tavsec / kubeseal-php
PHP wrapper for Kubeseal executable
Requires
- php: ^8.2|^8.1|^8.0
- symfony/process: ^6.3
Requires (Dev)
- phpunit/phpunit: ^10
This package is auto-updated.
Last update: 2024-05-05 12:25:40 UTC
README
kubeseal-php is a PHP wrapper for sealed-secrets kubeseal executable
that allows you to encrypt your Kubernetes secrets using a public key in PHP.
Requirements
- PHP >= 8.1
kubesealexecutable- sealed secrets public key* OR
kubesealexecutable connected to Kubernetes cluster
* public key can be fetched by running kubeseal --fetch-cert > kubeseal_cert.pem
Installation
This package can be installed on any PHP version >= 8.1 using composer.
composer require tavsec/kubeseal-php
Usage
Currently, kubeseal-php supports raw encryption of secrets using kubeseal executable. This means that the secret values can be encrypted
one by one, and the resulting encrypted values can be used in Kubernetes (sealed secrets) manifests.
In the future releases we might support encrypting the whole secret at once, using multiple values, and producing the full manifest.
All 3 encryption scopes are supported: strict, cluster-wide and namespace-wide.
use Tavsec\KubesealPhp\Kubeseal; $kubeseal = new Kubeseal(); $kubeseal->setKubesealPath("/usr/bin/kubeseal"); // Required only if you don't have kubeseal connected to Kubernetes cluster $kubeseal->setCertificatePath("kubeseal_cert.pem"); // Encrypt using strict scope $sealedValue = $kubeseal->encryptRaw( data: "my-secret-value", scope: Kubeseal::SCOPE_STRICT, secretName: "secret-name", namespace: "namespace" ); // Encrypt using namespace-wide scope $sealedValue = $kubeseal->encryptRaw( data: "my-secret-value", scope: Kubeseal::SCOPE_NAMESPACE, namespace: "namespace" ); // Encrypt using cluster-wide scope $sealedValue = $kubeseal->encryptRaw( data: "my-secret-value", scope: Kubeseal::SCOPE_CLUSTER ); echo $sealedValue; // #Ag...