kebacorp / vaultsecret
The extension allows to load the Vault secrets from json files and get them
Installs: 6 801
Dependents: 0
Suggesters: 0
Security: 0
Stars: 5
Watchers: 2
Forks: 1
Open Issues: 1
Type:extension
Requires
- php: >=5.3
- ext-curl: *
- ext-json: *
- psr/simple-cache: *
README
VaultSecret
The extension allows to LOAD the Vault secrets from Vault service or from json files and GET them.
For license information check the LICENSE-file.
Requirements:
- PHP 5.3 and higher.
Installation:
The preferred way to install this extension is through composer.
Either run
php composer.phar require --prefer-dist kebacorp/vaultsecret
or add
"kebacorp/vaultsecret": "*"
to the require section of your composer.json.
Usage
Get secret from file that contains json string:
<?php use KebaCorp\VaultSecret\VaultSecret; // Get secret from file that contains json string VaultSecret::getSecret('SECRET_KEY', 'path/secret.json');
Get secret from Vault service by KV2:
<?php use KebaCorp\VaultSecret\VaultSecret; use KebaCorp\VaultSecret\VaultSecretParams; // Set params $vaultSecretParams = new VaultSecretParams(); $vaultSecretParams->setToken('vaultToken'); VaultSecret::setParams($vaultSecretParams); // Get secret from Vault service VaultSecret::getSecret('SECRET_KEY', 'http://localhost:8200/v1/kv2/data/secretName');
Get secret from Vault service by KV1:
<?php use KebaCorp\VaultSecret\template\TemplateCreator; use KebaCorp\VaultSecret\VaultSecret; use KebaCorp\VaultSecret\VaultSecretParams; // Set params $vaultSecretParams = new VaultSecretParams(); $vaultSecretParams->setToken('vaultToken'); VaultSecret::setParams($vaultSecretParams); // Get secret from Vault service VaultSecret::getSecret( 'SECRET_KEY', 'http://localhost:8200/v1/kv2/data/secretName', null, TemplateCreator::TEMPLATE_KV1 );
Params
Set Vault token:
<?php use KebaCorp\VaultSecret\VaultSecret; use KebaCorp\VaultSecret\VaultSecretParams; $vaultSecretParams = new VaultSecretParams(); $vaultSecretParams->setToken('vaultToken'); VaultSecret::setParams($vaultSecretParams);
Enable Vault secrets template json file creation:
<?php use KebaCorp\VaultSecret\VaultSecret; use KebaCorp\VaultSecret\VaultSecretParams; $vaultSecretParams = new VaultSecretParams(); $vaultSecretParams->setIsSaveTemplate(true); // Not necessary $vaultSecretParams->setSaveTemplateFilename(__DIR__ . '/jsonTemplates/template'); // Not necessary VaultSecret::setParams($vaultSecretParams);
Disable Vault secrets template json file creation:
<?php use KebaCorp\VaultSecret\VaultSecret; use KebaCorp\VaultSecret\VaultSecretParams; $vaultSecretParams = new VaultSecretParams(); $vaultSecretParams->setIsSaveTemplate(false); VaultSecret::setParams($vaultSecretParams);
Set default Vault source to secrets:
This may be a link to the Vault service. For example: 'http://localhost:8200/v1/kv2/data/secretName'
<?php use KebaCorp\VaultSecret\VaultSecret; use KebaCorp\VaultSecret\VaultSecretParams; $vaultSecretParams = new VaultSecretParams(); $vaultSecretParams->setSource('http://localhost:8200/v1/kv2/data/secretName'); VaultSecret::setParams($vaultSecretParams);
Or it could be the path to the json file. For example: 'path/secret.json'
<?php use KebaCorp\VaultSecret\VaultSecret; use KebaCorp\VaultSecret\VaultSecretParams; $vaultSecretParams = new VaultSecretParams(); $vaultSecretParams->setSource('path/secret.json'); VaultSecret::setParams($vaultSecretParams);
Set your own cache object:
You can use any cache inherited from the class that implements CacheInterface
.
SecretHybridCache
is used by default.
There is also a SecretMemoryCache
that stores data in RAM, but it is stored only during client connection.
So each time they require load data from a source of secrets.
<?php use KebaCorp\VaultSecret\SecretMemoryCache; use KebaCorp\VaultSecret\VaultSecret; use KebaCorp\VaultSecret\VaultSecretParams; // Use your cache object here $myCacheObject = SecretMemoryCache::getInstance(); $vaultSecretParams = new VaultSecretParams(); $vaultSecretParams->setCache($myCacheObject); VaultSecret::setParams($vaultSecretParams);