Download the PHP package ixnode/php-vault without Composer
On this page you can find all versions of the php package ixnode/php-vault. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download ixnode/php-vault
More information about ixnode/php-vault
Files in ixnode/php-vault
Informations about the package php-vault
PHPVault
PHPVault is a PHP library that can create, read, encrypt and decrypt environment files (so-called dotenv files). For
example is .env
a plain file, .env.enc
an encrypted file, etc. Within your project you can automatically load these
encrypted environment variables from .env.enc
into getenv()
, $_ENV
and $_SERVER
. The corresponding key-value
pairs within these dotenv files are encrypted and decrypted using an asymmetric encryption method
(Public-key cryptography). Private keys are only available
on productive systems for decrypting dotenv values. The public key, on the other hand, can be safely checked into
the repository and is used everywhere to encrypt new values.
The strict separation of configuration and code is a fundamental principle of software development and is based on the The Twelve-Factor App methodology. One way to do this is to store these data into separate configuration files such as the dotenv files mentioned above. These are mostly unencrypted, but usually contain very sensitive data such as database access and API keys. They must therefore never be checked into the code repository! Since these are usually files within the project, there is still a risk that this could happen by mistake.
The PHPVault approach preserves the principle of separation and goes one step further: It encrypts plain dotenv files and allows them to be checked into the code repository. To decrypt and use the data on a productive system, simply exchange the private key. This approach is great for providing secure and automated deployment processes (CI/CD, etc.).
To start simply run:
This requires Composer, a dependency manager for PHP.
Command line command vendor/bin/php-vault
The basis of all operations is the command line tool vendor/bin/php-vault
. Help can be displayed at any time:
On development system
Usually, you need the public key in this environment. Examples can be found below. There are several
ways to pass the public key to the php-vault
interpreter. In the following,
the key is loaded from the .keys
directory (--public-key
).
Generate keys
- Attention!:
- Keep the private key safe for the productive systems (
.keys/private.key
).- Delete the private key file
.keys/private.key
if you have saved it and submitted it to the admin for the productive system.
- Delete the private key file
- Use the public key on development and local systems (
.keys/public.key
).
- Keep the private key safe for the productive systems (
Create environment file
- Add key-value pair
DB_USER=secret.user
with description"DB Configs"
- Add key-value pair
DB_PASS=secret.pass
- Add key-value pair
DB_HOST=secret.host
- Add key-value pair
DB_NAME=secret.name
- Use public key (
--public-key
→ read from.keys/public.key
).
Display the environment file
- The contents displayed are encrypted.
- Do not need any key.
On production system
Usually, you need the private key in this environment. Examples can be found below. There are several
ways to pass the private key to the php-vault
interpreter. In the following,
the key is loaded from the .keys
directory (--private-key
).
Display an encrypted file
- Use private key (
--private-key
→ read from.keys/private.key
).
Decrypt an encrypted file
- Never add the produced decrypted file
.env
to the repository! - Use private key (
--private-key
→ load from.keys/private.key
).
Display the decrypted file without encryption
- Do not need any key.
Using the PHPVault class
Load the private key from a given file
Load the private key from the server environment variable PRIVATE_KEY
For options to set the environment variable, see here.
Run tests
The part is only available if the project is checked out directly for development:
PHPUnit tests
Static code analysis (PHPStan)
Continuous integration
Runs @analyse
and @tests
:
Security
If you discover a security vulnerability within this package, please send an email to Björn Hempel at [email protected]. All security vulnerabilities will be promptly addressed. You may view our full security policy here.
License
PHPVault is licensed under MIT.
All versions of php-vault with dependencies
adhocore/cli Version ^0.9.0
ext-sodium Version *
ext-json Version *