Skip to content

rConfig - Config File Encryption

2 mins V7 Pro

Config file encryption is a feature that allows you to encrypt the contents of your configuration files as they are store on the Disk of rConfig Servers. This is useful when you need to store sensitive config information, for regulatory and other security requirements.

Pre-requisites

Please ensure you have a backup of your rConfig server before proceeding with this operation. VM level snapshots are highly recommended as they allow for fast recovery in case of any issues while performing this operation.

Steps to Encrypt Configuration Files

1. Encrypt the configuration files

The file encryption process will update the .env file, encrypt all the configuration files in the rConfig system, as they are downloaded, and will decrypt them as they are retrieved. The feature cannot load files that are not already encrypted.

So, we will run a script to encrypt all the configuration files in the system. This script will also updated a feature flag in the configs table and set the is_encrypted column to 1 for all the configuration files. That’s useful to know which files are encrypted and which are not, because if the script fails, or the CLI session terminates, you can run the script again and it will only encrypt the files that are not already encrypted.

Terminal window
cd /var/www/html/rconfig7/current
php artisan rconfig:config-encryption-manager
What action would you like to perform? ──────────────────────┐
encrypt
decrypt
rotate
└──────────────────────────────────────────────────────────────┘
# Select encrypt and press enter

Once this task is complete, you will see a message indicating that the encryption process is complete. All rConfig features will now be able to work with encrypted configuration files.

3. Decrypt the configuration files

If you need to decrypt the configuration files, to reverse the above process, you can run the following command:

Terminal window
cd /var/www/html/rconfig7/current
php artisan rconfig:config-encryption-manager
What action would you like to perform? ──────────────────────┐
encrypt
decrypt
rotate
└──────────────────────────────────────────────────────────────┘
# Select decrypt and press enter

4. Rotate the encryption key

NOTE: Key Rotation is under development and will be available in the next release.

If you need to rotate the encryption key, you can run the following command:

Terminal window
cd /var/www/html/rconfig7/current
php artisan rconfig:config-encryption-manager
What action would you like to perform? ──────────────────────┐
encrypt
decrypt
rotate
└──────────────────────────────────────────────────────────────┘
# Select rotate and press enter