0

for security reasons I have to store my DB credentials on AWS secret manager so, for this I use the app\Providers\AppServiceProvider.php to connect to aws service with this code

use GuzzleHttp\Client;
use Illuminate\Support\Facades\Config;

...

$client = new Client();
$apiKey = "my-api-key";
$response = $client->request('GET', 'my-credential-aws-url', [
  'headers' => [
    'X-API-Key' => $apiKey
    ],
]);

$data = json_decode($response->getBody()->getContents());

Config::set('database.connections.mysql.host', $data->DB_HOST);
Config::set('database.connections.mysql.database', $data->DB_DATABASE);
Config::set('database.connections.mysql.username', $data->DB_USERNAME);
Config::set('database.connections.mysql.password', $data->DB_PASSWORD);

I can get the credentials without problems, but every time that I make a backend api request laravel connect to aws to check the credential even if its loaded, also I added a config to indicate that the creddentials are loadeded Config::set('app.config', true); then check if is necesary load again but dont saves the config.

Do I have to put the code somewhere else?Or how can I configure it to only connect to AWS once?

Improve this question
4
  • First, I would recommend you to switch to the Http facade, you will not need to do json_decode. Second, could you show us where you are doing Config::set and when does Config::get get triggered? Commented Aug 22 at 22:16
  • 2
    You need to understand that each request is independant (scope wise) from any other request. you can't save variables and expect to find them in another request. You need to rethink how you do this. maybe save the credentials with TTL (Time to live) somewhere and check if they are loaded to use them. If your credentials dont change, there is no reason not to put them in .env, i mean your $apiKey is as important and saved somewhere right ? Commented Aug 25 at 8:50
  • could you write a custom db connection class that fetches / caches the response and check for that cache to avoid making tons of queries to aws? Commented Aug 26 at 2:22
  • Como mencionado acima, se as credenciais não mudam o caminho mais fácil e assertivo é colocá-las em .env (pode inclusive automatizar o manuseio com pipeline de deploy). Caso elas fiquem mudando com muita frequência oque é fora do comum, vai precisar construir uma TTL. Commented Aug 27 at 12:19

1 Answer 1

Reset to default
0

In laravel there's a mechanism to actually cache all the config. But I assume you're running your tests locally and that means that config will not be stored anywhere and each request to the API will try to gather DB credentials again. You can try set APP_DEBUG env variable to false and check whether your config is cached.
You can read more about how you can manage config cache here: https://laravel.com/docs/12.x/configuration#configuration-caching

Another way to handle this is to fetch data from AWS api, store it somewhere in redis cache and then check if there's a value not doing the http request for it. Something like:

use GuzzleHttp\Client;
use Illuminate\Support\Facades\Config;
use Illuminate\Support\Facades\Redis;

...
if (empty(Redis::get("mysql-creds"))) {
  $client = new Client();
  $apiKey = "my-api-key";
  $response = $client->request('GET', 'my-credential-aws-url', [
    'headers' => [
      'X-API-Key' => $apiKey
    ],
  ]);
  $responseContents = $response->getBody()->getContents();
  $data = json_decode($responseContents);
  Redis::set("mysql-creds", $responseContents);
} else {
  $data = json_decode(Redis::get("mysql-creds"))
}

Config::set('database.connections.mysql.host', $data->DB_HOST);
Config::set('database.connections.mysql.database', $data->DB_DATABASE);
Config::set('database.connections.mysql.username', $data->DB_USERNAME);
Config::set('database.connections.mysql.password', $data->DB_PASSWORD);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.