PHPackages                             curentis/cloudfront-signer - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. curentis/cloudfront-signer

ActiveLibrary[Security](/categories/security)

curentis/cloudfront-signer
==========================

A fluent Laravel SDK for generating AWS CloudFront signed URLs and cookies.

v1.3.2(1w ago)1874Apache-2.0PHPPHP ^8.2CI passing

Since Feb 19Pushed 1w ago1 watchersCompare

[ Source](https://github.com/curentis/cloudfront-signer)[ Packagist](https://packagist.org/packages/curentis/cloudfront-signer)[ Docs](https://github.com/curentis/cloudfront-signer)[ RSS](/packages/curentis-cloudfront-signer/feed)WikiDiscussions main Synced today

READMEChangelog (9)Dependencies (35)Versions (11)Used By (0)

CloudFront Signer for Laravel
=============================

[](#cloudfront-signer-for-laravel)

[![Latest Version on Packagist](https://camo.githubusercontent.com/f89813d28757a72c657c65f73dd82a36fd950349e30ced389e3d45dbab7a398b/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f637572656e7469732f636c6f756466726f6e742d7369676e65723f7374796c653d666c61742d737175617265266c6162656c3d72656c6561736526636f6c6f723d626c7565)](https://packagist.org/packages/curentis/cloudfront-signer)[![Tests](https://camo.githubusercontent.com/b79780948bd7ead92e7be26c884a4e1938eae0840162054843c4edffc7d828f3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f637572656e7469732f636c6f756466726f6e742d7369676e65722f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/curentis/cloudfront-signer/actions/workflows/run-tests.yml)[![Code Style](https://camo.githubusercontent.com/9ab95fc8aa5ecaf11be5e65501556cde74f850ee61236bcaae83f93d45db36b9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f637572656e7469732f636c6f756466726f6e742d7369676e65722f6c696e742e796d6c3f6272616e63683d6d61696e266c6162656c3d636f64652532307374796c65267374796c653d666c61742d737175617265)](https://github.com/curentis/cloudfront-signer/actions/workflows/lint.yml)[![Static Analysis](https://camo.githubusercontent.com/9b5a40b5fb0306964769be086d4f26610deaad9fdea8cdfd26f941ac4c3ce575/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f637572656e7469732f636c6f756466726f6e742d7369676e65722f7068707374616e2e796d6c3f6272616e63683d6d61696e266c6162656c3d7068707374616e267374796c653d666c61742d737175617265)](https://github.com/curentis/cloudfront-signer/actions/workflows/phpstan.yml)[![License](https://camo.githubusercontent.com/976cea3e5b369a998edc7f2038aa666795361976c6ecdd330a4f216b6d62a2bf/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f637572656e7469732f636c6f756466726f6e742d7369676e65723f7374796c653d666c61742d737175617265)](https://github.com/curentis/cloudfront-signer/blob/main/LICENSE)

A strictly-typed, modern Laravel package for generating AWS CloudFront signed URLs. Built on PHP 8.2+ with a clean interface-driven design for easy testing and extensibility.

---

Table of Contents
-----------------

[](#table-of-contents)

- [Requirements](#requirements)
- [Installation](#installation)
- [Configuration](#configuration)
    - [Environment Variables](#environment-variables)
    - [Private Key Options](#private-key-options)
- [Usage](#usage)
    - [Facade](#facade)
    - [Dependency Injection](#dependency-injection)
- [Testing](#testing)
- [License](#license)

---

Requirements
------------

[](#requirements)

DependencyVersionPHP`^8.2`Laravel`^11.0`AWS SDK`^3.0`---

Installation
------------

[](#installation)

Install via Composer:

```
composer require curentis/cloudfront-signer
```

The service provider and facade are auto-discovered via Laravel's package discovery. No manual registration required.

Publish the configuration file:

```
php artisan vendor:publish --tag="cloudfront-signer-config"
```

---

Configuration
-------------

[](#configuration)

### Environment Variables

[](#environment-variables)

Add the following to your `.env` file:

```
CLOUDFRONT_KEY_PAIR_ID=APKA...
CLOUDFRONT_REGION=us-east-1
CLOUDFRONT_DEFAULT_EXPIRATION=3600

# Choose one of the private key options below
CLOUDFRONT_PRIVATE_KEY_PATH=storage/certs/cloudfront.pem
CLOUDFRONT_PRIVATE_KEY_CONTENT=
```

VariableRequiredDefaultDescription`CLOUDFRONT_KEY_PAIR_ID`Yes—Public key ID from CloudFront &gt; Key Management`CLOUDFRONT_REGION`No`us-east-1`AWS region for the SDK client`CLOUDFRONT_DEFAULT_EXPIRATION`No`3600`Default signed URL lifetime in seconds`CLOUDFRONT_PRIVATE_KEY_PATH`One of—Path to the `.pem` key file (absolute or relative)`CLOUDFRONT_PRIVATE_KEY_CONTENT`One of—Raw PEM key string (takes precedence over path)> **Note:** `CLOUDFRONT_KEY_PAIR_ID` is the public key ID found in **CloudFront &gt; Key Management &gt; Public Keys** — this is **not** your IAM Access Key ID.

