{"id":17846446,"url":"https://github.com/technicalguru/php-vault","last_synced_at":"2025-03-20T07:30:43.994Z","repository":{"id":41181355,"uuid":"266121521","full_name":"technicalguru/php-vault","owner":"technicalguru","description":"A flexible, lightweight PHP-based vault to provide secrets dynamically","archived":false,"fork":false,"pushed_at":"2022-10-30T10:02:30.000Z","size":57,"stargazers_count":11,"open_issues_count":4,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-17T15:55:38.929Z","etag":null,"topics":["hashicorp","hashicorp-vault","php","php-framework","php-library","vault","vault-client"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/technicalguru.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-05-22T13:47:47.000Z","updated_at":"2024-09-11T08:51:00.000Z","dependencies_parsed_at":"2022-08-18T23:12:13.606Z","dependency_job_id":null,"html_url":"https://github.com/technicalguru/php-vault","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/technicalguru%2Fphp-vault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/technicalguru%2Fphp-vault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/technicalguru%2Fphp-vault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/technicalguru%2Fphp-vault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/technicalguru","download_url":"https://codeload.github.com/technicalguru/php-vault/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244570545,"owners_count":20474090,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hashicorp","hashicorp-vault","php","php-framework","php-library","vault","vault-client"],"created_at":"2024-10-27T21:39:58.364Z","updated_at":"2025-03-20T07:30:38.982Z","avatar_url":"https://github.com/technicalguru.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# technicalguru/php-vault\nA flexible PHP-based vault to provide secrets dynamically\n\n# License\nThis project is licensed under [GNU LGPL 3.0](LICENSE.md). \n\n# Installation\n\n## By Composer\n\n```sh\ncomposer install technicalguru/vault\n```\n\n## By Package Download\nYou can download the source code packages from [GitHub Release Page](https://github.com/technicalguru/php-vault/releases)\n\n# Hashicorp Setup\nThe procedure is best described at [Hashicorp Blog](https://www.hashicorp.com/blog/authenticating-applications-with-vault-approle). It describes\nhow to create an `approle`. Here is the essence of it:\n\n```sh\n# Enable the auth method for approle\nvault auth enable approle\n\n# Create a renewal policy\necho 'path \"auth/token/*\" { capabilities = [ \"create\", \"read\", \"update\", \"delete\", \"list\", \"sudo\" ] }' \u003erenewal-policy.hcl\nvault policy write renewal-policy renewal-policy.hcl\n\n# Create a file with your policy on the respective secret path:\ncat 'path \"secret/my-secret\" { capabilities = [\"read\", \"list\"] }' \u003eapp-policy.hcl\n\n# Create the policy\nvault policy write my-app-policy app-policy.hcl\n\n# Create the approle with renewal-policy and your application policy\nvault write auth/approle/role/my-approle token_policies=renewal-policy,my-app-policy token_period=30m token_ttl=30m token_max_ttl=1h token_explicit_max_ttl=2h\n\n# Get the role ID printed\nvault read auth/approle/role/my-approle/role-id\n\n# Create the secret ID and print it\nvault write -f auth/approle/role/my-approle/secret-id\n```\n\nPlease notice that you need to recreate the secret ID whenever you change the application role or a policy.\n\n# Examples\n## Create a HashicorpVault\nPlease note that this vault is actually a client to an existing Hashicorp Vault.