A very thin PHP wrapper around Hashicorp Vault's Transit Engine
Unfortunatly, this isn't a full fledged vault client. When I started writing LaraVault, these clients didn't exist yet. This client is the bare minimum need to communicate with Transit. Ideally, LaraVault would deprecate the need for this and use one of those clients
Via Composer
$ composer require kidfund/thin-transit-clientYou'll need to store the address of your vault server and the currently available token somewhere. This is the token setup we use with LaraVault
path "transit/decrypt/*" {
capabilities = ["create", "update"]
}
path "transit/encrypt/*" {
capabilities = ["create", "update"]
}If we were using the TransitClient in a Laravel Service Providor, we could do something like this
/**
* @return TransitClient|null
* @throws Exception
*/
protected function getTransitClient()
{
$enabled = config('vault.enabled');
if (!$enabled) {
return null;
}
$vaultAddr = config('vault.addr');
$vaultToken = config('vault.token');
if ($vaultToken === null || $vaultToken === 'none') {
throw new Exception('Vault token must be configured');
}
$client = new TransitClient($vaultAddr, $vaultToken);
return $client;
}
/**
* @return void
*/
public function register()
{
$this->app->singleton(TransitClient::class, function () {
return $this->getTransitClient();
});
}$encrypted = $client->encrypt($key, $plaintext);You can also pass a context
$encrypted = $client->encrypt($key, $plaintext, $context);$plaintext = $client->decrypt($key, $cipherText,);You can also pass a context
$plaintext = $client->decrypt($key, $cipherText, $context);$ ./vendor/bin/phpunitPlease see CONTRIBUTING and CONDUCT for details.
The MIT License (MIT). Please see License File for more information.