elixis-group / gcp-secret-manager-bundle
Use GCP Secrets as service container parameters in Symfony, and provided provider class to access secrets value.
Installs: 417
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 3
Forks: 0
Open Issues: 0
Type:symfony-bundle
Requires
- php: >=7.4
- google/apiclient: ^2.15
- google/cloud-secret-manager: ^1.12
- phpunit/phpunit: ^9.6
- symfony/dependency-injection: ^5.4|^6.0|^6.4
- symfony/flex: ^2.4
- symfony/yaml: ^5.4|^6.0|^6.4
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.3
- phpstan/phpstan: ^1.2
- symfony/framework-bundle: ^5.4|^6.0|^6.4
- symfony/phpunit-bridge: ^5.4|^6.0|^6.4
This package is auto-updated.
Last update: 2024-04-05 10:41:48 UTC
README
Version 2.0.2 Created 2021/08/12 Last Update 2023/12/05
Use GCP Secrets as service container parameters in Symfony, and provided provider class to access secrets value.
Prerequisites
Configure Secret Manager in your project Google Cloud, see following article who explain how create and configure Google Secret Manager https://cloud.google.com/secret-manager/docs/configuring-secret-manager.
Warning in local dev environment, you need create a service account to set global var GOOGLE_APPLICATION_CREDENTIALS. See https://cloud.google.com/iam/docs/service-accounts#user-managed.
Installation
Warning ! Befor install bundle, a minimal configuration is required. Google Secret Manager need a global var GOOGLE_APPLICATION_CREDENTIALS.
Create file config/packages/gcp_secret_manager.yaml and add the following.
#config/packages/gcp_secret_manager.yaml
gcp_secret_manager:
secret_manager_client_config:
keyfilepath: '%kernel.project_dir%/google_application_credentials.json' # Google Credentials path
$ composer require gcp-secret-manager-bundle
Activating GCP Secret Manager Bundle.
#config/bundles.php
ElixisGroup\GcpSecretManagerBundle\GcpSecretManagerBundle::class => ['all' => true],
Configuration
By default, configuration for this bundle is loaded from config/packages/gcp_secret_manager.yaml file or its environment specific.
The following configuration properties are available:
#config/packages/gcp_secret_manager.yaml
gcp_secret_manager:
secret_manager_client_config:
project_id: 'projectId' # Google Cloud project id
keyfilepath: '%kernel.project_dir%/google_application_credentials.json' # Google Credentials path
delimiter: ':' # Delimiter to separate secret name from secret version
ignore: false # Pass through GCP Secret Manager (if you don't use set to "true").
Default usage
Set an env var to an AWS Secret Manager Secret name and Secret version separate by the separator define in config or the default one, like so:
#.env
SECRET_ENV_VAR=SECRET_NAME:SECRET_VERSION
Set a parameter to this environment variable with the gcp processor:
#config/services.yaml
parameters:
secret_env_var: '%env(gcp:SECRET_ENV_VAR)%'
Service Container Usage
A standalone service container is also available if you don't want use a service container parameters.
#Controller/AcmeController.php
use ElixisGroup\GcpSecretManagerBundle\Provider\GcpSecretManagerProvider;
class AcmeController extends AbstractController
{
public function index(GcpSecretManagerProvider $secretProvider){
$secretValue = $secretProvider->get('SECRET_NAME', SECRET_VERSION);
}
}