Add APP_KEY_FILE environment variable

In lots environments having files with secrets is common (e.g. with NixOS where static secrets in config files are not secure). This new environment variable adds support for this. If a APP_KEY is defined it will take precedence ofer APP_KEY_FILE Tests have been added to show this beaviour.
2 years ago · d915c646bb
parent 3904e6d120
commit d915c646bb
5 changed files with 93 additions and 2 deletions
--- a/.env.example
+++ b/.env.example
@ -32,4 +32,4 @@ DB_PASSWORD=
 APP_KEY=

 # Uncomment to see errors in your browser, don't forget to comment it back when debugging finished
-#APP_DEBUG=true
+#APP_DEBUG=true
--- a/config/app.php
+++ b/config/app.php
@ -1,5 +1,11 @@
 <?php

+$key = env('APP_KEY', null);
+$key_file = env("APP_KEY_FILE", null);
+if (empty($key) && !empty($key_file)) {
+  $key = trim(file_get_contents($key_file));
+}
+
 return [

    /*
@ -126,7 +132,7 @@ return [
    |
    */

-    'key' => env('APP_KEY'),
+    'key' => $key,

    'cipher' => 'AES-256-CBC',

--- a/phpunit.xml
+++ b/phpunit.xml
@ -28,5 +28,6 @@
        <env name="CACHE_DRIVER" value="array"/>
        <env name="SESSION_DRIVER" value="array"/>
        <env name="QUEUE_DRIVER" value="sync"/>
+        <env name="APP_KEY" value="value_from_phpunit"/>
    </php>
 </phpunit>
--- a/tests/Unit/.keyfile
+++ b/tests/Unit/.keyfile
@ -0,0 +1 @@
+94SEEZqVUSdaVzC2xQLDtwspQSIrSdmR
--- a/tests/Unit/ConfigTest.php
+++ b/tests/Unit/ConfigTest.php
@ -0,0 +1,83 @@
+<?php
+
+namespace Tests\Unit;
+
+use Tests\TestCase;
+use Illuminate\Foundation\Testing\WithFaker;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+
+class ConfigTest extends TestCase
+{
+    protected $original_app_key;
+    protected $original_app_key_file;
+    protected $app_key_file = __DIR__ . "/.keyfile";
+    protected $app_key_file_content;
+
+    /**
+     * A basic test example.
+     *
+     * @return void
+     */
+    public function testExample()
+    {
+        $this->assertTrue(true);
+    }
+
+    protected function setUp()
+    {
+      $this->original_app_key = getenv("APP_KEY");
+      $this->original_app_key_file = getenv("APP_KEY_FILE");
+      # The assumption is, that file_get_contents is working
+      # So we can use this to avoid double values
+      $this->app_key_file_content = trim(file_get_contents($this->app_key_file));
+      parent::setUp();
+    }
+
+    public function tearDown() {
+      # This is to ensure tests don't influence each other
+      putenv("APP_KEY=" . $this->original_app_key);
+      putenv("APP_KEY_FILE=" . $this->original_app_key_file);
+    }
+
+    protected function assertKey($value) {
+      $config = require __DIR__.'/../../config/app.php';
+      $this->assertEquals($config["key"], $value);
+    }
+
+    protected function set_key($value, $suffix = null)
+    {
+      $key = "APP_KEY";
+      if (!empty($suffix)) {
+        $key = sprintf("APP_KEY_%s", $suffix);
+      }
+      $sep = "=";
+      if (empty($value)) {
+        # So we can unset this
+        $sep = "";
+      }
+      putenv(sprintf("%s%s%s", $key, $sep, $value));
+    }
+
+    public function test_app_key_from_environment()
+    {
+      $orig_env = getenv("APP_KEY");
+      $key = "configkeyfromenvironment";
+      $this->set_key($key);
+      $this->assertKey($key);
+    }
+
+    public function test_app_key_from_file()
+    {
+      $this->set_key(null);
+      $this->set_key($this->app_key_file, "FILE");
+      $this->assertKey($this->app_key_file_content);
+    }
+
+    public function test_environmen_takes_precedence()
+    {
+      $env_key = "configkeyfromenvironment";
+      $this->set_key($env_key);
+      $this->set_key($this->app_key_file, "FILE");
+      $this->assertKey($env_key);
+    }
+}