples)
  • Union Types in PHP: A practical guide (5 examples)
  • PHP: How to implement type checking in a function (PHP 8+)
  • Symfony + Doctrine: Implementing cursor-based pagination
  • Laravel + Eloquent: How to Group Data by Multiple Columns
  • PHP: How to convert CSV data to HTML tables
  • Using ‘never’ return type in PHP (PHP 8.1+)
  • Nullable (Optional) Types in PHP: A practical guide (5 examples)
  • Explore Attributes (Annotations) in Modern PHP (5 examples)
  • An introduction to WeakMap in PHP (6 examples)
  • Type Declarations for Class Properties in PHP (5 examples)
  • Static Return Type in PHP: Explained with examples
  • PHP: Using DocBlock comments to annotate variables
  • PHP: How to ping a server/website and get the response time
  • PHP: 3 Ways to Get City/Country from IP Address
  • PHP: How to find the mode(s) of an array (4 examples)
  • PHP: Calculate standard deviation & variance of an array