@ed Follows you
American PHP developer living in Basel, Switzerland. I run a global team of developers building the technology that powers EXACT Sports in Chicago.
I think Laravel's .env encryption is fantastic, but it's missing an important feature.
Here's my situation. I work with a bunch of developers all around the world and I want an easy way to share values in a .env file that will make sure that we all have a consistent setup and access to external resources via limited / monitored API keys. For instance, I don't want to have to always DM a Google API key to the person who's tasked with adjusting the color of the pins on the Google Map in our application and I don't want to have to force everyone to set up their own accounts on external services. Particularly Google, since they require a credit card in order to enable any API.
Another thing I don't want is to force everyone to use the same database name, password, etc. on their local machines. If I were to simply encrypt .env and have developers decrypt it when they start working on a new issue, it would overwrite their local configurations. So they'd either all have to have the same database setup or go back in and edit the .env file after it's overwritten.
My solution, I think, is going to be to encrypt a file called
.env.shared and have the encrypted file in version control. Then as part of my
php artisan fresh command that pull down the most recent schema and seeds some data into the database for local development, I'll decrypt that file and add its contents to the user's local .env file. Basically I'll read both .env and .env.shared with the values in .env.shared taking precedence should any key exist in both, merge the arrays of values, and write it all back to .env.