### Private Key Options

[](#private-key-options)

The package supports two ways to provide your CloudFront private key:

**Option A — File path** (traditional, local environments):

Store the `.pem` file in a non-public directory such as `storage/certs/`, then set:

```
CLOUDFRONT_PRIVATE_KEY_PATH=storage/certs/cloudfront-private-key.pem
```

Both absolute paths and paths relative to the project root are accepted.

**Option B — Inline content** (recommended for containers and secret managers):

Provide the raw PEM string directly. For single-line env vars, use escaped newlines:

```
CLOUDFRONT_PRIVATE_KEY_CONTENT="-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgk...\n-----END PRIVATE KEY-----"
```

Multi-line format is also accepted if your environment supports it:

```
CLOUDFRONT_PRIVATE_KEY_CONTENT="-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgk...
-----END PRIVATE KEY-----"
```

> When both options are set, `CLOUDFRONT_PRIVATE_KEY_CONTENT` takes precedence.

---

Usage
-----

[](#usage)

### Facade

[](#facade)

The `CloudFrontSigner` facade is the quickest way to generate a signed URL:

```
use Curentis\CloudFrontSigner\Facades\CloudFrontSigner;

$url = 'https://cdn.yoursite.com/videos/intro.mp4';

// Use the default expiration defined in config
$signedUrl = CloudFrontSigner::sign($url);

// Custom expiration via Carbon or any DateTimeInterface
$signedUrl = CloudFrontSigner::sign($url, now()->addDays(7));

// Custom expiration via seconds offset
$signedUrl = CloudFrontSigner::sign($url, 86400); // expires in 24 hours
```

### Dependency Injection

[](#dependency-injection)

Inject the `Signer` contract directly into your controllers or services. This approach is recommended as it makes the dependency explicit and keeps your code easily testable.

```
use Curentis\CloudFrontSigner\Contracts\Signer;

class VideoController extends Controller
{
    public function __construct(private readonly Signer $signer) {}

    public function show(string $filename): \Illuminate\View\View
    {
        $signedUrl = $this->signer->sign(
            "https://cdn.example.com/videos/{$filename}",
            now()->addHours(2)
        );

        return view('video.player', compact('signedUrl'));
    }
}
```

**Mocking in tests:**

Because the package binds the `Signer` interface, you can mock it without touching any real AWS credentials:

```
use Curentis\CloudFrontSigner\Contracts\Signer;

$this->mock(Signer::class)
    ->shouldReceive('sign')
    ->once()
    ->andReturn('https://cdn.example.com/videos/intro.mp4?Signature=...');
```

---

Testing
-------

[](#testing)

Run the test suite:

```
composer test
```

Fix code style with Laravel Pint:

```
composer pint --fix
```

Run static analysis with Larastan:

```
composer phpstan
```

---

License
-------

[](#license)

Released under the [Apache License 2.0](https://github.com/Curentis/cloudfront-signer/blob/main/LICENSE).

###  Health Score

48

—

FairBetter than 93% of packages

Maintenance98

Actively maintained with recent releases

Popularity21

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity53

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 88.2% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~15 days

Recently: every ~22 days

Total

9

Last Release

10d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/db32519d8aadb162f5ed4287491925102b412241df2d038dfd81ffb9da0c8e45?d=identicon)[curentis](/maintainers/curentis)

---

Top Contributors

[![curentis](https://avatars.githubusercontent.com/u/79321392?v=4)](https://github.com/curentis "curentis (15 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (2 commits)")

---

Tags

laravelawssecuritycloudfrontsigned-url

###  Code Quality

TestsPest

Static AnalysisPHPStan

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/curentis-cloudfront-signer/health.svg)

```
[![Health](https://phpackages.com/badges/curentis-cloudfront-signer/health.svg)](https://phpackages.com/packages/curentis-cloudfront-signer)
```

###  Alternatives

[laravel/ai

The official AI SDK for Laravel.

1.0k3.2M194](/packages/laravel-ai)[spatie/laravel-csp

Add CSP headers to the responses of a Laravel app

86611.1M25](/packages/spatie-laravel-csp)[pressbooks/pressbooks

Pressbooks is an open source book publishing tool built on a WordPress multisite platform. Pressbooks outputs books in multiple formats, including PDF, EPUB, web, and a variety of XML flavours, using a theming/templating system, driven by CSS.

45444.2k1](/packages/pressbooks-pressbooks)[dgtlss/warden

A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email

9062.1k](/packages/dgtlss-warden)[laravel-chronicle/core

Tamper-evident audit ledger for Laravel applications.

1213.2k3](/packages/laravel-chronicle-core)[kolay/xlsx-stream

Streaming XLSX reader and writer for PHP and Laravel. Constant memory regardless of file size, direct S3 multipart streaming, optional born-indexed random access.

437.9k](/packages/kolay-xlsx-stream)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
