Download the PHP package felixsand/phpsst without Composer
On this page you can find all versions of the php package felixsand/phpsst. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download felixsand/phpsst
More information about felixsand/phpsst
Files in felixsand/phpsst
Package phpsst
Short Description A PHP library for distributing (one time) passwords/secrets in a more secure way
License MIT
Homepage https://github.com/felixsand/PhPsst
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package phpsst
PhPsst
A PHP library for distributing (one time) passwords/secrets in a more secure way
Installation
Add the package as a requirement to your composer.json:
Usage
Storage Classes
FileStorage
The most basic of the storage classes is the FileStorage. It's also (generally) the most insecure and if you store a lot of passwords there's a performance issue due to the garbage collector being very crude. It is however the easiest way to try out the library and useful during development. The constructor parameter $gcProbability is a value from 0 and up, where 0 disables the GC; 1 means it's run for every file write; 10 means it got a 10% probability of running; etc. It's not recommended to turn it off.
RedisStorage
The recommended production storage class is the RedisStorage. It has great performance even during heavy use and since it removes the passwords with expired TTL automatically, it's more secure than the other options. It's important to note that if you're not reviewing the Redis configuration, it might purge entries even before the item's TTL has expired (if it's memory limit is reached) and the items will only live for as long as the server is running. This might be desired properties in certain cases, but you need to be aware of it when setting up the solution.
SqLiteStorage
If you don't have access to Redis, another storage engine that is suitable for production use is the SqLiteStorage. It's not as secure as the RedisStorage, mainly because of it's dependency on a garbage collector; as well as the possibility that the SqLite DB file might be included in backups, etc. It's also not suitable for setups with several webservers without access to a shared filesystem. The constructor parameter $gcProbability is the same as for the FileStorage.
Requirements
- PHP 8.1 or above.
- Redis (for the Redis Storage)
Demo
- Docker
docker run -p 80:80 felixsand/phpsst - See: github.com/felixsand/phpsst-demo
Author
Felix Sandström http://github.com/felixsand
Special thanks
- Andreas http://github.com/jandreasn for peer review
- Chris Wolf https://github.com/crslp for bumping the library to PHP 8.1
License
Licensed under the MIT License - see the LICENSE file for details.
