juniorfontenele / laravel-vault-client
A vault client for Laravel vault server.
Fund package maintenance!
juniorfontenele
Requires
- php: ^8.3
- illuminate/support: ^12
- juniorfontenele/laravel-secure-jwt: ^1.0
Requires (Dev)
- driftingly/rector-laravel: ^2.0
- fakerphp/faker: ^1.24
- larastan/larastan: ^3.3
- laravel/framework: ^12
- laravel/pint: ^1.21
- laravel/tinker: ^2.10
- nunomaduro/collision: ^8.8
- orchestra/testbench: ^10.1
- pestphp/pest: ^3.8
- pestphp/pest-plugin-arch: ^3.1
- pestphp/pest-plugin-laravel: ^3.1
- phpseclib/phpseclib: ^3.0
- phpstan/extension-installer: ^1.4
- phpstan/phpstan-deprecation-rules: ^2.0
- phpstan/phpstan-phpunit: ^2.0
- rector/rector: ^2.0
- spatie/laravel-ray: ^1.40
- spatie/ray: ^1.41
This package is auto-updated.
Last update: 2025-06-06 11:41:25 UTC
README
Laravel Vault Client is a client for Laravel Vault Server provided by juniorfontenele/laravel-vault-server package for secure key management, key rotation, JWT signing/validation, and secure user hash storage.
Installation
Install via composer:
composer require juniorfontenele/laravel-vault-client
Publish and run the migrations:
php artisan vault:install
Artisan Commands
php artisan vault:install— Publish and run the migrations.php artisan vault:provision {token}— Provision the client in Vault using the provision token.php artisan vault:rotate— Rotate the client's private key.
Usage Examples
Rotate Private Key
use JuniorFontenele\LaravelVaultClient\Facades\VaultClient; $newKey = VaultClient::rotateKey();
Get Public Key by Key ID
use JuniorFontenele\LaravelVaultClient\Facades\VaultClient; $publicKey = VaultClient::getPublicKey($kid);
Get User Hash
use JuniorFontenele\LaravelVaultClient\Facades\VaultClient; $hash = VaultClient::getHashForUser($userId);
Store User Password (hash will be generated)
use JuniorFontenele\LaravelVaultClient\Facades\VaultClient; VaultClient::storePasswordForUser($userId, $password);
Store User Hash (provide your own hash)
use JuniorFontenele\LaravelVaultClient\Facades\VaultClient; VaultClient::storeHashForUser($userId, $hash);
Delete User Hash
use JuniorFontenele\LaravelVaultClient\Facades\VaultClient; VaultClient::deleteHashForUser($userId);
Protecting Routes with JWT Middleware
You can protect your routes using the vault.jwt middleware:
use Illuminate\Support\Facades\Route; Route::middleware(['vault.jwt'])->group(function () { // Your protected routes here });
You may also pass scopes as optional parameters to the middleware:
Route::middleware(['vault.jwt:admin'])->get('/admin', ...);
Configuration
The configuration file config/vault.php will be published with all required options, such as client_id, url, issuer, TTLs, etc.
Testing
composer test
Credits
License
The MIT License (MIT). See License File for more information.