Added re-encryption functionality for env.php

Console/GenerateEncryptionKey.php

@@ -3,6 +3,7 @@
 namespace Gene\EncryptionKeyManager\Console;
 
 use Gene\EncryptionKeyManager\Service\ChangeEncryptionKey as ChangeEncryptionKeyService;
+use Gene\EncryptionKeyManager\Service\ReencryptEnvSystemConfigurationValues;
 use Magento\Framework\App\Config\Storage\WriterInterface;
 use Magento\Framework\Encryption\Encryptor;
 use Magento\Framework\App\Config\ScopeConfigInterface;
@@ -38,7 +39,8 @@ public function __construct(
         private readonly WriterInterface $configWriter,
         private readonly Emulation $emulation,
         private readonly State $state,
-        private readonly Encryptor $encryptor
+        private readonly Encryptor $encryptor,
+        private readonly ReencryptEnvSystemConfigurationValues $reencryptEnvSystemConfigurationValues
     ) {
         parent::__construct();
     }
@@ -113,6 +115,9 @@ protected function execute(InputInterface $input, OutputInterface $output): int
                 (bool)$input->getOption(self::INPUT_SKIP_SAVED_CREDIT_CARDS)
             );
             $this->changeEncryptionKey->changeEncryptionKey($newKey);
+            $output->writeln('reEncryptEnvConfigurationValues - start');
+            $this->reencryptEnvSystemConfigurationValues->execute();
+            $output->writeln('reEncryptEnvConfigurationValues - end');
             $this->emulation->stopEnvironmentEmulation();
             $output->writeln('Cleaning cache');
 

Service/ReencryptEnvSystemConfigurationValues.php

@@ -0,0 +1,66 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Gene\EncryptionKeyManager\Service;
+
+use Magento\Framework\App\DeploymentConfig;
+use Magento\Framework\App\DeploymentConfig\Writer;
+use Magento\Framework\Config\Data\ConfigData;
+use Magento\Framework\Config\File\ConfigFilePool;
+use Magento\Framework\Encryption\EncryptorInterface;
+use Magento\Framework\Exception\FileSystemException;
+use Magento\Framework\Exception\RuntimeException;
+
+class ReencryptEnvSystemConfigurationValues
+{
+    /**
+     * @param DeploymentConfig $deploymentConfig
+     * @param Writer $writer
+     * @param EncryptorInterface $encryptor
+     */
+    public function __construct(
+        private readonly DeploymentConfig $deploymentConfig,
+        private readonly Writer $writer,
+        private readonly EncryptorInterface $encryptor
+    ) {
+    }
+
+    /**
+     * Gather all encrypted system config values from env.php and re-encrypt them
+     *
+     * @return void
+     * @throws FileSystemException
+     * @throws RuntimeException
+     * @throws \Exception
+     */
+    public function execute(): void
+    {
+        $systemConfig = $this->deploymentConfig->get('system');
+        $systemConfig = $this->iterateSystemConfig($systemConfig);
+
+        $encryptSegment = new ConfigData(ConfigFilePool::APP_ENV);
+        $encryptSegment->set('system', $systemConfig);
+        $this->writer->saveConfig([$encryptSegment->getFileKey() => $encryptSegment->getData()]);
+    }
+
+    /**
+     * Recursively iterate through the system configuration and re-encrypt any encrypted values
+     *
+     * @param array $systemConfig
+     * @return array
+     * @throws \Exception
+     */
+    private function iterateSystemConfig(array $systemConfig): array
+    {
+        foreach ($systemConfig as $key => &$value) {
+            if (is_array($value)) {
+                $value = $this->iterateSystemConfig($value);
+            } elseif (is_string($value) && preg_match('/^\d+:\d+:.*$/', $value)) {
+                $value = $this->encryptor->encrypt($this->encryptor->decrypt($value));
+            }
+        }
+
+        return $systemConfig;
+    }
+}