what's the best place to save encryption public and private keys in a laravel server

Question

The environment: I have a Laravel 6.x application running on Amazon EC2 with Ubuntu 18.4 bionic, and Apache server. I have multiple scheduled artisan commands. They either generate files and FTP them over to a different server or, import a file from a different server. These files must be encrypted with PHP GNUPG before exporting them to client's server and require to be decrypted after downloading them from the client's server for further processing, therefore, there are public and private keys that must be stored on the server and in a way that the scheduled processes running as "Ubuntu users" can access and use them (I assume "Ubuntu user" only needs to have read permission on the key files, and no other user needs to be given any permission cause they don't and shouldn't be able to access these files, please correct me if I'm wrong). My question: I would like to know the best practices on, in what folder inside my server, and how (with what permissions), should I be storing these key files so I can assure they are safe, as well as making sure all automated processes will be able to access and use them as needed.

Answer 1

The Laravel oauth package Passport saves them in the storage folder. Which is a good pointer to where Laravel dev's would expect them to be, adding a subfolder like storage/keys would probably also be feasible.

Permissions wise it is usually the standard to use chmod 600 permissions.

Alternatively the Laravel env can save these keys see.

PASSPORT_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----
<private key here>
-----END RSA PRIVATE KEY-----"