doupinyan0186 2018-11-21 15:34
浏览 291
已采纳

Laravel - 无法从.env文件获取.pem公钥数据

I have an webapp built with Laravel and i need to use a public key from a .pem file to verify some data. The key is kept in the .env file and retrieved via config/app.php with the env() helper. Since the .pem key needs to be on separate lines with specific length i use characters to keep the key on one line. Problem is that when i use the characters the variable is not cached and i cannot access it. When i remove the characters i can retrieve the variable but the openssl_get_privatekey($key); returns false. What am i doing wrong? Is this a Laravel or some general PHP issue?

  • 写回答

1条回答 默认 最新

  • dtg25862 2018-11-21 17:17
    关注

    PHP's dotenv package does not seem to support multi-line environment variables.

    You should ideally keep your .pem file as a file and reference it by path like e.g.:

    PEM_FILE=/path/to/file.pem
    

    and in the config:

    return [
        //...
        "key" => file_get_contents(env('PEM_FILE'))
    

    This makes sense since generally certificates should generally go in the dedicated certificates path on the server. If you cache the config then the actual contents of the .pem file are only read once on deployment.

    However if you must put it in dotenv then you can do:

    In .env

    PEM_KEY="-----BEGIN RSA PRIVATE KEY-----
    …
    -----END DSA PRIVATE KEY-----"
    

    In configs:

    return [
        //...
        "key" => str_replace("\
    ", "
    ", env('PEM_KEY')), 
    

    Since the key is generally base64 I don't think there's a chance would naturally occur inside a .pem file.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 微信小程序 用oss下载 aliyun-oss-sdk-6.18.0.min client报错
  • ¥15 ArcGIS批量裁剪
  • ¥15 labview程序设计
  • ¥15 为什么在配置Linux系统的时候执行脚本总是出现E: Failed to fetch http:L/cn.archive.ubuntu.com
  • ¥15 Cloudreve保存用户组存储空间大小时报错
  • ¥15 伪标签为什么不能作为弱监督语义分割的结果?
  • ¥15 编一个判断一个区间范围内的数字的个位数的立方和是否等于其本身的程序在输入第1组数据后卡住了(语言-c语言)
  • ¥15 Mac版Fiddler Everywhere4.0.1提示强制更新
  • ¥15 android 集成sentry上报时报错。
  • ¥15 抖音看过的视频,缓存在哪个文件