App platform store Laravel Passport keys as variable

Posted April 29, 2021 2k views
LaravelDigitalOcean App Platform

I have deployed Laravel app with passport authentication on DigitalOcean App Platform. The problem occur when the app gets deployed again and I need to generate new passport keys (php artisan passport:install). Is there a way to store those two files (oaut-private.key and oauth-public.key) as environment variables?
I am new to this and I don’t really know how it works…
Thanks for help!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

👋🏼 @brackog

Please let me know if I misunderstood your question, but I believe you can achieve this like so:

First, store the files’ contents in env vars and make sure to check the “Encrypt” box

  1. Key: PASSPORT_OAUTH_PRIVATE_KEY Value: contents of oauth-private.key
  2. Key: PASSPORT_OAUTH_PUBLIC_KEY Value: contents of oauth-public.key

Then, update your app’s run command to first write the files using the content from the env vars and then start Laravel:

echo -n "$PASSPORT_OAUTH_PRIVATE_KEY" >storage/oauth-private.key
echo -n "$PASSPORT_OAUTH_PUBLIC_KEY" >storage/oauth-public.key

heroku-php-apache2 public/

The -n flag stops echo from adding a newline at the end of the file in case that affects Laravel Passport.

  • the problem occours when i install paspport and try to copy the content of those two files. as it seems i am unable to just copy the content from console. is there any other way to do it?

    • Looking at the Passport deployment documentation again it seems like they recommend doing this a little differently. I believe php artisan passport:install is only meant to be run locally on your dev machine. On production/when deploying passport, you can configure Passport to read the keys directly from the environment.

      Follow these instructions locally on your dev machine:

      1. Undo the app config changes from my first comment—remove the env vars and change the run command back to heroku-php-apache2 public/.
      2. I assume you have probably run this locally already as you were developing your app, but if not, run php artisan passport:install (passing --uuids if needed).
      3. Run php artisan vendor:publish --tag=passport-config and commit the new config file. If you look at config/passport.php you’ll notice that private_key and public_key default to reading their values from environment variables—we’ll be making use of this shortly.
      4. Generate a pair of keys for production. Run php artisan passport:keys --force. Note that this will overwrite your local dev keys.
      5. Add PASSPORT_PRIVATE_KEY and PASSPORT_PUBLIC_KEY env vars to your app and set their values to the contents of the files storage/oauth-private.key and storage/oauth-public.key. Since these files are on your local machine it should be easy to copy their contents.
      6. Save the changes and deploy your app. Confirm that it is working with Laravel Passport. You can use the console to experiment if you need to.
      7. Finally, generate new keys for your dev environment as you don’t want to use the same ones as in production. php artisan passport:keys --force

      I hope that helps!