beyondcode / laravel-credentials Goto Github PK
View Code? Open in Web Editor NEWAdd encrypted credentials to your Laravel production environment.
License: MIT License
Add encrypted credentials to your Laravel production environment.
License: MIT License
Thanks for the good work. Default process timeout is only 60 secconds, please add it to the config and make it configurable. Thank you.
I'm trying to figure out what would be causing this, but it appears that when there isn't a .env file present the auto discovery fails out discovering the cypher type.
The use case for this is as follows: we use deployment tools to ship code. Every build does a fresh install and we don't check in .env files. It should still install and discover even if its not going to be used.
Error is as follows:
php artisan package:discover
In Encrypter.php line 43:
The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths.
This package looks like a very handy tool, Is the package still in development or has it been discontinued for security reasons or something else?
artisan list | grep credentials
comes up empty.
Steps:
artisan list
comes up empty; artisan credentials
failsMy environment has a bit more; predis/predis may be causing a conflict.
Hey there ๐
Unfortunately, we do not have the time to maintain this package anymore.
If someone wants to take over the maintenance, I'd happily hand it over.
Otherwise, I'm going to archive this repository.
I couldn't install on laravel 7.11.
May i know how to install this package on laravel 7 ?
thank you a lot
[InvalidArgumentException]
Package beyondcode/laravel-credentials has a PHP requirement incompatible with your PHP version, PHP extensions and Composer version
:
- beyondcode/laravel-credentials requires php ^7.1 which does not match your installed version 8.0.8.
- beyondcode/laravel-credentials requires illuminate/encryption 5.6.|5.7.|5.8.*|^6.0|^7.0|^8.0 but it is not present.
I have created the credentials in my PC then pulled in Ubuntu server (DegitalOccean) I got this message, even I can not edit it.
Any reason why this can't support Laravel 5.7, illuminate/encryption ^5.7
?
Trying to install and hit the 5.6.* requirement for encryption and wondered if we can move it up.
Say I have secret credentials for production, that I don't want to give anyone access to. If I use this package and store my encrypted credentials in version control, and then give a freelancer access to my git repo so that they can work on it, doesn't that mean they could now access my production credentials also?
How does this package solve this problem, of not allowing other developers from accessing sensitive data?
After installing the package in a Laravel 5.6 project.
Doing:
php artisan vendor:publish --provider="BeyondCode\Credentials\CredentialsServiceProvider" --tag="config"
Leaving the defaults as is.
App Key was set by:
php artisan key:generate
Also I did:
php artisan config:clear
php artisan config:cache
Then running:
php artisan credentials:edit
I get:
RuntimeException : The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths.
at /home/johndoe/server/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:43
39| if (static::supported($key, $cipher)) {
40| $this->key = $key;
41| $this->cipher = $cipher;
42| } else {
43| throw new RuntimeException('The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths.');
44| }
45| }
46|
47| /**
Exception trace:
1 Illuminate\Encryption\Encrypter::__construct("", "AES-256-CBC")
/home/johndoe/server/vendor/beyondcode/laravel-credentials/src/CredentialsServiceProvider.php:54
2 BeyondCode\Credentials\CredentialsServiceProvider::BeyondCode\Credentials{closure}(Object(Illuminate\Foundation\Application), [])
/home/johndoe/server/vendor/laravel/framework/src/Illuminate/Container/Container.php:764
Please use the argument -v to see more details.
While storing encrypted credentials as files is sufficient for mostly single instances, it's very hard to manage multiple namespaces, if I can use that term ...
Think as:
You have multiple instances of an application, like development and staging instances (wanting to use sandbox creds etc), and then productive online plus derivates from online with each needing own credentials.
It would be very convenient to store the credentials in a Database, because every instance of your app already has an own database.
Is that anyhow possible to implement?
p.s. I evaluated all of the vaults and credential stores. It's all too complex and not fitting the needs in turn.
When I try to run php artisan credentials:edit
, it throws a RuntimeException
with message TTY mode is not supported on Windows platform.
I'm setting credentials and i can retrieve them from php artisan tinker but when i try to retrieve from config file i'm getting this error
In Container.php line 767:
Class encrypter does not exist
Edit: its probably because laravel preparing config files before the encrypter class loads
Thank you for the excellent package!! Our application is a medical application, so to be compliant with some security requirements, we have to encrypt all the secrets on the server and no secret should be in plaintext in the environment files. We are planning to use this package to encrypt DB credentials and other secrets, but that is not enough. Our APP_KEY has to be encrypted as well. Any suggestions how to achieve this?
We are hosted on AWS, so wondering if it would be possible to integrate this package with AWS KMS or AWS Secrets Manager to fetch the APP_KEY itself? Any help is greatly appreciated!!
I've followed the steps to use the nano editor instead of vim as described in the readme. After entering the command php artisan credential:edit
, the vim editor still appears. I have run php artisan config:clear
and composer dumpautoload
and the issue still exists.
I've even tried hardcoding "editor" => "nano"
into config/credentials.php
but that still does not work.
This only seems to happen with Laravel 6 when attempting to use the credentials helper in a config file. I've tried on an upgraded 5.8->6.2.0 as well as a fresh 6.2.0 installation with the same results.
When trying to run an artisan command as a test I receive the error below.
php artisan --version
In Container.php line 806
Target class [encrypter] does not exist.
In Container line 804
Class encrypter does not exist
After a little digging it seems that "Illuminate\Contracts\Encryption\Encrypter" hasn't been bound yet for the dependency in the constructor for the Credentials class.
Laravel then throws a
Illuminate\Contracts\Container\BindingResolutionException
its not working at config/database.php
Please suggest how to call in config/database.php .
it works fine in tinker / controller .
Im getting this error in Lumen 7.0
CredentialsServiceProvider.php (line 26)
I think in Laravel 7 will be the same error
Having issues with not having vi
installed on my machine, I dug through the code and found out there was an option to change the used editor, but this was not listed.
I've created PR #28 that addresses the issue, and fixes another small issue I've spotted along the way. Calling env()
when config is cached will always result in null
values being returned.
It seems that if you change the APP_KEY you can no longer retrieve the credentials. Is this the case?
When you do:
php artisan edit:credentials
You get the error:
In Encrypter.php line 195:
The MAC is invalid.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.