This Composer plugin lets you store credentials for private packages in a .env file, using the same format as the COMPOSER_AUTH environment variable. This approach avoids using auth.json, keeps credentials out of version control, and makes them easier to manage and encrypt alongside other environment-specific configuration.
This repository is inspired by private-composer-installer.
In Laravel ecosystem there are many commercially distributed packages that require authentication to be installed.
The usual way to authenticate is to use the auth.json file, which is then ignored (or not) by version control.
It is more practical, however, to be able to store credentials in a .env file, which is already used for other environment-specific configuration.
The .env file can be encrypted and decrypted using the php artisan env:encrypt and php artisan env:decrypt commands.
The encryption key can be shared with team members to securely grant access to all necessary project secrets.
This might make it easier and safer to manage composer credentials in your development team.
- Add the desired private package to the
repositoriessection insidecomposer.json. Find more about Composer repositories in the Composer documentation. - Configure authentication using
composer config. This will create anauth.jsonfile. Different supported options are described in the Composer documentation - Convert
auth.jsoncontent to COMPOSER_AUTH environment variable format and append it to your.envfile:
echo -n "COMPOSER_AUTH=" >> .env && cat auth.json | tr -d '\n[:space:]' >> .env
The configuration options listed below may be added to the extra section of composer.json like so:
{
"name": "...",
"description": "...",
"require": {
},
"extra": {
"composer-auth-dotenv": {
"dotenv-path": ".",
"dotenv-name": ".env"
}
}
}Dotenv file directory relative to the root path (where composer.json is located).
By default, dotenv files are expected to be in the root folder.
Dotenv file name. Defaults to .env.