2

I created a JSON file to use BigQuery in my Laravel project => BigQuery docs. I put the file in the storage folder to limit its access. I only need to access it from my .env file.

GOOGLE_APPLICATION_CREDENTIALS='/storage/file.json'

Naturally, I cannot access the folder that easily and I know there are ways to access it but creating a symbolic link would make the file accessible from anywhere and I don't want that. Is there a secure way to access that file in my .env file ? Or is there a better way, another folder in which I should put the JSON file ?

user3803353
  • 61
  • 4
  • 2
    Preferred way is to use a config file that uses `.env` variables. Don't use `.env` vars directly – brombeer Dec 04 '20 at 12:22
  • How can I implement that in this case ? Is there another file in which I can set `GOOGLE_APPLICATION_CREDENTIALS` ? Do I need to create a config file for this ? – user3803353 Dec 04 '20 at 14:04
  • The Laravel [Configuration manual](https://laravel.com/docs/8.x/configuration) should get you started, especially [Retrieving Environment Configuration](https://laravel.com/docs/8.x/configuration#retrieving-environment-configuration). You can keep that file in the `storage` folder, just don't directly access `.env` variables – brombeer Dec 04 '20 at 14:08
  • 1
    Can I put `GOOGLE_APPLICATION_CREDENTIALS=` in `.env` and in a file in the `config` folder, I add a config like ```'google_app_cred' => env('GOOGLE_APPLICATION_CREDENTIALS', Storage::get('file.json'))``` ? It seems really wrong... – user3803353 Dec 04 '20 at 14:31

1 Answers1

2

I highly discourage the usage of ENV variables, instead use a Secret Manager to load at runtime, or KMS (Key Management Service)

Look at laravel-env-security for implementation.

Pentium10
  • 204,586
  • 122
  • 423
  • 502