Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/itk-dev/vault-bundle


https://github.com/itk-dev/vault-bundle

Last synced: about 1 month ago
JSON representation

Awesome Lists containing this project

README 

          
# Vault Bundle



[![Github](https://img.shields.io/badge/source-itk--dev/vault--bundle-blue?style=flat-square)](https://github.com/itk-dev/vault-bundle)

[![Release](https://img.shields.io/packagist/v/itk-dev/vault-bundle.svg?style=flat-square&label=release)](https://packagist.org/packages/itk-dev/vault-bundle)

[![PHP Version](https://img.shields.io/packagist/php-v/itk-dev/vault-bundle.svg?style=flat-square&colorB=%238892BF)](https://www.php.net/downloads)

[![Build Status](https://img.shields.io/github/actions/workflow/status/itk-dev/vault-bundle/pr.yaml?label=CI&logo=github&style=flat-square)](https://github.com/itk-dev/vault-bundle/actions?query=workflow%3A%22Test+%26+Code+Style+Review%22)

[![Read License](https://img.shields.io/packagist/l/itk-dev/vault-bundle.svg?style=flat-square&colorB=darkcyan)](https://github.com/itk-dev/vault-bundle/blob/master/LICENSE.md)

[![Package downloads on Packagist](https://img.shields.io/packagist/dt/itk-dev/vault-bundle.svg?style=flat-square&colorB=darkmagenta)](https://packagist.org/packages/itk-dev/vault-bundle/stats)



This bundle enables Symfony sites to interact with HashiCorp Vault using the

"approle" authentication method. It allows fetching secrets and provides the

capability for local caching of both access tokens and the secrets themselves.



The bundle offers a services wrapper for the PHP

library [itk-dev/vault-library](https://github.com/itk-dev/vault-library).

Additionally, it includes an environment variable processor, enabling the

retrieval of secrets directly in `.env` files at runtime.



## Install



```shell

composer require itk-dev/vault-bundle --no-scripts

```



> [!NOTE]

> We use `--no-scripts` since the bundle config may not yet have been created.



### Setup



Create a configuration file at `config/packages/itkdev_vault.yaml` and add the

three referenced variables to `.env` with placeholder values. Then add the

actual values to `.env.local`.



```yaml

itkdev_vault:

  role_id: '%env(VAULT_ROLE_ID)%'

  secret_id: '%env(VAULT_SECRET_ID)%'

  url: '%env(VAULT_URL)%'

```



## Usage



Use the service by simply injecting the service named `Vault` from the

namespace `ItkDev\VaultBundle\Service`. Use the login function to fetch a token

and then use the acquired token in the `getSecret` or `getSecrets` functions.



To use the environment variable processor, use the following format to specify

what to retrieve from the vault:



```dotenv

MY_SECRET=::::

```



* __Path__: The secret engine path (e.g. prod, stg, test)

* __Secret__: Name of the secret in the engine (eg. itksites, dokk1)

* __Key__:  The secret key that should be fetched (eg. OIDC, pretix-api-key)

* __Version__: Optional, fetch a specific version of the secret.

* __Expire__: Optional, the number of seconds to cache the secret.



When the variable have been defined, the next step is to activate the processor

on the variable in `config/services.yaml` using the `vault` keyword.



```yaml

parameters:

  $myOtherSecret: '%env(vault:MY_OTHER_SECRET)%'



App\Command\TestCommand:

  arguments:

    $secret: '%env(vault:MY_SECRET)%'

```



## CLI support



This bundle also comes with two CLI commands to help debug configuration and to

check that you fetch the expected data from the vault. Use the `--help` option

to Symfony console to see the options available for the commands.



* `itkdev:vault:login`

* `itkdev:vault:secret`



## Developing



See details on contributing in the [contributing docs](/docs/CONTRIBUTING.md).