I have Laravel running on EC2 instance and I have a .p8 for APNs. Everything is working fine, but I’m wondering what the convention is regarding best location for .p8 files. It doesn’t feel right to just drop them in the base path of the Laravel project.
This seems like a fairly obvious question, but searching around I haven’t found any recommendations regarding best practices on this matter.
If you opt to launch your application on AWS or another cloud platform, you can leverage their dedicated secret management services such as AWS Secrets Manager.
For custom infrastructure setups, you have a couple of options. You can either utilize a locally installed security manager like Knox to store your certificate, or you can store it in plaintext on your server. In the latter scenario, the precise location of storage isn't critical as long as it remains inaccessible to the public.