wapacro / az-keyvault-php
PHP Library to work with Azure KeyVault using managed identity
Installs: 32 596
Dependents: 0
Suggesters: 0
Security: 0
Stars: 18
Watchers: 1
Forks: 15
Open Issues: 9
Requires
- ext-gmp: *
- ext-json: *
- brick/math: ^0.9.1
- guzzlehttp/guzzle: ^7.0
- spatie/url: ^1.3
- web-token/jwt-core: ^2.0
Requires (Dev)
- ext-openssl: *
- friendsofphp/php-cs-fixer: ^2.16
- phpunit/phpunit: ^9.0
This package is auto-updated.
Last update: 2024-11-19 23:04:12 UTC
README
This library allows easy integration of Azure Key Vault in PHP applications.
Highlights
- Built-in managed identity support
Setup managed identities for your apps and centralise all secrets, keys and certificates in Azure Key Vault. Get secure access directly from your code without worrying about credentials. - Easy to use API
This library's API is simple and easy to understand. After some setup in Azure and a few lines of code you're good to go! - Works with Windows & Linux based App Service Plans and Virtual Machines
How to use
Get started in three simple steps!
- Add a system-assigned identity to your Azure App Service and assign permissions to your application to read & list secrets from Key Vault
- Install this package in your project
using Composer
composer require wapacro/az-keyvault-php
- Access your secrets & keys in Key Vault using the simple API:
<?php /** * Secrets */ $secret = new AzKeyVault\Secret('https://my-keyvault-dns.vault.azure.net'); // If you want to get all secrets (default max to 25): $secrets = $secret->getSecrets(); // ... else get next page via nextLink $secrets = $secret->getSecrets($secrets->getNextLink()); // If you want the latest secret $value = $secret->getSecret('mySecretName'); // If you want a specific secret version: $value = $secret->getSecret('mySecretName', '9fe63d32-5eb0-47f2-8ef8-version-id'); // ... otherwise get all versions of secret // with name "mySecretName" which are marked // as enabled and retrieve the first one $enabledSecretVersions = $secret->getSecretVersions('mySecretName')->enabled(); $firstEnabledVersion = reset($enabledSecretVersions); $value = $secret->getSecret($firstEnabledVersion); echo $value->secret; // prints: my super secret message // If you want to set secret or update secret with newer version: $value = $secret->setSecret('mySecretName', 'mySecretValue'); echo $value->secret; // prints: mySecretValue /** * Keys */ $key = new AzKeyVault\Key('https://my-keyvault-dns.vault.azure.net'); // Retrieve specific key version: $value = $key->getKey('myKeyName', 'j7d8rd32-5eb0-47f2-8ef8-version-id'); // ... or get all versions of a key // and retrieve the first one which // is enabled, just like with the // secrets above $enabledKeyVersions = $key->getKeyVersions('myKeyName')->enabled(); $firstEnabledVersion = reset($enabledKeyVersions); $value = $key->getKey($firstEnabledVersion); echo $value->type; // e.g. "RSA" echo $value->n; // prints base64 encoded RSA modulus // This library also provides some key utilities // to make retrieved keys work with the OpenSSL extension $pem = (new AzKeyVault\KeyUtil($value))->toPEM(); $keyDetails = openssl_pkey_get_details(openssl_pkey_get_private($pem)); var_dump($keyDetails);
Note: KeyUtil
supports RSA and EC keys
Planned features
- Accessing certificates