Currently it's a bit of a pain to rotate keys. I'd like to have a new console command to help with this.
I envision it looking something like this:
php artisan env:rotate KEY_NAME
> Enter current value: [oldvalue]
> Enter new value: [newvalue]
KEY_NAME has been rotated in two env files: qa, prd
1) By prompting for the values instead of passing in as parameters we keep these secrets out of bash history
2) You may have different key values for different environments. By requiring the current/old value we ensure we only rotate the appropriate values.
3) As of v1 this package supports different KMS keys per environment, we'll need to make sure this uses the environment-specific key for each env file as it works through them.
jszobody
commented
4 years ago
Currently it's a bit of a pain to rotate keys. I'd like to have a new console command to help with this.
I envision it looking something like this:
1) By prompting for the values instead of passing in as parameters we keep these secrets out of bash history 2) You may have different key values for different environments. By requiring the current/old value we ensure we only rotate the appropriate values. 3) As of v1 this package supports different KMS keys per environment, we'll need to make sure this uses the environment-specific key for each env file as it works through them.
Thoughts?