Laravel Vapor
Level up how you manage secrets for Laravel Vapor Serverless PHP Apps with Doppler.
In this guide, you'll learn how to sync production secrets to a Laravel Vapor Serverless PHP application using the Vapor CLI and Doppler CLI in a CI/CD environment.
Prerequisites
- Doppler Project created
- Vapor CLI installed and on
$PATH - Doppler CLI installed
- CI/CD platform for automating secrets sync
Import Secrets
Once you've created a Doppler Project, import your Laravel secrets (config included) into the Project's Production environment.
Laravel Vapor CLI Authentication
The VAPOR_API_TOKEN environment variable is required to authenticate the Vapor CLI in your CI/CD environment.
Create a Vapor API Token from the Vapor API settings dashboard and use it to create a VAPOR_API_TOKEN repository secret in your CI/CD platform.
Doppler CLI Authentication
The DOPPLER_TOKEN environment variable is required to authenticate the Doppler CLI in your CI/CD environment.
Create a Doppler Service Token for the Config you wish to sync secrets for and use it to create a DOPPLER_TOKEN repository secret in your CI/CD platform.
Secrets Sync Script
Syncing secrets to Vapor is performed by executing a dynamically generated script containing the Vapor CLI secrets sync commands from a pre-defined template rendered by the Doppler CLI.
This approach is necessary because the latest Vapor CLI version requires secret values be provided as a file because the --value option is now deprecated.
Create a file named vapor-secrets-sync.sh.tmpl in the root of your Laravel application directory:
# vapor-secrets-sync.sh.tmpl
VAPOR_ENV="production"
{{ range $key, $val := . }}
echo "Saving {{$key}} secret value to .{{$key}} file";
echo "{{$val}}" > ".{{$key}}";
echo "Setting {{$key}} secret for $VAPOR_ENV environment";
vapor secret $VAPOR_ENV --name="{{$key}}" --file .{{$key}};
echo "Cleaning up .{{$key}} file";
rm -f .{{$key}};
{{end}}
Secrets Sync
With all the pieces in place, add the following commands to your CI/CD deployment to create, execute, then delete the dynamically created vapor-secrets-sync.sh shell script:
doppler secrets substitute vapor-secrets-sync.sh.tmpl > vapor-secrets-sync.sh;
sh vapor-secrets-sync.sh;
rm vapor-secrets-sync.sh;
Awesome Work!
Now you know how to sync production secrets to a Laravel Vapor Serverless PHP application using the Vapor CLI and Doppler CLI in a CI/CD environment.
Updated over 2 years ago