php vault下载php vault源代码下载

php vault

其他类别

v1.0.7

下载

TechnologyGuru/php-vault

一个灵活的基于PHP的金库，以动态提供秘密

执照

该项目根据GNU LGPL 3.0许可。

安装

由作曲家

composer install technicalguru/vault

通过包装下载

您可以从GitHub发布页面下载源代码软件包

Hashicorp设置

该过程最好在Hashicorp博客中描述。它描述了如何创建一个approle 。这是它的本质：

 # Enable the auth method for approle
vault auth enable approle

# Create a renewal policy
echo ' path "auth/token/*" { capabilities = [ "create", "read", "update", "delete", "list", "sudo" ] } ' > renewal-policy.hcl
vault policy write renewal-policy renewal-policy.hcl

# Create a file with your policy on the respective secret path:
cat ' path "secret/my-secret" { capabilities = ["read", "list"] } ' > app-policy.hcl

# Create the policy
vault policy write my-app-policy app-policy.hcl

# Create the approle with renewal-policy and your application policy
vault write auth/approle/role/my-approle token_policies=renewal-policy,my-app-policy token_period=30m token_ttl=30m token_max_ttl=1h token_explicit_max_ttl=2h

# Get the role ID printed
vault read auth/approle/role/my-approle/role-id

# Create the secret ID and print it
vault write -f auth/approle/role/my-approle/secret-id

请注意，每当您更改申请角色或策略时，都需要重新创建秘密ID。

例子

创建HashicorPvault

请注意，该保险库实际上是现有的Hashicorp库的客户端。

 // Create configuration
$ config = array (
	' type '   => ' hashicorp ' ,
	' config ' => array (
		' uri '      => ' https://127.0.0.1:8200/v1 ' ,
		' roleId '   => ' 123456-12345-12345-123456 ' ,
		' secretId ' => ' abcdef-abcde-abcde-abcdef '
	)
);

// Create the vault instance
try {
	$ vault =  TgVault VaultFactory:: create ( $ config );
} catch (  TgVault  VaultException $ e ) {
	// Vault could not be created
}

创建一个存储器

 // Create configuration
$ config = array (
	' type '   => ' memory ' ,
	' config ' => array (
		' secrets ' => array (
			' my/secret/number/1 ' => array (
				' username ' => ' my-username1 ' ,
				' password ' => ' my-password1 ' ,
			),
			' my/secret/number/2 ' => array (
				' username ' => ' my-username2 ' ,
				' password ' => ' my-password2 ' ,
			),
		)
	)
);

// Create the vault instance
try {
	$ vault =  TgVault VaultFactory:: create ( $ config );
} catch (  TgVault  VaultException $ e ) {
	// Vault could not be created
}

创建一个fileVault

 // Create configuration
$ config = array (
	' type '   => ' file ' ,
	' config ' => array (
		' filename ' => ' path-to-json-secret-file '
	)
);

// Create the vault instance
try {
	$ vault =  TgVault VaultFactory:: create ( $ config );
} catch (  TgVault  VaultException $ e ) {
	// Vault could not be created
}

秘密文件（JSON）看起来像这样：

{
	"secrets" : {
		"my/secret/number/1" : {
			"username" : " my-username1 " ,
			"password" : " my-password1 "
		},
		"my/secret/number/2" : {
			"username" : " my-username2 " ,
			"password" : " my-password2 "
		}
	}
}

取回秘密

 try {
	$ mySecret1 = $ vault -> getSecret ( ' my/secret/number/1 ' );
	$ mySecret2 = $ vault -> getSecret ( ' my/secret/number/2 ' );
} catch (  TgVault  VaultException $ e ) {
	// secret was not found
}

$ username1 = $ mySecret1 -> get ( ' username ' );
$ password1 = $ mySecret1 -> get ( ' password ' );
$ username2 = $ mySecret2 -> get ( ' username ' );
$ password2 = $ mySecret2 -> get ( ' password ' );

当键不存在时，秘密的值是NULL ，而当找不到秘密本身或检索时出现错误时，将抛出异常。

使用懒回调凭据

您可以使用SecretProvider或CredentialsProvider帮助者类来传递凭据，而无需知道它们来自何处或如何使用保险库。

 $ callback1 = new  TgVault  SecretProvider ( $ vault , ' my/secret/number/1 ' );
$ callback2 = new  TgVault  CredentialsProvider ( $ vault , ' my/secret/number/2 ' );

try {
	$ username1 = $ callback1 -> get ( ' username ' );
	$ password1 = $ callback1 -> get ( ' password ' );

	$ username2 = $ callback2 -> getUsername ();
	$ password2 = $ callback2 -> getPassword ();
} catch (  TgVault  VaultException $ e ) {
	// Secret cannot be retrieved or does not exist
}