Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/os2web/os2web_key


https://github.com/os2web/os2web_key

Last synced: about 1 month ago
JSON representation

Awesome Lists containing this project

README 

        
# OS2Web key



Key types and providers for OS2Web built on the [Key module](https://www.drupal.org/project/key).



The OS2Web key module provides two _key types_, [Certificate](#certificate) and [OpenID Connect

(OIDC)](#openid-connect-oidc). Two _key providers_, [Azure Key Vault](#azure-key-vault) and [Infisical](#infisical), are

planned, but not yet implemented.



See [the Key Developer Guide](https://www.drupal.org/docs/contributed-modules/key/developer-guide) for details in how to

use keys in Drupal.



## Installation



``` shell

composer require os2web/os2web_key

drush pm:install os2web_key

```



Keys are managed on `/admin/config/system/keys`.



## Key types



### Certificate



This key type handles [PKCS 12](https://en.wikipedia.org/wiki/PKCS_12) or [Privacy-Enhanced Mail

(PEM)](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail) certificate with an optional password (passphrase).



Managing the key:



!["Certificate" key type form](docs/assets/key-type-certificate.png)



Use in a form:



``` php

$form['key'] => [

 '#type' => 'key_select',

 '#key_filters' => [

   'type' => 'os2web_key_certificate',

 ],

];

```



The [`KeyHelper`](https://github.com/OS2web/os2web_key/blob/main/src/KeyHelper.php) can be used to get

the actual certificates (parts):



``` php

getKey('my_key');

[

  // Passwordless certificate.

  CertificateKeyType::CERT => $certificate,

  CertificateKeyType::PKEY => $privateKey,

] = $helper->getCertificates($key);



```



**Note**: The parsed certificate has no password.



### OpenID Connect (OIDC)



Managing the key:



!["OpenID Connect (OIDC)" key type form](docs/assets/key-type-oidc.png)



Example use in a form:



``` php

$form['key'] => [

 '#type' => 'key_select',

 '#key_filters' => [

   'type' => 'os2web_key_oidc,

 ],

];

```



Get the OIDC config:



``` php

getKey('openid_connect_ad');

[

  OidcKeyType::DISCOVERY_URL => $discoveryUrl,

  OidcKeyType::CLIENT_ID => $clientId,

  OidcKeyType::CLIENT_SECRET => $clientSecret,

] = $helper->getOidcValues($key);

```



## Providers



### Azure Key Vault



`@todo` 



### Infisical



`@todo` 



## Coding standards



Our coding are checked by GitHub Actions (cf. [.github/workflows/pr.yml](.github/workflows/pr.yml)). Use the commands

below to run the checks locally.



### PHP



```shell

docker run --rm --volume ${PWD}:/app --workdir /app itkdev/php8.1-fpm composer install

# Fix (some) coding standards issues

docker run --rm --volume ${PWD}:/app --workdir /app itkdev/php8.1-fpm composer coding-standards-apply

# Check that code adheres to the coding standards

docker run --rm --volume ${PWD}:/app --workdir /app itkdev/php8.1-fpm composer coding-standards-check

```



### Markdown



```shell

docker run --rm --volume $PWD:/md peterdavehello/markdownlint markdownlint --ignore vendor --ignore LICENSE.md '**/*.md' --fix

docker run --rm --volume $PWD:/md peterdavehello/markdownlint markdownlint --ignore vendor --ignore LICENSE.md '**/*.md'

```



## Code analysis



We use [PHPStan](https://phpstan.org/) for static code analysis.



Running statis code analysis on a standalone Drupal module is a bit tricky, so we use a helper script to run the

analysis:



```shell

docker run --rm --volume ${PWD}:/app --workdir /app itkdev/php8.1-fpm ./scripts/code-analysis

```