\n\n```php\n// Create configuration\n$config = array(\n\t'type'   =\u003e 'hashicorp',\n\t'config' =\u003e array(\n\t\t'uri'      =\u003e 'https://127.0.0.1:8200/v1',\n\t\t'roleId'   =\u003e '123456-12345-12345-123456',\n\t\t'secretId' =\u003e 'abcdef-abcde-abcde-abcdef'\n\t)\n);\n\n// Create the vault instance\ntry {\n\t$vault = \\TgVault\\VaultFactory::create($config);\n} catch (\\TgVault\\VaultException $e) {\n\t// Vault could not be created\n}\n\n```\n\n## Create a MemoryVault\n\n```php\n// Create configuration\n$config = array(\n\t'type'   =\u003e 'memory',\n\t'config' =\u003e array(\n\t\t'secrets' =\u003e array(\n\t\t\t'my/secret/number/1' =\u003e array(\n\t\t\t\t'username' =\u003e 'my-username1',\n\t\t\t\t'password' =\u003e 'my-password1',\n\t\t\t),\n\t\t\t'my/secret/number/2' =\u003e array(\n\t\t\t\t'username' =\u003e 'my-username2',\n\t\t\t\t'password' =\u003e 'my-password2',\n\t\t\t),\n\t\t)\n\t)\n);\n\n// Create the vault instance\ntry {\n\t$vault = \\TgVault\\VaultFactory::create($config);\n} catch (\\TgVault\\VaultException $e) {\n\t// Vault could not be created\n}\n```\n\n## Create a FileVault\n\n```php\n// Create configuration\n$config = array(\n\t'type'   =\u003e 'file',\n\t'config' =\u003e array(\n\t\t'filename' =\u003e 'path-to-json-secret-file'\n\t)\n);\n\n// Create the vault instance\ntry {\n\t$vault = \\TgVault\\VaultFactory::create($config);\n} catch (\\TgVault\\VaultException $e) {\n\t// Vault could not be created\n}\n```\n\nThe secrets file (JSON) shall look like this:\n\n```json\n{\n\t\"secrets\": {\n\t\t\"my/secret/number/1\" : {\n\t\t\t\"username\" : \"my-username1\",\n\t\t\t\"password\" : \"my-password1\"\n\t\t},\n\t\t\"my/secret/number/2\" : {\n\t\t\t\"username\" : \"my-username2\",\n\t\t\t\"password\" : \"my-password2\"\n\t\t}\n\t}\n}\n```\n\n## Retrieving a secret\n\n```php\ntry {\n\t$mySecret1 = $vault-\u003egetSecret('my/secret/number/1');\n\t$mySecret2 = $vault-\u003egetSecret('my/secret/number/2');\n} catch (\\TgVault\\VaultException $e) {\n\t// secret was not found\n}\n\n$username1 = $mySecret1-\u003eget('username');\n$password1 = $mySecret1-\u003eget('password');\n$username2 = $mySecret2-\u003eget('username');\n$password2 = $mySecret2-\u003eget('password');\n```\n\nA value in a secret is `NULL` when the key does not exists whereas an exception will be thrown when the secret itself cannot be found\nor an error occurred while retrieval.\n\n## Using lazy callback credentials\nYou can use the `SecretProvider` or `CredentialsProvider` helper classes to pass them credentials without knowing where they come from\nor how to use a vault.\n\n```php\n$callback1 = new \\TgVault\\SecretProvider($vault, 'my/secret/number/1');\n$callback2 = new \\TgVault\\CredentialsProvider($vault, 'my/secret/number/2');\n\ntry {\n\t$username1 = $callback1-\u003eget('username');\n\t$password1 = $callback1-\u003eget('password');\n\n\t$username2 = $callback2-\u003egetUsername();\n\t$password2 = $callback2-\u003egetPassword();\n} catch (\\TgVault\\VaultException $e) {\n\t// Secret cannot be retrieved or does not exist\n}\n```\n\nThe `CredentialsProvider` takes additional constructor arguments that define, which keys in the secret provide username and password. The \ndefaults are as given above for the `SecretProvider`.\n\n\n# Contribution\nReport a bug, request an enhancement or pull request at the [GitHub Issue Tracker](https://github.com/technicalguru/php-vault/issues).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechnicalguru%2Fphp-vault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftechnicalguru%2Fphp-vault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechnicalguru%2Fphp-vault/lists"}