I have a paranoid client asking me if I can encrypt the data on the .env.php file, he is uncomfortable with a "plain text" password stored on that file.
I know I can use server's environment variables on apache or nginx, but the password are stored as plain text on .conf files, so I think my client would not like this approach either, for the same reason: "plain text".
Other way is encrypt the values on that file, but it means I will need a KEY to decrypt that information and need to store that key on a plain text php file or env variable, so it's the same problem.
¿Is there another way to store sensitive data encrypted or something like that?
Well, I found some tools to obfuscate or encode PHP code, if someone need something like that, here they are:
• http://www.sourceguardian.com/
I wrote an artisan command to encrypt environment variables, available here: https://packagist.org/packages/baglerit/envariable
I personally use hhvm as an obsfucator. (+ HUGE performance gain)
you can check how to do here:
https://github.com/facebook/hhvm/wiki/Performance-Tuning#manual-way
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast