README

A (thin) wrapper for google/cloud-secret-manager to reduce boilerplate

Install

composer require battis/lazy-secrets

Use

use Battis\LazySecrets\Secrets;

$data = Secrets::get("MY_APP_SECRET");

Background

While the Google Cloud Secret Manager is a fine way to store (and access) app secrets, it also entails a bunch of boilerplate code that I don't want to fat finger. So, instead of writing...

use Google\Cloud\SecretManager\V1\SecretManagerServiceClient;

$client = new SecretManagerServiceClient();
$project = $_ENV["GOOGLE_CLOUD_PROJECT"];
$key = "MY_APP_SECRET";
$version = "latest";
$secret = $client->accessSecretVersion(
  "projects/$project/secrets/$key/versions/$version"
);
$data = $secret->getPayload()->getData();

// and even (if you're packing a lot into one secret)
$obj = json_decode($data);

// ...and then using the $data or $obj

...I'd rather just write:

use Battis\LazySecrets\Secrets;

$data = Secrets::get("MY_APP_SECRET");

// or
Secrets::init($project, true);
$obj = Secrets::get("MY_APP_SECRET");

Alternatively, a PSR-16 Simple Cache implementation is also available (for easy use with dependency injection):

use Battis\LazySecrets\Cache;

// assume that the `GOOGLE_CLOUD_PROJECT` environment variable is set
$secrets = new Cache();

$obj = $secrets->get("MY_APP_SECRET");

or

/** src/Example/DependencyConsumer */

namespace Example;

use Psr\SimpleCache\CacheInterface;

class DependencyConsumer
{
  public function __constructor(CacheInterface $cache)
  {
    // ...
  }
}

/** src/app.php */

$container = new DI\Container([
  Psr\SimpleCache\CacheInterface::class => DI\create(
    \Battis\LazySecrets\Cache::class
  ),
]);
$consumer = $container->get(DependencyConsumer::class);