mittwald / vault-php
A PHP client library for 'Vault by HashiCorp'
Installs: 44 310
Dependents: 1
Suggesters: 0
Security: 0
Stars: 40
Watchers: 6
Forks: 18
Open Issues: 1
Requires
- php: ^7.2.5 || ^8.0
- ext-json: *
- guzzlehttp/psr7: ^2.6
- psr/http-client: ^1.0
Requires (Dev)
- phpunit/phpunit: 9.6.19
- vimeo/psalm: 5.23.1
Suggests
- php-http/curl-client: CURL Client Adapter
- tuupola/http-factory: HTTP Factory
README
PHP Client Library for the Hashicorp Vault Service. This Client follows the Request and Response Data equal to the Hashicorp Vault Client Documentation.
- Authentication https://www.vaultproject.io/api-docs/auth
- Secret Engines https://www.vaultproject.io/api-docs/secret
Feel free to open Pull Requests to add improvements or missing functionality.
Installation
Composer
composer require mittwald/vault-php
Implemented Functionality:
- Auth
- User/Password
- Token
- Kubernetes
- AppRole
- Secret Engines
- Transit Engine
- Encrypt/Decrypt
- Update Key Config
- Create Key
- Delete Key
- List Keys
- Sign Data
- Transit Engine
Basic Usage
// setting up independent http client $httpClient = new Client(); // setting up vault auth provider $auth = new Token('foo'); // creating the vault request client $client = new VaultClient( $httpClient, $auth, 'http://127.0.0.1:8200' ); // selecting the desired secret engine // e.g. Transit Secret Engine $api = new Transit($client); // calling specific endpoint $response = $api->listKeys(); //reading results var_dump($response->getKeys()); //... //... //Profit...
VaultClient
public function __construct( HttpClient $httpClient, AuthenticationProviderInterface $authProvider, string $apiHost )
HttpClient
takes every PSR-18 compliant HTTP Client Adapter like "php-http/curl-client": "^1.7"
AuthenticationProviderInterface
Authentication Provider from /authentication/provider/*
$apiHost
Hashicorp Vault REST Endpoint URL
Bulk Requests
Using Bulk Requests also requires to iterate through the Response
and calling hasErrors
within the MetaData
of each Bulk Item to ensure it was processed successfully.
Exceptions
Calling library methods will throw exceptions, indicating where ever invalid data was provided or HTTP errors occurred or Vault Generic Endpoint Errors are encountered.
VaultException
Generic Root Exception where every exception in this library extends from.
VaultHttpException
Exception will thrown when something inside the HTTP handling will cause an error.
VaultAuthenticationException
Will be thrown when API Endpoint Authentication fails.
VaultResponseException
Will be thrown on 5xx status code errors.
InvalidRouteException
Calling an Invalid/Non Existing/Disabled Vault API Endpoint will throw this Exception.
InvalidDataException
Exception indicates a failed server payload validation.
KeyNameNotFoundException
Will be thrown when trying to request an API Endpoint where the Key Name - that is indicated within the url - will not exist.