2
votes

I'm using AWS Elastic Beanstalk to deploy a Laravel application and I've created a folder .ebextensions where all my .config files are stored.

The project is under VCS using GIT and I'm not sure if i want to add the .config to the repository as it contains some of my credentials.

Can the .config file be moved to s3 and used for deployment ?

2
Your .config files should be available as snippets in the VCS - lacking your credentials of course. Credentials should never be stored anywhere, and exist only at 1 given location at a time, sans duplication. However, parameters without credentials are rarely an issue.Ohgodwhy
Ok, I've put the .config files without credentials in VCS, i need to create a file that contain my credentials. How would i do that in EB ?Sidharth
And I'm not sure what is meant by snippetsSidharth
Easiest way is set an environment variable in your elastic beanstalk environment and then you can access those through variables in your config files.Ben Swinburne
Yes i have done that but still i need a .env file in my root application folder with these credentials for my application to work since it's based on Laravel Framework.Sidharth

2 Answers

2
votes

Never put credentials and other secret information in VCS/Git.

Ideally, you would put your secrets in some kind of "vault" that your EB application would access at runtime, thus never storing the information itself. However, sometimes this isn't possible/practical.

For Elastic Beanstalk, you can do the following:

  1. Create your .config file in .ebextenions.
  2. Add your setting for your secret/credential to the config file with a value such as "change me".
  3. After you deploy your application to Elastic Beanstalk, modify your application's configuration "Software" settings, and change the value for your setting from "change me" to an appropriate value.
2
votes

In the Elastic beanstalk console

Configuration > Software Configuration > Environment Properties

You'll see a screen like this

enter image description here

You can fill in your environment variables here.

This means you don't need to set up environment variables in .config files, nor do you need to commit your .env file to VCS.

Environment variables entered into the console are copied to any EC2 boxes which elastic beanstalk manages for you within that application/environment.

The .env file in Laravel is designed to facilitate development and as such shouldn't be used in production. Anything in that file should be created as real environment variables and the .env file need not be present.

The .env file (via phpdotenv) simply creates environment variables at runtime, which isn't necessary if the environment variables actually exist already.