Credentials storage
This API supports the following backends:
Via the FromFile class. Files are expected to have the following format:
rest_password=abcdefg ldap_password=qwertzu Via the FromEnvironment class. Credential names map to environment variables by uppercasing them and replacing forward slashes by two underscores:
use security\credentials\{Credentials, FromEnvironment}; $credentials= new Credentials(new FromEnvironment()); $secret= $credentials->named('ldap_password'); // Reads $ENV{LDAP_PASSWORD} => util.SecretVia the FromVault class. Credentials are read from the backend mounted at /secret.
use security\credentials\{Credentials, FromVault}; // Set token to NULL to use VAULT_TOKEN from environment $token= new Secret('72698676-4988-94a4-...'); $credentials= new Credentials(new FromVault('http://127.0.0.1:8200', $token)); $secret= $credentials->named('ldap_password'); // Reads ldap_password key from /secret $credentials= new Credentials(new FromVault('http://127.0.0.1:8200', $token, 'vendor/name')); $secret= $credentials->named('mysql'); // Reads mysql key from /secret/vendor/nameVia the KeePass class.
use security\credentials\{Credentials, FromKeePass}; use util\Secret; $secret= new Secret('key'); $credentials= new Credentials(new FromKeePass('database.kdbx', $secret)); $secret= $credentials->named('ldap_password'); // Reads top-level entry ldap_password $credentials= new Credentials(new FromKeePass('database.kdbx', $secret, 'vendor/name')); $secret= $credentials->named('mysql'); // Reads mysql entry in vendor/name subfolderSee https://docs.docker.com/engine/swarm/secrets/. Uses Docker's default locations on both Windows and Un*x systems if constructed without argument.
use security\credentials\{Credentials, FromDockerSecrets}; use util\Secret; $credentials= new Credentials(new FromDockerSecrets()); $secret= $credentials->named('ldap_password'); // Reads top-level entry ldap_password