I was reading this article Encrypting Environment Files to encrypt and decrypt the .env content.
as per the documentation, after running php artisan env:encrypt command, it generates a new .env.encrypted file, and also the output of the command is returning a Key.
To decrypt the content, the command is looking for LARAVEL_ENV_ENCRYPTION_KEY which always changes as soon as I encrypt the content. So I don't understand the best use of this feature.
Real Use case.
Let's suppose, I have added a new variable in the .env file and encrypted the file.
Now I shared this file with other team members, now I have to share the key as well to decrypt it.
after decrypting, another team member adds a new variable and he has to follow the same routine. encrypt, and share the key.
for decryption, you have to remove the .env file, and obviously LARAVEL_ENV_ENCRYPTION_KEY will never be found(or which might be changed because of the latest encryption), so you have to pass the --key option while decrypting the content.
'To decrypt the content, the command is looking for LARAVEL_ENV_ENCRYPTION_KEY which always changes as soon as I encrypt
the content. So I don't understand the best use of this feature.'
You can always provide your own encryption key while decrypting using:
php artisan env:decrypt --force --key=3UVsEgGVK36XN82KKeyLFMhvosbZN1aF
In addition, you can encrypt by provide the same encryption key using:
php artisan env:encrypt --force --key=3UVsEgGVK36XN82KKeyLFMhvosbZN1aF
The team members don't need to share a new encryption key every time they add a new environment variable to the .env file since they will always be using the same key to encrypt the edited .env file before adding/committing the regenerated .env.encrypted file to source control.
Related
I am trying to encrypt a file using GPG and then decrypt it whenever required.
I saw an example to encrypt it
https://gist.github.com/ayubmalik/a83ee23c7c700cdce2f8c5bf5f2e9f20
But, there is nothing described about how to decrypt it
There is one more example that allows String or text encryption and decryption
https://gist.github.com/stuart-warren/93750a142d3de4e8fdd2.
But, I have to work on files. Can anyone help me to find the solution to it?
Hi I use Spatie's backup package to backup database to Dropbox. I put dropbox secret info directly to .env as below code.
DROPBOX_SECRET=xxxxxxxxxx
DROPBOX_TOKEN=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
That's not comfortable once need to change these key. So, Is it possible to get key form database(Model) and put to .env via some method in controller?.
Thanks for all answers.
I am getting this error while running rails application and here is the complete Error
ArgumentError (A secret is required to generate an integrity hash for
cookie session data. Use config.secret_token = "some secret phrase of
at least 30 characters"in config/initializers/secret_token.rb):**
I use rvm 1.9.3 and rails 3.2.13.
Any help appreciated.
Thanks in advance.
The message is pretty straight forward. Check in the config/initializers/secret_token.rb file for the config.secret_token setting and configure it if it is not there.
Generate secret token using:
rake secret
It will return
=> '3eb6db5a9026c547c72708438d496d942e976b252138db7e4e0ee5edd7539457d3ed0fa02ee5e7179420ce5290462018591adaf5f42adcf855da04877827def2'
then edit your file or create new one:
# config/initializers/secret_token.rb
# Be sure to restart your server when you modify this file.
# Your secret key for verifying the integrity of signed cookies.
# If you change this key, all old signed cookies will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
MyApp::Application.config.secret_token = '3eb6db5a9026c547c72708438d496d942e976b252138db7e4e0ee5edd7539457d3ed0fa02ee5e7179420ce5290462018591adaf5f42adcf855da04877827def2'
I ran into this when using the figaro gem to keep my keys secret.
application.yml will not be there if you clone the project to a new location. This is desirable behavior, because we don't want the wider internet to be able to check out all of our secret information.
If this is your issue. You will need to copy the application.yml from its original location, or generate new keys to replace the ones that were there.
Yes. The string is right:
config.secret_token = "..."
But, for me - redmine can fly after i put this string into the config/application.rb file.
We have a perl program that generates gpg encrypted files for multiple folks.
Today, we added dan#example.com.
When I run the encryption script, it happily encrypts the file for dan#example.com using jordan#example.com. This is presumably because jordan#example.com was in my keyring first.
I've tested from the command line, and if I use gpg -r dan#example.com --encrypt foo.txt, the friendly client chooses to use the public key for jordan#example.com, instead of the more explicit dan#example.com.
Of course, if I use key ids it works, but that's not really what we've got here. Is there a way to tell gnupg to use the more explicit email address without resorting to key ids?
This is documented in the manual page that comes with gpg. Section "HOW TO SPECIFY A USER ID" you find the option "By exact match on an email address.". So the answer to your question is to use angle braces such as <dan#example.com>.
I saved a publish profile into an .xml along wit all the login info. But when i import this XML to another computer and try to publish, it'll say that my password is incorrect.
What can I do to have the password correctly saved into the publish profile and compatible with other computer?
My guess is that the program purposely obfuscates the passwords using the current PC's "salt" and generates a unique hash. Thus, preventing the passwords from being stolen via the profile publish function.
As mentioned by user1785999, you can save the password in plain text, just add the password element to your .pubxml file:
<UserName>YourName</UserName>
<Password>YourPassword</Password>
If you want the publishing profile to work across different computers, you need to save the password in plain text.
Just to add an additional answer, this may be version specific for .pubxml, but you can add these line to ensure visual studio save the password.
Make sure to use the ".\" prefix for a local account, and "domain\" prefix for an Active Directory account.
<UserName>.\PubUser1</UserName>
<UserPWD>Password1234</UserPWD>
<_SavePWD>True</_SavePWD>