I have a project in Laravel 8 and I have some secret env parameters and I do not want to ship them with my application to github. I will deploy my application with github actions to AWS beanstalk. How do I keep all the secrets secure and put them to EC2 instance when all application deployed.

CodePudding user response：

There are multiple ways to do that and you should not send your env file with your application to github.

1. You can use beanstalk's own parameter store page. However, if you do that another developer who has access to your AWS account can see all the env parameters. It is simple key value store page.

   Benastalk Panel -> (Select Your Environment) -> Configuration -> Software

2. Under the systems manager there is a service called Parameter Store (this is my prefered way)

In here, You can add as much as parameter as you like securely. You can simply add string parameters as well as secure (like password or api keys) strings also integers but string and secure types are my favorites.

You can split all you parameters by path like "APP_NAME/DB_NAME" etc.

You should get all the parameters from Parameter Store to your EC2 instance and put them on newly created .env file.

3. There is github secrets in github actions and you can put all your secret parameters to github secrets page. You can get all the secrets from github secrets and put your secrets to your application and ship from github to AWS directly.

You can go to settings in your repository and see this page: