README

Get your .env from remote (HaspiCorp Vault) on deploy

Warning! This is very beginning alpha version without usable realise. Not recommended for using now

Quickstart

Install

composer require freebuu/laravel-vault
php artisan vendor:publish --tag=config --provider="FreeBuu\LaravelVault\LaravelVaultServiceProvider"

Configure

Add patches from Vault and variables to secrets in vault.php

'vars' => [
    'patches' => [
        '/secret/database/{env}'
    ],
    'patch_variables' => [
        'env' => 'production',
    ],
  ]

Override credentials

Make vault.json file with Vault options - structure MUST be same as vault.php

You can override here ALL options from vault.php

{
  "connections": {
    "vault": {
      "host": "http://vault",
      "role_id": "your_secret_id",
      "secret_id": "your_secret_id"
    }
  }
}

Use

base64 -w 0 vault.json | php artisan vault:get --stdin --b64

If all OK (credentials is actual and have access to secret patches), you see merged values from all patches:

+---------+------------+
| Key     | Value      |
+---------+------------+
| secret1 | value1     |
| secret2 | value2     |
+---------+------------+

• For save this in .env - add option --output=currentEnv
• For save this in .env.next - add option --output=nextEnv

Use in CI

Here is a shorthand command special from CI

• On runner, obtain a token docs
• Obtain .env with that token

php artisan vault:ci s.JYVfe67632rRDtyf --app=my_project --env=production

• s.JYVfe67632rRDtyf - Vault one-time token
• my_project - App name, set the 'app' patch variable. Optional.
• production - App env, set the 'env' patch variable. Optional.