dotenv-org/phpdotenv-vault 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

dotenv-org/phpdotenv-vault

Composer 安装命令:

composer require dotenv-org/phpdotenv-vault

包简介

Load environment variables from encrypted .env.vault files

README 文档

README

dotenv-vault

Extends the proven & trusted foundation of phpdotenv, with a .env.vault file.

The extended standard lets you load encrypted secrets from your .env.vault file in production (and other) environments. Brought to you by the same people that pioneered dotenv-nodejs.

🌱 Install

$ composer require dotenv-org/phpdotenv-vault

🏗️ Usage

Development usage works just like phpdotenv.

Add your application configuration to your .env file in the root of your project:

# .env
S3_BUCKET="dotenv"
SECRET_KEY="souper_seekret_key"

As early as possible in your application bootstrap process, load .env:

require 'vendor/autoload.php';

$dotenv = DotenvVault\DotenvVault::createImmutable([__DIR__]);
$dotenv->safeLoad();

When your application loads, these variables will be available in $_SERVER:

$s3_bucket = $_SERVER['S3_BUCKET'];
echo $s3_bucket;

🚀 Deploying

Encrypt your environment variables by doing:

npx dotenv-vault local build

This will create an encrypted .env.vault file along with a .env.keys file containing the encryption keys. Set the DOTENV_KEY environment variable by copying and pasting the key value from the .env.keys file onto your server or cloud provider. For example in heroku:

heroku config:set DOTENV_KEY=<key string from .env.keys>

Commit your .env.vault file safely to code and deploy. Your .env.vault fill be decrypted on boot, its environment variables injected, and your app work as expected.

Note that when the DOTENV_KEY environment variable is set, environment settings will always be loaded from the .env.vault file in the project root. For development use, you can leave the DOTENV_KEY environment variable unset and fall back on the dotenv behaviour of loading from .env.

🌴 Manage Multiple Environments

You have two options for managing multiple environments - locally managed or vault managed - both use dotenv-vault.

Locally managed never makes a remote API call. It is completely managed on your machine. Vault managed adds conveniences like backing up your .env file, secure sharing across your team, access permissions, and version history. Choose what works best for you.

💻 Locally Managed

Create a .env.production file in the root of your project and put your production values there.

# .env.production
S3_BUCKET="PRODUCTION_S3BUCKET"
SECRET_KEY="PRODUCTION_SECRETKEYGOESHERE"

Rebuild your .env.vault file.

npx dotenv-vault local build

View your .env.keys file. There is a production DOTENV_KEY that pairs with the DOTENV_VAULT_PRODUCTION cipher in your .env.vault file.

Set the production DOTENV_KEY on your server, recommit your .env.vault file to code, and deploy. That's it!

Your .env.vault fill be decrypted on boot, its production environment variables injected, and your app work as expected.

🔐 Vault Managed

Sync your .env file. Run the push command and follow the instructions. learn more

$ npx dotenv-vault push

Manage multiple environments with the included UI. learn more

$ npx dotenv-vault open

Build your .env.vault file with multiple environments.

$ npx dotenv-vault build

Access your DOTENV_KEY.

$ npx dotenv-vault keys

Set the production DOTENV_KEY on your server, recommit your .env.vault file to code, and deploy. That's it!

❓ FAQ

What happens if DOTENV_KEY is not set?

Dotenv Vault gracefully falls back to phpdotenv when DOTENV_KEY is not set. This is the default for development so that you can focus on editing your .env file and save the build command until you are ready to deploy those environment variables changes.

Should I commit my .env file?

No. We strongly recommend against committing your .env file to version control. It should only include environment-specific values such as database passwords or API keys. Your production database should have a different password than your development database.

Should I commit my .env.vault file?

Yes. It is safe and recommended to do so. It contains your encrypted envs, and your vault identifier.

Can I share the DOTENV_KEY?

No. It is the key that unlocks your encrypted environment variables. Be very careful who you share this key with. Do not let it leak.

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Added some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request

Changelog

See CHANGELOG.md

License

BSD-3

dotenv-org/phpdotenv-vault 适用场景与选型建议

dotenv-org/phpdotenv-vault 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 19.67k 次下载、GitHub Stars 达 10, 最近一次更新时间为 2022 年 12 月 15 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「environment」 「env」 「dotenv」 「configurations」 「environment variables」 「dotenv-vault」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 dotenv-org/phpdotenv-vault 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 dotenv-org/phpdotenv-vault 我们能提供哪些服务?
定制开发 / 二次开发

基于 dotenv-org/phpdotenv-vault 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 19.67k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 10
  • 点击次数: 27
  • 依赖项目数: 2
  • 推荐数: 0

GitHub 信息

  • Stars: 10
  • Watchers: 2
  • Forks: 4
  • 开发语言: PHP

其他信息

  • 授权协议: BSD-3-Clause
  • 更新时间: 2022-12-15