Simplify handling of "base64:" envs

[garygreen]

At the moment, the framework base64 encodes app.key - the framework decodes this (by means of exact same code) in a few ... different places

Why not just wrap env's around a base64_decode?

/*
|--------------------------------------------------------------------------
| Encryption Key
|--------------------------------------------------------------------------
|
| This key is used by the Illuminate encrypter service and should be set
| to a random, 32 character string, otherwise these encrypted strings
| will not be safe. Please do this before deploying an application!
|
*/

'key' => base64_decode(env('APP_KEY', 'GREgheriaggREGERG3489gheragERAGeragjreaig')),

With this change, it'll:

1. Simplify handling of base64 encoded envs in the framework
2. Encourage the use of base64 encoding other keys / passwords in your config, as it can be used anywhere.
3. config('app.key') will always be the decoded version, no need for special handling checking for base64: etc.
4. The base-64 decoded version will be cached and stored, so doesn't need to be decoded every time framework bootstrap.

[fernandobandeira]

Not sure but i think that directly modifying the env helper would be better:

https://github.com/laravel/framework/blob/5.4/src/Illuminate/Foundation/helpers.php#L437

We just add an If there to decode it and that's it, just remove everthing else.

[garygreen]

Something like?

if (! function_exists('env')) {
    /**
     * Gets the value of an environment variable.
     *
     * @param  string  $key
     * @param  mixed   $default
     * @param  string|null  $format
     * @return mixed
     */
    function env($key, $default = null, $format = null)
    {
        // ....
        // ....

        if (! is_null($format)) {
            if ($format != 'base64') {
                throw new InvalidArgumentException("Unsupported format '$format' for decoding env variable '$key' - only base64 is supported.");
            }

            $value = base64_decode($value);
        }

        return $value;
    }
}

I would say drop the whole "base64:" support inside strings because then all env's will be able to support base-64 decoding, plus if you did literally want that prefixed in a env option then it would still represent literal text.

'key' => env('APP_KEY', '8ghgiregheGERgergh', 'base64'),

'literal_key' => env('LITERAL_KEY', 'base64:this_is_literal_and_shouldnt_be_decoded'),

[jaswdr]

@garygreen Some alternative:

if (! function_exists('env_base64')) {
    /**
     * Gets the value of an base64 encoded environment variable.
     *
     * @param  string  $key
     * @param  mixed   $default
     * @return mixed
     */
    function env_base64($key, $default = null)
    {
        $value = env($key, $default);
        return base64_decode($value);
    }
}

This can also be used with encrypted values, using the same pattern:

if (! function_exists('env_crypt')) {
    /**
     * Gets the value of an encrypted environment variable.
     *
     * @param  string  $key
     * @param  mixed   $default
     * @return mixed
     */
    function env_crypt($key, $default = null)
    {
        $value = env($key, $default);
        return decrypt($value);
    }
}

[garygreen]

@taylorotwell your closing so many internal issues without any comments - does this mean you are not open to the suggestion anymore? A simple comment clarifying would be much appreciated.

[KieronWiltshire]

Was there a follow up on this? I could really do with this instead of having multiline encryption keys for passport