Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hey all. I recently set up Laravel Envoyer and it looks like it will save me quite a bit of time once I have it all set up correctly for our application.
Key phrase there is the "once I have it all set up correctly" part lol.
I just did the first production deployment last night and everything seemed fine... until people started logging in this morning. There were a couple minor issues I was able to fix, but the big one was when people tried doing stuff in the app that is handled by the API over AJAX, I quickly figured out that the oauth-private/public keys don't get copied over from release to release.
To mitigate this I made a quick and dirty deployment hook that copies the keys over from my backup directory to {{release}}/storage and that works, but seems.... wrong. would a better deployment hook be:
cd {{release}}
php artisan passport:keys
I ended up having to roll back to my backup because pusher also stopped working for whatever reason (env file maybe?) but it was getting to the point where too many people were logging on for their work day, so I just cut my losses and will investigate further in staging.
Gotta love when your work day starts like this, lol.
@fuzioncore I’ve never really worked with Envoyer, but you don’t want to generate fresh Passport keys between releases. These are your OAuth keys. If you generate a new set of keys on deployment, then any previously-issues OAuth tokens are going to be invalidated, which is really not want you want for your users.
“Sorry, your token is now invalid because we deployed and rotated our OAuth keys.”
So would you say my quick fix of storing the keys outside of the release and copying them over in a deployment hook would be the way to go?
Envoyer does have a Linked Folders option, but the keys need to be in the root storage folder as far as I know.
Just an update for anyone that finds themselves in a similar situation after transitioning a live site to Envoyer.
So placing keys in /current/storage will persist them across releases since the /releases/#####/storage directory symlinks back out to /current/storage. So just make sure you copy important stuff (like oauth keys) into that directory before you switch your server to look at /current/public.
The other weird issues we were facing was because the cron for scheduled tasks was pointing to the wrong location, so stuff like caching online users every couple minutes wasn't executing so when reaching out to the cache to see who's online it would of course be empty, and other little oddities like that.
@fuzioncore An alternative would be to store your keys in environment variables: https://laravel.com/docs/8.x/passport#loading-keys-from-the-environment
Please or to participate in this conversation.