Forem: Roman Shneer The latest articles on Forem by Roman Shneer (@roman_shneer_9301c1e5f2fd). https://forem.com/roman_shneer_9301c1e5f2fd https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3287583%2Fa6f6b198-401b-44a4-b6e5-6c3755759f75.jpg Forem: Roman Shneer https://forem.com/roman_shneer_9301c1e5f2fd en Laravel Application with Encrypted .env Roman Shneer Wed, 29 Apr 2026 06:06:50 +0000 https://forem.com/roman_shneer_9301c1e5f2fd/laravel-application-with-encrypted-env-1hl9 https://forem.com/roman_shneer_9301c1e5f2fd/laravel-application-with-encrypted-env-1hl9 <p>This guide explains how to securely run a Laravel application (version 12) in a production environment using Apache, with an encrypted <code>.env</code> file.</p> <h2> Overview </h2> <p>In production, it’s crucial to protect sensitive information found in the <code>.env</code> file. This method encrypts your configuration file and utilizes an encryption key stored in an environment variable for security.</p> <h2> Steps to Run Laravel with Encrypted .env </h2> <h3> Step 1: Encrypt the .env File </h3> <p>Execute the following command in your terminal to prepare the encoded file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>php artisan <span class="nb">env</span>:encrypt </code></pre> </div> <p>Note: Remember your encryption key and cipher settings as you'll need them later.</p> <h3> Step 2: Set Environment Variable in Apache </h3> <p>Open your <strong>httpd.conf</strong> (or <strong>.htaccess</strong>) file and add the following line to set the encryption key:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight apache"><code><span class="nc">SetEnv</span> LARAVEL_ENV_ENCRYPTION_KEY your_key_here </code></pre> </div> <p>Afterwards, restart your web server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl restart apache2 </code></pre> </div> <h3> Step 3: Decrypt the .env File in Laravel </h3> <p>Add the following code snippet in <strong>/bootstrap/app.php</strong> before the line where the application is configured:<br> <strong>Application::configure(....</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">//START ENV DECODING</span> <span class="kn">use</span> <span class="nc">Illuminate\Encryption\Encrypter</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Support\Str</span><span class="p">;</span> <span class="nv">$cipher</span> <span class="o">=</span> <span class="s1">'aes-256-cbc'</span><span class="p">;</span> <span class="c1">//change your cipher</span> <span class="nv">$filename</span> <span class="o">=</span> <span class="s1">'.env.encrypted'</span><span class="p">;</span><span class="c1">//change your encrypted file</span> <span class="nv">$key</span> <span class="o">=</span> <span class="nb">getenv</span><span class="p">(</span><span class="s1">'LARAVEL_ENV_ENCRYPTION_KEY'</span><span class="p">);</span> <span class="c1">// Retrieve the encryption key from the environment variables</span> <span class="nv">$encryptedContent</span> <span class="o">=</span> <span class="nb">file_get_contents</span><span class="p">(</span><span class="s2">"../</span><span class="si">{</span><span class="nv">$filename</span><span class="si">}</span><span class="s2">"</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nc">Str</span><span class="o">::</span><span class="nf">startsWith</span><span class="p">(</span><span class="nv">$key</span><span class="p">,</span> <span class="nv">$prefix</span> <span class="o">=</span> <span class="s1">'base64:'</span><span class="p">))</span> <span class="p">{</span> <span class="nv">$key</span> <span class="o">=</span> <span class="nb">base64_decode</span><span class="p">(</span><span class="nc">Str</span><span class="o">::</span><span class="nf">after</span><span class="p">(</span><span class="nv">$key</span><span class="p">,</span> <span class="nv">$prefix</span><span class="p">));</span> <span class="p">}</span> <span class="nv">$decrypted_text</span> <span class="o">=</span> <span class="p">(</span><span class="k">new</span> <span class="nc">Encrypter</span><span class="p">(</span><span class="nv">$key</span><span class="p">,</span> <span class="nv">$cipher</span><span class="p">))</span> <span class="o">-&gt;</span><span class="nf">decrypt</span><span class="p">(</span><span class="nv">$encryptedContent</span><span class="p">);</span> <span class="nv">$rows</span> <span class="o">=</span> <span class="nb">array_filter</span><span class="p">(</span> <span class="nb">explode</span><span class="p">(</span><span class="s2">"</span><span class="se">\n</span><span class="s2">"</span><span class="p">,</span> <span class="nv">$decrypted_text</span><span class="p">),</span> <span class="k">fn</span><span class="p">(</span><span class="nv">$r</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="o">!</span><span class="k">empty</span><span class="p">(</span><span class="nb">trim</span><span class="p">(</span><span class="nv">$r</span><span class="p">))</span> <span class="p">);</span> <span class="nv">$rows</span> <span class="o">=</span> <span class="nb">array_map</span><span class="p">(</span> <span class="k">fn</span><span class="p">(</span><span class="nv">$r</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nb">array_map</span><span class="p">(</span> <span class="k">fn</span><span class="p">(</span><span class="nv">$r</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nb">trim</span><span class="p">(</span> <span class="nb">str_replace</span><span class="p">(</span><span class="s1">'"'</span><span class="p">,</span> <span class="s1">''</span><span class="p">,</span> <span class="nv">$r</span><span class="p">)</span> <span class="p">),</span> <span class="nb">explode</span><span class="p">(</span><span class="s2">"="</span><span class="p">,</span> <span class="nv">$r</span><span class="p">)</span> <span class="p">),</span> <span class="nv">$rows</span> <span class="p">);</span> <span class="k">foreach</span> <span class="p">(</span><span class="nv">$rows</span> <span class="k">as</span> <span class="nv">$row</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$_SERVER</span><span class="p">[</span><span class="nv">$row</span><span class="p">[</span><span class="mi">0</span><span class="p">]]</span> <span class="o">=</span> <span class="nv">$row</span><span class="p">[</span><span class="mi">1</span><span class="p">];</span> <span class="p">}</span> <span class="c1">//END ENV DECODING</span> </code></pre> </div> <h3> Step 4: Final Cleanup </h3> <p>By following these steps, you can run your Laravel application securely with an encrypted .env file. Ensure you keep your encryption key safe to maintain the integrity of your sensitive information.</p> <p><strong>Backup and Delete the Original .env File</strong></p> laravel php security tutorial