Bootstrap config file showing env secret keys

laravel / framework

The Laravel Framework.

https://laravel.com

MIT License

32.5k stars 11.01k forks source link

Bootstrap config file showing env secret keys #41567

Closed videsh-4433 closed 2 years ago

videsh-4433 commented 2 years ago

Laravel Version: 7.0
PHP Version: 7.4.0
Database Driver & Version: MySql 8.0.27

Description:

I have an issue with bootstrap cache files, because the bootstrap folder always need read write permission and when i am giving this permission the config.php file inside bootstrap/cache folder are showing my secret keys like all env variables are showing over there, So this issue will compromise my personal keys, please let me know how can i hide this. Thanks

Steps To Reproduce:

mikeydevelops commented 2 years ago

Yes that is how Laravel caches configuration, by default the cache folder in bootstrap is ignored from git, so it won't be uploaded and no secrets will be shared. And in terms of public access, this is what the public forlder is for. You configure your server to allow access to the public folder only, anything else should not be accessable if it is, you have misconfigured your server.

driesvints commented 2 years ago

Hey there,

Unfortunately we don't support this version anymore. Please check out our support policy on which versions we are currently supporting. Can you please try to upgrade to the latest version and see if your problem persists? If so, please open up a new issue and we'll help you out.

Thanks!