PHPackages                             code16/occulta - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. code16/occulta

ActiveLibrary[Security](/categories/security)

code16/occulta
==============

Store an encrypted with kms and versioned copy of .env

v2.1.0(2mo ago)01.3k↑366.7%[3 PRs](https://github.com/code16/occulta/pulls)MITPHPPHP 8.3.\*|8.4.\*|8.5.\*CI passing

Since May 4Pushed 2mo ago1 watchersCompare

[ Source](https://github.com/code16/occulta)[ Packagist](https://packagist.org/packages/code16/occulta)[ Docs](https://github.com/code16/occulta)[ RSS](/packages/code16-occulta/feed)WikiDiscussions main Synced 3w ago

READMEChangelog (1)Dependencies (22)Versions (16)Used By (0)

Occulta
=======

[](#occulta)

Purpose
-------

[](#purpose)

Save a versioned and encrypted copy of .env on a storage disk (eg: S3)

How it works
------------

[](#how-it-works)

Occulta uses [AWS KMS](https://aws.amazon.com/kms/) and [Envelope encryption strategy](https://docs.aws.amazon.com/kms/latest/developerguide/kms-cryptography.html#enveloping) to encrypt your `.env` file and store it on a given laravel disk (eg: S3). It also keeps a versioned history of your encrypted `.env` files, so you can restore previous versions if needed.
Occulta will create an archive containing your encrypted environment file and an encrypted key file, which will be used by occulta to decrypt your env when needed.

Installation
------------

[](#installation)

This package requires Laravel 11.x or higher, php's extensions openssl and zip.

You can install the package via composer:

```
composer require code16/occulta
```

Next you should publish the config file :

```
php artisan vendor:publish --tag=occulta-config
```

and setup your values (especially the kms `key_id` and `destination disk`) in your `config/occulta.php` file :

```
return [
        // kms key id as seen in aws's kms dashboard (usually it looks like an uuid)
        'key_id' => '0904c439-ff1f-4e9d-8a26-4e32ced6fe0x',

        [...]

        'destination_disk' => 's3_backup',
        'destination_path' => null, // defaults to 'dotenv/'

        // If you want to backup an env file with a suffix such as .env.production, you can set this to your desired suffix
        'env_suffix' => null, // eg: 'production'

        [...]
    ];
```

Then, you should setup credentials to the proper aws user [allowed](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-users) to "use" the given kms key, by adding a kms section in your `config/services.php` file :

```
    'kms' => [
        'key' => env('AWS_ACCESS_KEY_ID'),
        'secret' => env('AWS_SECRET_ACCESS_KEY'),
        'region' => 'eu-central-1',
    ],
```

Now you should schedule tasks for backup and cleanup in `app/Console/Kernel.php` (`bootstrap/app.php` since Laravel 11) :

```
    protected function schedule(Schedule $schedule)
    {
        $schedule->command('occulta:encrypt')->dailyAt('01:00');
        $schedule->command('occulta:clean')->dailyAt('02:00');
    }
```

### Decrypting an encrypted env archive

[](#decrypting-an-encrypted-env-archive)

If you need to decrypt an encrypted env archive, you can use the `occulta:decrypt` command:

```
php artisan occulta:decrypt path/to/encrypted/archive.zip
```

Occulta will use your KMS configuration and AWS access and secret keys to decrypt your env file.

Important

It is likely that these credentials where in your lost .env, then, you can follow the [recovery procedure](docs/RECOVERY.md) to restore your environment.

Testing
-------

[](#testing)

The package comes with a comprehensive test suite. To run the tests, you can use the following command:

```
composer test
```

The tests cover:

- The main `Occulta` class functionality for encrypting and decrypting values and files
- The `EncryptFileWithKmsCommand` for encrypting .env files and storing them
- The `DecryptFileWithKmsCommand` for extracting and decrypting .env files from zip archives
- The `CleanupEncryptedDotenvsCommand` for managing the history of encrypted .env files

The tests use mocks for AWS KMS to avoid actual AWS calls during testing.

###  Health Score

52

—

FairBetter than 96% of packages

Maintenance86

Actively maintained with recent releases

Popularity21

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity74

Established project with proven stability

 Bus Factor2

2 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~131 days

Recently: every ~119 days

Total

12

Last Release

71d ago

Major Versions

v1.2.3 → v2.x-dev2025-06-23

PHP version history (6 changes)v1.0.0PHP ^8.1

v1.1.0PHP ^8.1|^8.2

v1.2.1PHP ^8.1|^8.2|^8.3

v1.2.2PHP ^8.1|^8.2|^8.3|^8.4

v2.x-devPHP ^8.3

v2.1.0PHP 8.3.\*|8.4.\*|8.5.\*

### Community

Maintainers

![](https://www.gravatar.com/avatar/f97dcdc942d25d5b5720b790d5f28e6accc6f05370cf5a6b52b78abc60c29e57?d=identicon)[code16](/maintainers/code16)

---

Top Contributors

[![PatrickePatate](https://avatars.githubusercontent.com/u/16721134?v=4)](https://github.com/PatrickePatate "PatrickePatate (24 commits)")[![smknstd](https://avatars.githubusercontent.com/u/2412608?v=4)](https://github.com/smknstd "smknstd (11 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (7 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (7 commits)")

---

Tags

laravelcode16occulta

###  Code Quality

TestsPest

### Embed Badge

![Health badge](/badges/code16-occulta/health.svg)

```
[![Health](https://phpackages.com/badges/code16-occulta/health.svg)](https://phpackages.com/packages/code16-occulta)
```

###  Alternatives

[laravel/ai

The official AI SDK for Laravel.

9782.1M161](/packages/laravel-ai)[spatie/laravel-pdf

Create PDFs in Laravel apps

1.0k4.3M42](/packages/spatie-laravel-pdf)[wnx/laravel-backup-restore

A package to restore database backups made with spatie/laravel-backup.

213389.8k2](/packages/wnx-laravel-backup-restore)[nativephp/desktop

NativePHP for Desktop

38133.6k8](/packages/nativephp-desktop)[spatie/laravel-health

Monitor the health of a Laravel application

87411.3M152](/packages/spatie-laravel-health)[lunarstorm/laravel-ddd

A Laravel toolkit for Domain Driven Design patterns

18476.4k](/packages/lunarstorm-laravel-ddd)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)