Laravel Vapor

Level up how you manage secrets for Laravel Vapor Serverless PHP Apps with Doppler.

In this guide, you'll learn how to sync production secrets to a Laravel Vapor Serverless PHP application using the Vapor CLI and Doppler CLI in a CI/CD environment.

Prerequisites

Import Secrets

Once you've created a Doppler Project, import your Laravel secrets (config included) into the Project's Production environment.

Laravel Vapor CLI Authentication

The VAPOR_API_TOKEN environment variable is required to authenticate the Vapor CLI in your CI/CD environment.

Create a Vapor API Token from the Vapor API settings dashboard and use it to create a VAPOR_API_TOKEN repository secret in your CI/CD platform.

Doppler CLI Authentication

The DOPPLER_TOKEN environment variable is required to authenticate the Doppler CLI in your CI/CD environment.

Create a Doppler Service Token for the Config you wish to sync secrets for and use it to create a DOPPLER_TOKEN repository secret in your CI/CD platform.

Secrets Sync Script

Syncing secrets to Vapor is performed by executing a dynamically generated script containing the Vapor CLI secrets sync commands from a pre-defined template rendered by the Doppler CLI.

This approach is necessary because the latest Vapor CLI version requires secret values be provided as a file because the --value option is now deprecated.

Create a file named vapor-secrets-sync.sh.tmpl in the root of your Laravel application directory:

# vapor-secrets-sync.sh.tmpl

VAPOR_ENV="production"

{{ range $key, $val := . }}
echo "Saving {{$key}} secret value to .{{$key}} file";
echo "{{$val}}" > ".{{$key}}";

echo "Setting {{$key}} secret for $VAPOR_ENV environment";
vapor secret $VAPOR_ENV --name="{{$key}}" --file .{{$key}};

echo "Cleaning up .{{$key}} file";
rm -f .{{$key}};
{{end}}

Secrets Sync

With all the pieces in place, add the following commands to your CI/CD deployment to create, execute, then delete the dynamically created vapor-secrets-sync.sh shell script:

doppler secrets substitute vapor-secrets-sync.sh.tmpl > vapor-secrets-sync.sh;
sh vapor-secrets-sync.sh;
rm vapor-secrets-sync.sh;

πŸ‘

Awesome Work!

Now you know how to sync production secrets to a Laravel Vapor Serverless PHP application using the Vapor CLI and Doppler CLI in a CI/CD environment.


Did this page help you?