tavsec / kubeseal-php
PHP wrapper for Kubeseal executable
Requires
- php: ^8.2|^8.1|^8.0
- symfony/process: ^6.3
Requires (Dev)
- phpunit/phpunit: ^10
This package is auto-updated.
Last update: 2024-11-05 13:52:20 UTC
README
kubeseal-php
is a PHP wrapper for sealed-secrets kubeseal
executable
that allows you to encrypt your Kubernetes secrets using a public key in PHP.
Requirements
- PHP >= 8.1
kubeseal
executable- sealed secrets public key* OR
kubeseal
executable connected to Kubernetes cluster
* public key can be fetched by running kubeseal --fetch-cert > kubeseal_cert.pem
Installation
This package can be installed on any PHP version >= 8.1 using composer.
composer require tavsec/kubeseal-php
Usage
Currently, kubeseal-php
supports raw encryption of secrets using kubeseal
executable. This means that the secret values can be encrypted
one by one, and the resulting encrypted values can be used in Kubernetes (sealed secrets) manifests.
In the future releases we might support encrypting the whole secret at once, using multiple values, and producing the full manifest.
All 3 encryption scopes are supported: strict
, cluster-wide
and namespace-wide
.
use Tavsec\KubesealPhp\Kubeseal; $kubeseal = new Kubeseal(); $kubeseal->setKubesealPath("/usr/bin/kubeseal"); // Required only if you don't have kubeseal connected to Kubernetes cluster $kubeseal->setCertificatePath("kubeseal_cert.pem"); // Encrypt using strict scope $sealedValue = $kubeseal->encryptRaw( data: "my-secret-value", scope: Kubeseal::SCOPE_STRICT, secretName: "secret-name", namespace: "namespace" ); // Encrypt using namespace-wide scope $sealedValue = $kubeseal->encryptRaw( data: "my-secret-value", scope: Kubeseal::SCOPE_NAMESPACE, namespace: "namespace" ); // Encrypt using cluster-wide scope $sealedValue = $kubeseal->encryptRaw( data: "my-secret-value", scope: Kubeseal::SCOPE_CLUSTER ); echo $sealedValue; // #Ag...