PHP download

Download the PHP package bentools/shh-bundle without Composer

On this page you can find all versions of the php package bentools/shh-bundle. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download bentools/shh-bundle
More information about bentools/shh-bundle
Files in bentools/shh-bundle

Vendor bentools
Package shh-bundle
Short Description A Symfony bundle to handle secrets.
License MIT

Keywords symfony encryption passphrase openssl encrypt decryption decrypt Private Key public key secret secrets openrsa

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Informations about the package shh-bundle

Shh! 🤫

Shh! is a proof-of-concept aiming at dealing with secrets within your Symfony application.

Why?

I was just reading Storing secrets for Symfony applications from Matthias Pigulla which came with a solution using a Ruby-powered external program.

Then I came up with the following question: why isn't there a PHP implementation of this? 🤔

Here are the key principles:

Storing secrets in environment variables will actually expose them through phpinfo(), reports, logs, and child processes.
Thanks to Symfony's Env Var Processors, Shh will expose them encrypted. They will be decrypted at the very last moment.
Private key + an optional passphrase are required to decrypt secrets. They SHOULD be .gitgnored.
You can then commit encrypted secrets to VCS as long as the private key is stored and communicated safely.
You can change your passphrase a at any time.

Installation

Configuration

Add the bundle to your kernel (come on, you're not using Flex?).
Generate your keys:
- Create a shh directory into your config directory mkdir -p config/shh (or mkdir -p app/config/shh for Symfony 3)
- Runphp bin/console shh:generate:keys
- If you provided one, store the passphrase in the SHH_PASSPHRASE environment variable
- Add config/shh/private.pem (or app/config/shh/private.pem for Symfony 3) to your .gitignore and upload it to your production server.

And you're ready to go!

If you want a different configuration, check out the configuration reference to discover the available options.

Usage

Check the environment is properly configured

Encrypt a value (public key needed)

Decrypt a value (public key + private key needed)

Decrypt secrets in environment variables

This library ships with an environment variable processor. You can use it like this:

Working with a secrets file

You can store your encrypted secrets in a .secrets.json file at the root of your project directory (you can set a different path in the SHH_SECRETS_FILE environment variable).

This file can safely be committed to VCS (as soon as the private key isn't).

To encrypt and register a secret in this file, run the following command:

You can then use your secrets in your configuration files in the following way:

Changing passphrase

You can change your passphrase if needed: this will result in a new private key being generated. The public key remains unchanged.

As a result, a new private key will be regenerated. You just have to update it everywhere it is used, and update the SHH_PASSPHRASE environment variable as well.

You may do this every time an employee leaves the company, for instance.

Configuration reference

Tests

Feedback

Don't hesitate to ping me on Symfony Slack: @bpolaszek.

License

MIT

All versions of shh-bundle with dependencies

PHP Build Version

Package Version

Version 1.2.0 Release 04. Mar 2023
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of shh-bundle from vendor bentools

Requires php Version >=8.0
symfony/dependency-injection Version ~5.4|~6.0
symfony/console Version ~5.4|~6.0
symfony/config Version ~5.4|~6.0
symfony/http-kernel Version ~5.4|~6.0
symfony/filesystem Version ~5.4|~6.0
bentools/shh Version ~1.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package bentools/shh-bundle contains the following files

Loading the files please wait ....