Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Marcel Pociot:
Using Travis-CI for your Laravel Nova packages
Sep 27, 2018 @ 09:26:38

Marcel Pociot has a recent post to his site showing how you can set up builds on the Travis-CI service for your Laravel Nova packages. Laravel Nova is the recently released product from the Laravel creators that provides an administrative dashboard.

Today Laravel announced that Laravel Nova can now be installed via composer. This works by providing your nova.laravel.com username and password as credentials for composer, as well as adding a custom Laravel Nova composer repository to your composer.json file.

[...] This is great news, as this does not only simplify updating Laravel Nova, but it also allows Nova tools/package developers to add continuous integration to their projects! But there is still a problem: we do not want to provide our Laravel Nova credentials in our open source repository. But how can we solve this?

Marcel then walks you through the process of using Travis-CI's encrypted environment variables to protect your credentials. He shows how to install the travis Ruby gem to get the travis command line tool, encrypt the values and update your Travis-CI configuration (.travis.yaml) to pull those into the build.

tagged: travisci continuous build tutorial testing credential encrypted

Link: http://marcelpociot.de/blog/travis-ci-for-laravel-nova-development

Fortrabbit.com:
Is your database password stored safely?
Sep 08, 2015 @ 11:48:18

The Fortrabbit blog has a post that want to help you store your database password securely and away from prying attacker eyes. While they use the example of a a database password, credentials for just about any other service could be protected the same way.

How do you protect your access data? Your sensitive secrets, basically anything your PHP application uses to authenticate or authorize with other services such as databases, caches, cloud storages, image resize services, transactional mail providers. All of them. Where do you put this — easily accessible while in development and secure for production?

They start by pointing out a few places where they should not be stored: in your code, in a version control system or in an environment variable (plain text). Instead, they suggest using a combination of a secret key that's configured in the application and encrypted versions of the values in environment variables. Some code is included showing how to set this up in a Laravel-based application, but the principle can be applied independent of the framework too with some other simple tools. They end the post with some links to other articles including a "considered harmful" piece reinforcing their methods.

tagged: credential protection password database tutorial encryption environment variable

Link: http://blog.fortrabbit.com/how-to-keep-a-secret