starburst / encrypted-config-loader
Expanded config loader for stefna/config
dev-main
2025-10-02 17:08 UTC
Requires
- php: ^8.2
- paragonie/halite: ^5
- psr/container: ^2.0
- stefna/config: ^1.0
Requires (Dev)
- bnf/phpstan-psr-container: ^1.0
- circli/console: ^1.0
- phpstan/extension-installer: ^1.2
- phpstan/phpstan: ^2.0
- phpstan/phpstan-phpunit: ^2.0
- phpunit/phpunit: ^11.0
- squizlabs/php_codesniffer: ^3.0
- stefna/codestyle: ^1.15
This package is auto-updated.
Last update: 2025-10-02 17:09:01 UTC
README
Load encrypted config files with support for key rotation
Requirements
PHP 8.2 or higher.
Installation
composer require starburst/encrypted-config-loader
Setup cli commands
The package provides 4 cli commands that can be used to make it easier to work with the secrets.
config:decrypt
config:encrypt
config:generate-secret
config:rotate-secrets
Setup in starburst
It's on purpose that we don't provide a default Bootloader
for these since most project should add their own logic
for key resolving and key rotating
So you need to write your own Bootloader
but here is a basic example:
class EncryptionConfigCliBootloader implements \Starburst\Contracts\Bootloader, \Starburst\Contracts\Extensions\CliCommandProvider, \Starburst\Contracts\Extensions\DefinitionProvider { public function createDefinitionSource(): \Stefna\DependencyInjection\Definition\DefinitionSource { return new \Stefna\DependencyInjection\Definition\DefinitionArray([ \Starburst\EncryptedConfigLoader\KeyResolver::class => fn () => new \Starburst\EncryptedConfigLoader\FileKeyResolver(), // if you store the key in an external system you need to write your own KeyResolver. This can also be used to provide a default key for the cli commands \Starburst\EncryptedConfigLoader\KeyLoader::class => fn () => new KeyCollection(), // if you have multiple keys \ParagonIE\Halite\Symmetric\EncryptionKey::class => fn () => \ParagonIE\Halite\KeyFactory::loadEncryptionKey('path to encryption key'), // if you only have one key this is the way to go \Starburst\EncryptedConfigLoader\Crypto::class => fn (\Psr\Container\ContainerInterface $c) => new \Starburst\EncryptedConfigLoader\DefaultCrypto( $c->get(\Starburst\EncryptedConfigLoader\KeyLoader::class), $c->get(\ParagonIE\Halite\Symmetric\EncryptionKey::class), ), ]); } }
Contribute
We are always happy to receive bug/security reports and bug/security fixes
License
The MIT License (MIT). Please see License File for more information.