A modern PHP client for HashiCorp Vault — unlock secure secrets management in your PHP applications.
- API Client for HashiCorp Vault
Simple and intuitive interface for Vault HTTP API. - Bulk Operations
Perform read/write operations on multiple secrets in a single workflow for efficiency. - Authentication Support
Compatible with popular Vault auth backends (Token, AppRole, User/Password, etc.). - Secret Engines
Easy interaction with common secret engines (Transit, etc.). - Typed Responses
Strong-typed, doctrine-based responses for safer PHP development. - Extendable & PSR-compliant
Easily extend class behaviors and integrate with PSR-18 HTTP clients.
Install via Composer:
composer require mittwald/vault-phpBelow is a basic example of how to interact with Vault using this library:
<?php
require 'vendor/autoload.php';
use VaultPHP\VaultClient;
use VaultPHP\Authentication\Provider\Token;
use VaultPHP\SecretEngines\Engines\Transit\Transit;
use GuzzleHttp\Client;
// setting up independent http client - example with guzzle http client
$httpClient = new Client(['verify' => false]);
// setting up desired vault strategy
$authProvider = new Token('dummyToken');
// Initialize Vault client
$client = new VaultClient(
$httpClient,
$authProvider,
'https://vault.example.com:1337/transit/'
);
// List all keys from Transit Secret engine
$api = new Transit($client);
var_dump($api->listKeys());For more advanced use (custom HTTP clients, other auth methods, etc.), see the examples/ directory.
- Authentication
- Token
- AppRole
- User/Password
- Kubernetes
- Transit Secret Engine
- Encrypt/Decrypt
- Update Key Config
- Create Key
- Delete Key
- List Keys
- Sign Data
You can inject any PSR-18 HTTP Client for maximum flexibility:
$client = new VaultClient(
$yourPsr18Client,
$auth,
'https://vault.example.com:1337'
);To run the test suite:
composer install
composer testIf you discover any security issues, please see SECURITY.md for responsible disclosure guidelines.
This library is Open Source and distributed under the MIT license.