Veil for Laravel: Encrypt Environment Variables Without Losing Readability

Managing sensitive data in Laravel applications often means encrypting entire environment files. but that usually makes them unreadable. Veil for Laravel changes that by introducing a smarter, more flexible approach to .env encryption.

What Is Veil?

Veil is a lightweight Laravel package that extends the built-in env:encrypt and env:decrypt Artisan commands. It introduces a new flag — --only-values — that allows developers to encrypt only the values of sensitive environment variables, while keeping their names intact and readable.

Instead of this:

eyJpdiI6ImplT2xTaGRzV... # One long unreadable string

You’ll get something like this:

APP_NAME="My awesome app"
APP_ENV=local
APP_DEBUG=true

SOME_API_KEY=eyJpdiI6ImplT2xTaGRzV...

This makes .env files much easier to navigate and maintain, especially in collaborative environments.

How It Works

Once installed, you can simply run:

php artisan env:encrypt --only-values
php artisan env:decrypt --only-values

By default, Veil encrypts environment variables that end with _PASSWORD, _KEY, or _SECRET. But you can easily customize which variables to encrypt using the --only flag:

php artisan env:encrypt --only-values --only="*_SECRET,APP_KEY"

If you want to encrypt everything while keeping variable names visible, just add --all:

php artisan env:encrypt --only-values --all

Why It Matters

Veil bridges the gap between security and usability. Developers no longer need to choose between fully encrypted files and readable configuration. By keeping variable names visible, teams can still understand the purpose of each key without exposing sensitive values.

It also reduces the need for maintaining a separate .env.example file — your main .env can stay both secure and readable.

Learn More

You can explore the source code and installation guide on GitHub, or view it on the Laravel Hub package page.