itk-dev/azure-key-vault-php

Azure key vault php library

1.0.0 2021-02-08 11:39 UTC

This package is auto-updated.

Last update: 2022-05-15 09:24:56 UTC


README

This is a php library to access certificates and secrets stored in Azure key vault through their rest API.

See https://docs.microsoft.com/en-gb/azure/key-vault/general/

Installation

Add the github repository to your composer.json.

"repositories": {
    "itk-dev/azure-key-vault-php": {
        "type": "vcs",
        "url": "https://github.com/itk-dev/AzureKeyVaultPhp"
    }
},

Use composer to install the library.

composer require itk-dev/azure-key-vault-php": "dev-master"

Usage

<?php

$autoloader = require_once 'vendor/autoload.php';

use Itkdev\AzureKeyVault\Authorisation\VaultToken;
use Itkdev\AzureKeyVault\KeyVault\VaultCertificate;
use Itkdev\AzureKeyVault\KeyVault\VaultSecret;

// The VaultToken class requires a PSR-18 compatible http client and a PSR-17 compatible request factory.
$vaultToken = new VaultToken($httpClient, $requestFactory);

// Requires that you have an tenant if, client id and client secret.
$token = $vaultToken->getToken(
    'xxxx',
    'yyyy',
    'zzzz'
);    

// Certificates
// This requires a PSR-18 compatible http client and a PSR-17 compatible request factory.
// Get vault with the name 'testVault' using the access token.
$vault = new VaultCertificate($httpClient, $requestFactory, 'testVault', $token->getAccessToken());

$cert = $vault->getCertificate('TestCert', '8cb726a7bd52460a96a5496672562df0');
echo $cert->getCert();

// Secrets
// This requires a PSR-18 compatible http client and a PSR-17 compatible request factory.
// Get vault with the name 'testVault' using the access token.
$vault = new VaultSecret($httpClient, $requestFactory, 'testVault', $token->getAccessToken());

$secret = $vault->getSecret('TestCert', '8cb726a7bd52460a96a5496672562df0');
echo $secret->getValue();

Storing certificates in the vault

You may have to rename your .p12 file to .pfx before being able to upload to the Azure Key Vault.

Removing passphrase from PKCS12 certificates

If you don't want to have a passphrase on the certificate stored in the Azure Key Vault, you can use the following command to remove the passphrase:

openssl pkcs12 -in certificate.p12 -nodes | openssl pkcs12 -export -out certificate.passwordless.pfx