Level 67
I'd put them in storage, but don't use the public disk (which people typically link to /public). Another thing to consider is the git repo or whatever you're using. It shouldn't be public either since these files would be there.
May 31, 2018
3
Level 8
Best place to store an RSA key file for a vendor package
Hi all,
I'm about to deploy my Laravel app with forge. My app uses a third-party package that uses a public/private key file to authenticate with a popular accounting software API.
The vendor package wants the key files to be stored on the server somewhere with a direct path to the file: file://path/to/key/privatekey.pem etc. I've moved the path string into my .env file so it's not hardcoded into my app but I still have these key files floating around.
Where should I put them for maximum security? Any suggestions?
Thanks in advance and I appreciate everyone who comments.
Mike
Level 8
Ohh, didn't think about it being exposed on the git repo. Nice catch.
Should I instead have a separate local disk not called public, or should I go all the way to something like Amazon S3?
On second thoughts - a non public but still local disk will still be exposed in the git repo??
Thanks Cronix.
Level 67
You could do either. I guess the advantage of S3 is it wouldn't have to be in the repo.
Please or to participate in this conversation.