cleaniquecoders / token-vault
A secure and extensible token manager for Laravel, designed to store, encrypt, and validate tokens or API keys from services like GitHub, GitLab, etc.
Fund package maintenance!
CleaniqueCoders
Requires
- php: ^8.4
- cleaniquecoders/traitify: ^1.1
- illuminate/contracts: ^10.0||^11.0||^12.0
- spatie/laravel-package-tools: ^1.16
Requires (Dev)
- larastan/larastan: ^2.9||^3.0
- laravel/pint: ^1.14
- nunomaduro/collision: ^8.1.1||^7.10.0
- orchestra/testbench: ^10.4
- pestphp/pest: ^3.0
- pestphp/pest-plugin-arch: ^3.0
- pestphp/pest-plugin-laravel: ^3.0
- phpstan/extension-installer: ^1.3||^2.0
- phpstan/phpstan-deprecation-rules: ^1.1||^2.0
- phpstan/phpstan-phpunit: ^1.3||^2.0
README
A secure and extensible token manager for Laravel, designed to store, encrypt, and decrypt tokens or API keys. This is useful when you are building an application that require to store sensitive information.
Installation
You can install the package via composer:
composer require cleaniquecoders/token-vault
You can publish and run the migrations with:
php artisan vendor:publish --tag="token-vault-migrations"
php artisan migrate
You can publish the config file with:
php artisan vendor:publish --tag="token-vault-config"
Hereβs the updated Usage guide for your TokenVault package, incorporating the Provider enum and clarifying token types:
β Usage
𧩠Setup Model
To allow a model (e.g. User) to have tokens:
use CleaniqueCoders\TokenVault\Traits\InteractsWithTokenVault; class User extends Authenticatable { use InteractsWithTokenVault; }
π Storing a Token
use CleaniqueCoders\TokenVault\Enums\Provider; $user = User::find(1); $user->tokens()->create([ 'provider' => Provider::GitHub, // enum usage 'type' => 'access_token', // e.g., access_token, refresh_token 'token' => 'ghp_xxxx', // will be encrypted automatically 'meta' => ['note' => 'GitHub Deploy Token'], 'expires_at' => now()->addDays(30), ]);
π Decrypting a Token (when needed)
$token = $user->tokens()->first(); $plainToken = $token->getDecryptedToken();
β οΈ Only use this when absolutely necessary β avoid exposing raw tokens.
ποΈ Token Masking (Safe Display)
$token->getMaskedToken(); // e.g., "ghp_****abcd"
Use this for logs, audit trails, or safe UI display.
π Retrieve Tokens by Provider
use CleaniqueCoders\TokenVault\Enums\Provider; $githubToken = $user->tokens() ->where('provider', Provider::GitHub) ->latest() ->first();
π§Ή Cleaning Expired Tokens
$user->tokens() ->where('expires_at', '<', now()) ->delete();
Encryption Drivers (Optional)
To use a custom encryption method:
'token-vault.encryptor' => \App\Drivers\OpenSslEncryptor::class,
And the class need to implements the \CleaniqueCoders\TokenVault\Contracts\Encryptor interface.
Testing
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.