itk-dev / azure-key-vault-php
Azure key vault php library
Installs: 14 253
Dependents: 1
Suggesters: 0
Security: 0
Stars: 0
Watchers: 4
Forks: 0
Open Issues: 0
Requires
- php: >=7.2
- ext-json: *
- psr/http-client: ^1.0
- psr/http-factory: ^1.0
- psr/http-message: ^1.0
Requires (Dev)
This package is auto-updated.
Last update: 2024-10-25 09:36:33 UTC
README
This is a php library to access certificates and secrets stored in Azure key vault through their rest API.
See https://docs.microsoft.com/en-gb/azure/key-vault/general/
Installation
Add the github repository to your composer.json.
"repositories": { "itk-dev/azure-key-vault-php": { "type": "vcs", "url": "https://github.com/itk-dev/AzureKeyVaultPhp" } },
Use composer to install the library.
composer require itk-dev/azure-key-vault-php": "dev-master"
Usage
<?php $autoloader = require_once 'vendor/autoload.php'; use Itkdev\AzureKeyVault\Authorisation\VaultToken; use Itkdev\AzureKeyVault\KeyVault\VaultCertificate; use Itkdev\AzureKeyVault\KeyVault\VaultSecret; // The VaultToken class requires a PSR-18 compatible http client and a PSR-17 compatible request factory. $vaultToken = new VaultToken($httpClient, $requestFactory); // Requires that you have an tenant if, client id and client secret. $token = $vaultToken->getToken( 'xxxx', 'yyyy', 'zzzz' ); // Certificates // This requires a PSR-18 compatible http client and a PSR-17 compatible request factory. // Get vault with the name 'testVault' using the access token. $vault = new VaultCertificate($httpClient, $requestFactory, 'testVault', $token->getAccessToken()); $cert = $vault->getCertificate('TestCert', '8cb726a7bd52460a96a5496672562df0'); echo $cert->getCert(); // Secrets // This requires a PSR-18 compatible http client and a PSR-17 compatible request factory. // Get vault with the name 'testVault' using the access token. $vault = new VaultSecret($httpClient, $requestFactory, 'testVault', $token->getAccessToken()); $secret = $vault->getSecret('TestCert', '8cb726a7bd52460a96a5496672562df0'); echo $secret->getValue();
Storing certificates in the vault
You may have to rename your .p12
file to .pfx
before being able to upload to the Azure Key Vault.
Removing passphrase from PKCS12 certificates
If you don't want to have a passphrase on the certificate stored in the Azure Key Vault, you can use the following command to remove the passphrase:
openssl pkcs12 -in certificate.p12 -nodes | openssl pkcs12 -export -out certificate.passwordless.pfx