kidfund/thin-transit-client

Lightweight PHP wrapper around Hashicorp Vault Transit

Maintainers

Details

github.com/Kidfund/ThinTransitClient

Homepage

Source

Issues

Installs: 22

Dependents: 1

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 1

Open Issues: 1

1.0.0 2018-12-14 14:36 UTC

Requires

Requires (Dev)

MIT b2eec7b61eeb684c802e4188deed18c514ec92e2

vaulthashicorpkidfundthin-transit-client

This package is auto-updated.

Last update: 2024-04-11 13:38:22 UTC

README

Latest Version on Packagist Software License Build Status StyleCI Total Downloads

What this is

A very thin PHP wrapper around Hashicorp Vault's Transit Engine

What this isn't

Unfortunatly, this isn't a full fledged vault client. When I started writing LaraVault, these clients didn't exist yet. This client is the bare minimum need to communicate with Transit. Ideally, LaraVault would deprecate the need for this and use one of those clients

Install

Via Composer

$ composer require kidfund/thin-transit-client

Usage

Setup

You'll need to store the address of your vault server and the currently available token somewhere. This is the token setup we use with LaraVault

path "transit/decrypt/*" {
  capabilities = ["create", "update"]
}

path "transit/encrypt/*" {
  capabilities = ["create", "update"]
}

If we were using the TransitClient in a Laravel Service Providor, we could do something like this

/**
 * @return TransitClient|null
 * @throws Exception
 */
protected function getTransitClient()
{
    $enabled = config('vault.enabled');

    if (!$enabled) {
        return null;
    }

    $vaultAddr = config('vault.addr');
    $vaultToken = config('vault.token');

    if ($vaultToken === null || $vaultToken === 'none') {
        throw new Exception('Vault token must be configured');
    }

    $client = new TransitClient($vaultAddr, $vaultToken);

    return $client;
}

/**
 * @return void
 */
public function register()
{
    $this->app->singleton(TransitClient::class, function () {
        return $this->getTransitClient();
    });
}

Encrypting

$encrypted = $client->encrypt($key, $plaintext);

You can also pass a context

$encrypted = $client->encrypt($key, $plaintext, $context);

Decrypting

$plaintext = $client->decrypt($key, $cipherText,);

You can also pass a context

$plaintext = $client->decrypt($key, $cipherText, $context);

Testing

$ ./vendor/bin/phpunit

Contributing

Please see CONTRIBUTING and CONDUCT for details.

Credits

License

The MIT License (MIT). Please see License File for more information.