Managing Encrypted Environment Variables In Laravel With Veil

Veil is a Laravel package designed to enhance the management of encrypted environment variables in your Laravel or Laravel Zero applications.

By introducing the --only-values flag to Laravel's env:encrypt and env:decrypt Artisan commands, Veil allows for more readable and maintainable .env files by encrypting only the values of sensitive variables, rather than the entire file.

#Enhancing Environment File Readability

In standard Laravel applications, encrypting the environment file results in the entire file being transformed into a single encrypted string:

eyJpdiI6ImplT2xTaGRzV... # Long encrypted string

With Veil, you can selectively encrypt only the values of sensitive variables, keeping the rest of the file human-readable:

APP_NAME="My awesome app"
APP_ENV=local
APP_DEBUG=true
 
SOME_API_KEY=eyJpdiI6ImplT2xTaGRzV...

This approach improves the readability of the .env file and may reduce the need for a separate .env.example file. Veil extends Laravel's existing env:encrypt and env:decrypt commands. To encrypt only the values of environment variables, use the --only-values flag:

php artisan env:encrypt --only-values
php artisan env:decrypt --only-values

By default, when using the --only-values flag, Veil encrypts variables ending with _PASSWORD, _KEY, and _SECRET. You can customize this behavior using the --only option. For example, to encrypt only variables ending with _SECRET and the APP_KEY, run:

php artisan env:encrypt --only-values --only="*_SECRET,APP_KEY"

When decrypting, Veil will leave unencrypted values unchanged.

#Learn More

For more information, installation instructions, and source code, visit the Veil GitHub repository.