Credentials storage
This API supports the following backends:
Via the FromFile class. Files are expected to have the following format:
rest_password=abcdefg
ldap_password=qwertzu
Via the FromEnvironment class. Credential names map to environment variables by uppercasing them and replacing forward slashes by two underscores:
use security\credentials\{Credentials, FromEnvironment};
$credentials= new Credentials(new FromEnvironment());
$secret= $credentials->named('ldap_password'); // Reads $ENV{LDAP_PASSWORD} => util.SecretVia the FromVault class. Credentials are read from the backend mounted at /secret.
use security\credentials\{Credentials, FromVault};
// Set token to NULL to use VAULT_TOKEN from environment
$token= new Secret('72698676-4988-94a4-...');
$credentials= new Credentials(new FromVault('http://127.0.0.1:8200', $token));
$secret= $credentials->named('ldap_password'); // Reads ldap_password key from /secret
$credentials= new Credentials(new FromVault('http://127.0.0.1:8200', $token, 'vendor/name'));
$secret= $credentials->named('mysql'); // Reads mysql key from /secret/vendor/nameVia the KeePass class.
use security\credentials\{Credentials, FromKeePass};
use util\Secret;
$secret= new Secret('key');
$credentials= new Credentials(new FromKeePass('database.kdbx', $secret));
$secret= $credentials->named('ldap_password'); // Reads top-level entry ldap_password
$credentials= new Credentials(new FromKeePass('database.kdbx', $secret, 'vendor/name'));
$secret= $credentials->named('mysql'); // Reads mysql entry in vendor/name subfolderSee https://docs.docker.com/engine/swarm/secrets/. Uses Docker's default locations on both Windows and Un*x systems if constructed without argument.
use security\credentials\{Credentials, FromDockerSecrets};
use util\Secret;
$credentials= new Credentials(new FromDockerSecrets());
$secret= $credentials->named('ldap_password'); // Reads top-level entry ldap_password