Hello,
how can I put encrypted paswords for DB_USERNAME and DB_PASSWORD in .env and decrypt it before connection? Database credentials in .env should not be in the original form. I want to encrypt it with laravel encrypt() but where can I decrypt it before database connection (I'm using sqlsrv Driver)?
Thanks
Any reason for doing that? The .env is used for those kind of variables, just like API keys and email settings. You can keep this file out of version control and if placed correctly not accessible for the public.
Let's say you do encrypt the username and password, you still need the application key for that (at least in Laravel). That key is in the same file, so everyone who get's his hand on your file is able to decrypt them anyway...
I understand and I agree that is not good solution. I explain that to client but he insists so I have no choice but to do so.
@kriky1 Explain your client that any salt/pepper that you will require to store the encrypted credentials also need to be stored somewhere, in env file, in the code. So for the very reason, he thinks credentials are not safe, the salt/pepper is also not safe, and thus credentials can be decrypted.
So, better to concentrate on source control, or have this values set as environment variable directly on the hosting server and use it from there.
Hello @premsaurav
I explained everything to the client. He's aware of everything but no matter what he still wants that database credentials are encrypted in .env I think he will not change his mind no matter what so please help.
Thanks
You, as a developer, should tell the client what's best for him/her. In this case there is no option to encrypt the database credentials, unless you want to write your own Eloquent package ;)
What if you write your own service provider and overrule the ENV('app_key')? In that way you could use encrypted credentials. Just a hunch...
This feels like a 'good' use for str_rot13 ... ;-)
Please or to participate in this conversation.