itk-dev/azure-key-vault-php

Azure key vault php library

Maintainers

Details

github.com/itk-dev/AzureKeyVaultPhp

Source

Issues

Installs: 11 831

Dependents: 1

Suggesters: 0

Security: 0

Stars: 0

Watchers: 4

Forks: 0

Open Issues: 0

1.0.0 2021-02-08 11:39 UTC

Requires

Requires (Dev)

MIT a8b6ec6abe85401aceedc73e484be7609052d592

  • Jesper Kristensen <itkdev.woop@mkb.aarhus.dk>

azurekey vault

This package is auto-updated.

Last update: 2024-04-15 13:31:02 UTC

README

This is a php library to access certificates and secrets stored in Azure key vault through their rest API.

See https://docs.microsoft.com/en-gb/azure/key-vault/general/

Installation

Add the github repository to your composer.json.

"repositories": {
    "itk-dev/azure-key-vault-php": {
        "type": "vcs",
        "url": "https://github.com/itk-dev/AzureKeyVaultPhp"
    }
},

Use composer to install the library.

composer require itk-dev/azure-key-vault-php": "dev-master"

Usage

<?php

$autoloader = require_once 'vendor/autoload.php';

use Itkdev\AzureKeyVault\Authorisation\VaultToken;
use Itkdev\AzureKeyVault\KeyVault\VaultCertificate;
use Itkdev\AzureKeyVault\KeyVault\VaultSecret;

// The VaultToken class requires a PSR-18 compatible http client and a PSR-17 compatible request factory.
$vaultToken = new VaultToken($httpClient, $requestFactory);

// Requires that you have an tenant if, client id and client secret.
$token = $vaultToken->getToken(
    'xxxx',
    'yyyy',
    'zzzz'
);    

// Certificates
// This requires a PSR-18 compatible http client and a PSR-17 compatible request factory.
// Get vault with the name 'testVault' using the access token.
$vault = new VaultCertificate($httpClient, $requestFactory, 'testVault', $token->getAccessToken());

$cert = $vault->getCertificate('TestCert', '8cb726a7bd52460a96a5496672562df0');
echo $cert->getCert();

// Secrets
// This requires a PSR-18 compatible http client and a PSR-17 compatible request factory.
// Get vault with the name 'testVault' using the access token.
$vault = new VaultSecret($httpClient, $requestFactory, 'testVault', $token->getAccessToken());

$secret = $vault->getSecret('TestCert', '8cb726a7bd52460a96a5496672562df0');
echo $secret->getValue();

Storing certificates in the vault

You may have to rename your .p12 file to .pfx before being able to upload to the Azure Key Vault.

Removing passphrase from PKCS12 certificates

If you don't want to have a passphrase on the certificate stored in the Azure Key Vault, you can use the following command to remove the passphrase:

openssl pkcs12 -in certificate.p12 -nodes | openssl pkcs12 -export -out certificate.passwordless.pfx