Tutorial

How to Encrypt Your env File Data in Devflow CMS

Security should never be an afterthought. As cyber threats continue to evolve, protecting sensitive configuration data is essential for every application. Encrypting your .env file helps safeguard secrets such as database credentials, API keys, and encryption tokens, keeping them out of reach from prying eyes and reducing the risk of accidental exposure.

03 June 2026 · 3 min read

Your .env file has all your important keys, and some of them are very sensitive. Nevertheless, you can create an encrypted version of your .env, and hide your original .env away from prying eyes.

The first thing you need to do is run the following Codex command: php codex encrypt:env.

The command will take the data from your environment file, encrypt it, and place that encrypted data into a new file called .env.enc.

Once the file is created, open bootstrap/app.php, and update the config parameters at the beginning with this:

'basePath' => dirname(path: __DIR__),
'encryptedEnv' => true,

This is what the contents of bootstrap/app.php should look like after the update:

<?php

declare(strict_types=1);

use Codefy\Framework\Application as DevflowApp;
use Qubus\Exception\Data\TypeException;

use function Codefy\Framework\Helpers\env;

try {
    $app = DevflowApp::create(
        config: [
            'basePath' => dirname(path: __DIR__),
            'encryptedEnv' => true,
        ]
    )
    ->withProviders([
        App\Infrastructure\Providers\SiteServiceProvider::class,
        App\Infrastructure\Providers\DatabaseServiceProvider::class,
        App\Infrastructure\Providers\OptionsServiceProvider::class,
        App\Infrastructure\Providers\RbacServiceProvider::class,
        \Application\Provider\EventListenerServiceProvider::class,
        \Application\Provider\ViewServiceProvider::class,
    ])
    ->withSingletons([
        //
    ])
    ->withRouting(
        web: [
            dirname(path: __DIR__) . '/routes/web/admin.php',
            dirname(path: __DIR__) . '/routes/api/v1.php',
            dirname(path: __DIR__) . '/routes/api/v2.php',
            dirname(path: __DIR__) . '/routes/web/web.php',
        ],
    )
    ->return();

    $app->share(nameOrInstance: $app);

    return $app::getInstance();
} catch (TypeException|ReflectionException $e) {
    return $e->getMessage();
}

Once you have your .env.enc file and you've made the changes above, rename your original environment file, open a browser, and test that your site is still working. If all is ok, move your original environment file to a safe and private space on your server or off server if you prefer. Just make sure to keep it somewhere safe, and don't delete it.

If you need to update the data in your .env.enc file, make the changes to your original .env file, and then run the following command: php codex encrypt:env --file=/path/to/custom.env. If you ran the command in the root of your install on the server, then your original file was updated. If you've saved the original in a test environment, then you will need to upload the newly generated .env.enc file to your server to overwrite the previous one.

If you have questions or need help, please use the comment form below.

joshua@nomadicjosh.com

Joshua P.

Developer & Nature Photographer

Joshua is a PHP Developer and digital nomad who loves nature photography, adventure, travel, and coding fun projects.

Website Instagram X YouTube
Discussion

Join the conversation.

Have questions, feedback, or ideas? Leave a comment below.