If there is one aspect of Laravel that I like, it’s that it is accompanied by very nice tools.
Depending on how you like to develop you can even choose between different approaches and tools to develop with Laravel.
Valet is one of those tools. If you — like me — like to quickly setup your development environment, and test your work in progress asap, Valet helps you to setup test domains on your local machine very fast.
As Valet’s documentation explains:
Valet is a Laravel development environment for macOS minimalists. Laravel Valet configures your Mac to always run Nginx in the background when your machine starts. Then, using DnsMasq, Valet proxies all requests on the *.test domain to point to sites installed on your local machine.
What’s up with the password?
When you’ve developed in Laravel using Valet before, you will notice that once you reinstall Valet on a new machine (or clean install), it will start asking for a password.
After some research on Github, I found out why this is.
As it appears, there are two factors causing the continuous password prompt:
For security reasons, Valet prompts for the sudo password every time the command is used in a new terminal session
The code previously searched two files. The code that would create two files in /etc/sudoers.d was removed from the sourcecode
Since Valet uses sudo rights for some actions it needs to take, it depends on getting sudo rights to fully function.
How to prevent Valet from asking your password?
The answer is quite simple: you need Valet to trust your computer.
As you can find on the documentation page for Valet, the solution is revealed in the “other commands” section:
As the command states:
Add sudoers files for Brew and Valet to allow Valet commands to be run without prompting for your password.
Whereas the sudo command allows non-root users to run commands that would normally require super user privileges, the sudoers file instructs the system how to handle the sudo command (source: hostinger.com).
So, by using the “valet trust” command, you will indicate that the current machine can be trusted, which results in sudoers adjustments that will give Valet sudo permissions to operate correctly and without asking for your password each and every time.
To conclude
Please understand that the reason that you were prompted for the password in the first place, is because of increased security measures.
The security impact for using sudoers to give Valet sudo rights has also been discussed by the community on this Github thread concerning the issue.
Although using the trust command makes it easier to use valet without having to enter your password every time, always think about your machine setup, its connectivity to the internet and how this might affect your security at a realistic level.
Me personally, I’m happy to trust my device and am using Valet with a big smile once more.
Code Hard, Ship Harder 🔥
This article is also published on Medium
Top comments (3)
Slight security warning: You're giving two commands (brew and valet) full root access to your machine. If an attacker somehow modifies valet.php or homebrew, they can do with your machine whatever they want.
You're right. That's why I mentioned security in the To conclude part.
As a developer, we always need to decide if the benefit outweighs any risks.
Depending on your setup and the context of the project you're working on, this might be acceptable.
Thanks for the hint!