How can Envoyer deploy an unencrypted .env file if there's "no feasible way to decrypt it" on Envoyer's server?

See https://laracasts.com/discuss/channels/envoyer/envoyer-are-not-creating-env-file-on-server?page=1

Sorry, I don't see how this is related.

Simple, don't use Envoyer to deploy the env.

I'm not asking whether I should, I'm asking how it's possible.

See this laracasts video to see what I'm talking about: https://laracasts.com/series/envoyer/episodes/9

You let Envoyer do it's job, create the .env there and it will handle it. I mean don't deploy .env with everything else.

It puts it safely in another folder. In link I was referring to ejdelmonico answer, he knows this stuff pretty darn well.

Right, okay, I think we are talking about different things. I'm not asking how I should deploy my env, or where it goes. I'm not asking about best practice or how to do anything actually.

Envoyer lets you manage your env through it's web UI right? And when it does, it asks for a password because it says that it's encrypting that env. It says:

"Your environment information is encrypted with a key of your choosing. We are unable to encrypt it without this key, and have no feasible way to decrypt the environment information while it is stored on our servers."

But then Envoyer is able to deploy a plain text env file to a server. So how is it decrypting it to deploy that plain text file for you?

But then Envoyer is able to deploy a plain text env file to a server. So how is it decrypting it to deploy that plain text file for you?

It doesn't deploy the .env file every time you do a deployment. It only updates the .env file when you press "save" in the "manage environment" modal in envoyer. At that moment the .env file is "deployed" to your server.

And what click just said is in the video you referred me to https://laracasts.com/series/envoyer/episodes/9 You must have missed it somehow.

Ah, I see. That makes sense, sorry for the confusion!