PHPackages messageconcept/secure\_dotenv - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. messageconcept/secure\_dotenv ActiveLibrary[Security](/categories/security) messageconcept/secure\_dotenv ============================= An encrypted environment configuration handler 0.4.1(4y ago)0256MITPHPPHP ^7.1|^8.0 Since May 17Pushed 4y agoCompare [ Source](https://github.com/messageconcept/secure_dotenv)[ Packagist](https://packagist.org/packages/messageconcept/secure_dotenv)[ Docs](https://github.com/psecio/secure_dotenv.git)[ RSS](/packages/messageconcept-secure-dotenv/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (4)Versions (6)Used By (0) secure\_dotenv ============== [](#secure_dotenv) The `secure_dotenv` library provides an easy way to handle the encryption and decryption of the information in your `.env` file. One of the generally accepted security best practices is preventing the use of hard-coded, plain-text credentials of any kind. This library allows you to store the values in your `.env` as encrypted strings but still be able to access them transparently without worrying about implementing your own encryption method. [![Travis-CI Build Status](https://camo.githubusercontent.com/0e00ccb4c071a220c99b3317419f6cfd962a1e6ff79a15e566404c1164d7c1bc/68747470733a2f2f7365637572652e7472617669732d63692e6f72672f70736563696f2f7365637572655f646f74656e762e706e673f6272616e63683d6d6173746572)](http://travis-ci.org/psecio/secure_dotenv) Installation ------------ [](#installation) ### Download Composer package [](#download-composer-package) You can install the library easily with a Composer `require` call on the command line: ``` composer require psecio/secure_dotenv ``` ### Generate the key [](#generate-the-key) First, you'll need to generate your encryption key. The library makes use of the [defuse/php-encryption](https://github.com/defuse/php-encryption) library for it's encryption handling. ``` php vendor/bin/generate-defuse-key ``` This will result in a randomized string to use with the `php-encryption` library's default encryption. This string should be placed in a file where the script can access it. > **NOT:** According to security best practices, this key file should remain outside of the document root (not web accessible) but should be readable by the web server user (or executing user). ### Create the `.env` file [](#create-the-env-file) You'll then need to make the `.env` file you're wanting to place the values in: ``` touch /project/root/dir/.env ``` ### Loading the values [](#loading-the-values) With the key file and .env created, you can now create a new instance that can be used to read the encrypted values: ``` ``` You don't have to use a file as a source for the key either - you can use a string (potentially something fron an `$_ENV` variable or some other source): ``` ``` This can be useful to help prevent the key from being read by a [local file inclusion](https://en.wikipedia.org/wiki/File_inclusion_vulnerability#Local_File_Inclusion) attack. If there are values currently in your `.env` file that are unencrypted, the library will pass them over and just return the plain-text version as pulled directly from the `.env` configuration. Setting values -------------- [](#setting-values) You can also dynamically set values into your `.env` file using the `save()` method on the `Parser` class: ```