kebacorp/vaultsecret

The extension allows to load the Vault secrets from json files and get them

Installs: 6 801

Dependents: 0

Suggesters: 0

Security: 0

Stars: 5

Watchers: 2

Forks: 1

Open Issues: 1

Type:extension

v2.0.4 2024-07-22 09:03 UTC

This package is auto-updated.

Last update: 2024-12-22 10:09:38 UTC


README

VaultSecret


The extension allows to LOAD the Vault secrets from Vault service or from json files and GET them.

For license information check the LICENSE-file.

Total Downloads Latest Stable Version License

Requirements:

  • PHP 5.3 and higher.

Installation:

The preferred way to install this extension is through composer.

Either run

php composer.phar require --prefer-dist kebacorp/vaultsecret

or add

"kebacorp/vaultsecret": "*"

to the require section of your composer.json.

Usage

Get secret from file that contains json string:

<?php

use KebaCorp\VaultSecret\VaultSecret;

// Get secret from file that contains json string
VaultSecret::getSecret('SECRET_KEY', 'path/secret.json');

Get secret from Vault service by KV2:

<?php

use KebaCorp\VaultSecret\VaultSecret;
use KebaCorp\VaultSecret\VaultSecretParams;

// Set params
$vaultSecretParams = new VaultSecretParams();
$vaultSecretParams->setToken('vaultToken');
VaultSecret::setParams($vaultSecretParams);

// Get secret from Vault service
VaultSecret::getSecret('SECRET_KEY', 'http://localhost:8200/v1/kv2/data/secretName');

Get secret from Vault service by KV1:

<?php

use KebaCorp\VaultSecret\template\TemplateCreator;
use KebaCorp\VaultSecret\VaultSecret;
use KebaCorp\VaultSecret\VaultSecretParams;

// Set params
$vaultSecretParams = new VaultSecretParams();
$vaultSecretParams->setToken('vaultToken');
VaultSecret::setParams($vaultSecretParams);

// Get secret from Vault service
VaultSecret::getSecret(
    'SECRET_KEY',
    'http://localhost:8200/v1/kv2/data/secretName',
    null,
    TemplateCreator::TEMPLATE_KV1
);

Params

Set Vault token:

<?php

use KebaCorp\VaultSecret\VaultSecret;
use KebaCorp\VaultSecret\VaultSecretParams;

$vaultSecretParams = new VaultSecretParams();
$vaultSecretParams->setToken('vaultToken');
VaultSecret::setParams($vaultSecretParams);

Enable Vault secrets template json file creation:

<?php

use KebaCorp\VaultSecret\VaultSecret;
use KebaCorp\VaultSecret\VaultSecretParams;

$vaultSecretParams = new VaultSecretParams();
$vaultSecretParams->setIsSaveTemplate(true); // Not necessary
$vaultSecretParams->setSaveTemplateFilename(__DIR__ . '/jsonTemplates/template'); // Not necessary
VaultSecret::setParams($vaultSecretParams);

Disable Vault secrets template json file creation:

<?php

use KebaCorp\VaultSecret\VaultSecret;
use KebaCorp\VaultSecret\VaultSecretParams;

$vaultSecretParams = new VaultSecretParams();
$vaultSecretParams->setIsSaveTemplate(false);
VaultSecret::setParams($vaultSecretParams);

Set default Vault source to secrets:

This may be a link to the Vault service. For example: 'http://localhost:8200/v1/kv2/data/secretName'

<?php

use KebaCorp\VaultSecret\VaultSecret;
use KebaCorp\VaultSecret\VaultSecretParams;

$vaultSecretParams = new VaultSecretParams();
$vaultSecretParams->setSource('http://localhost:8200/v1/kv2/data/secretName');
VaultSecret::setParams($vaultSecretParams);

Or it could be the path to the json file. For example: 'path/secret.json'

<?php

use KebaCorp\VaultSecret\VaultSecret;
use KebaCorp\VaultSecret\VaultSecretParams;

$vaultSecretParams = new VaultSecretParams();
$vaultSecretParams->setSource('path/secret.json');
VaultSecret::setParams($vaultSecretParams);

Set your own cache object:

You can use any cache inherited from the class that implements CacheInterface.

SecretHybridCache is used by default.

There is also a SecretMemoryCache that stores data in RAM, but it is stored only during client connection. So each time they require load data from a source of secrets.

<?php

use KebaCorp\VaultSecret\SecretMemoryCache;
use KebaCorp\VaultSecret\VaultSecret;
use KebaCorp\VaultSecret\VaultSecretParams;

// Use your cache object here
$myCacheObject = SecretMemoryCache::getInstance();

$vaultSecretParams = new VaultSecretParams();
$vaultSecretParams->setCache($myCacheObject);
VaultSecret::setParams($vaultSecretParams);