mittwald / vault-php
A PHP client library for 'Vault by HashiCorp'
Installs: 57 266
Dependents: 1
Suggesters: 0
Security: 0
Stars: 45
Watchers: 5
Forks: 20
Open Issues: 1
Requires
- php: >=8.3
- ext-json: *
- guzzlehttp/psr7: ^2.7.1
Requires (Dev)
- friendsofphp/php-cs-fixer: ^v3.75.0
- php-http/mock-client: ^1.6.1
- phpunit/phpunit: ^12.1.5
- vimeo/psalm: ^6.10.3
Suggests
- guzzlehttp/guzzle: HTTP Client Adapter
This package is auto-updated.
Last update: 2025-05-21 13:50:44 UTC
README
A modern PHP client for HashiCorp Vault — unlock secure secrets management in your PHP applications.
Features
- API Client for HashiCorp Vault
Simple and intuitive interface for Vault HTTP API. - Bulk Operations
Perform read/write operations on multiple secrets in a single workflow for efficiency. - Authentication Support
Compatible with popular Vault auth backends (Token, AppRole, User/Password, etc.). - Secret Engines
Easy interaction with common secret engines (Transit, etc.). - Typed Responses
Strong-typed, doctrine-based responses for safer PHP development. - Extendable & PSR-compliant
Easily extend class behaviors and integrate with PSR-18 HTTP clients.
Installation
Install via Composer:
composer require mittwald/vault-php
Usage
Below is a basic example of how to interact with Vault using this library:
<?php require 'vendor/autoload.php'; use VaultPHP\VaultClient; use VaultPHP\Authentication\Provider\Token; use VaultPHP\SecretEngines\Engines\Transit\Transit; use GuzzleHttp\Client; // setting up independent http client - example with guzzle http client $httpClient = new Client(['verify' => false]); // setting up desired vault strategy $authProvider = new Token('dummyToken'); // Initialize Vault client $client = new VaultClient( $httpClient, $authProvider, 'https://vault.example.com:1337/transit/' ); // List all keys from Transit Secret engine $api = new Transit($client); var_dump($api->listKeys());
For more advanced use (custom HTTP clients, other auth methods, etc.), see the examples/ directory.
Supported Vault Operations
- Authentication
- Token
- AppRole
- User/Password
- Kubernetes
- Transit Secret Engine
- Encrypt/Decrypt
- Update Key Config
- Create Key
- Delete Key
- List Keys
- Sign Data
Configuration
You can inject any PSR-18 HTTP Client for maximum flexibility:
$client = new VaultClient( $yourPsr18Client, $auth, 'https://vault.example.com:1337' );
Testing
To run the test suite:
composer install
composer test
Security
If you discover any security issues, please see SECURITY.md for responsible disclosure guidelines.
License
This library is Open Source and distributed under the MIT license.