Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Allow (or enforce) encryption of .env file

See original GitHub issue

Hi - thanks for building this great repo!

I noticed that you suggest adding .env to the .gitignore file - presumably because the config shouldn’t be exposed as part of the repository?

Do you have a suggestion on how to share the .env file with members of my team?

The best answer I could find suggests checking in the .env file and encrypting it as an option.

What do maintainers think about allowing encryption of the .env file with one master password? I’d be happy to help with a PR if it would be welcomed and someone could help me think through best practice implementation.

Or, is there a better way to share the .env file with my team?

Issue Analytics

State:
Created 5 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

5reactions

merwokcommented, Jan 10, 2019

Ah that’s another problem! What I said about copying .env.example to .env and changing values is for local dev, i.e. to help my coworkers set up their environment.

For server deployment, this becomes a config management issue. If I run on Heroku, I already have an interface to define environment variables. On another container platform, I have docker secrets. On AWS EC2, I’ll get my secrets from SSM. On another VM, maybe I’ll have an ansible vault that creates a .env file.

1reaction

merwokcommented, Dec 17, 2018

I think the typical way is to have .env.example in your repo, with comments to explain the settings, default values where possible (e.g. DATABASE_URL="postgres://localhost:5432/project"), and instructions for real secrets (GOOGLE_MAPS_API_KEY="ask in slack channel XYZ" or "see 1password/project/google maps key"). Then the README can instruct people to copy that file to .env and edit it.

Top Results From Across the Web

Enable Encryption in Transit for Environment Variables

Ensure that encryption in transit is enabled for the Lambda environment variables that store sensitive information.

How can I encrypt just the values of a .env file? - Stack Overflow

There is a nice tool by Mozilla that encrypts only the values and not the keys of your secret file https://github.com/mozilla/sops.

Encrypting and decrypting environment files in Laravel 9.x

Laravel 9.x introduces a new php artisan env:encrypt command that can be used to encrypt the environment file. For example, if you have...

Securely manage Laravel .env files - GitHub

This package helps you manage .env files for different deployment environments. Each .env file is securely encrypted and kept in your app's version...

Stop Using .env Files Now! - DEV Community ‍ ‍

Let's explore the problem with .env files and the ultimate solution. ... all the secrets are centralized in one place, encrypted, ...