Pluggable key provider for the Cyphera encryption SDK (PHP).
composer require cyphera/cyphera-keychainRequires PHP 8.1 or later.
| Provider | Backend | Status |
|---|---|---|
MemoryProvider |
In-memory store | Stable |
EnvProvider |
Environment variables | Stable |
FileProvider |
Local JSON file | Stable |
VaultProvider |
HashiCorp Vault KV v2 | Stable |
AwsKmsProvider |
AWS KMS | Stub |
GcpKmsProvider |
GCP Cloud KMS | Stub |
AzureKvProvider |
Azure Key Vault | Stub |
use Cyphera\Keychain\MemoryProvider;
use Cyphera\Keychain\KeyRecord;
use Cyphera\Keychain\Status;
$provider = new MemoryProvider(
new KeyRecord(ref: 'my-key', version: 1, status: Status::ACTIVE, material: $keyBytes),
);
$record = $provider->resolve('my-key');
// $record->material contains the raw key bytesuse Cyphera\Keychain\VaultProvider;
$provider = new VaultProvider(
url: 'http://127.0.0.1:8200',
token: 'my-token',
mount: 'secret',
);
$record = $provider->resolve('customer-primary');The Bridge class provides a static resolver for config-driven key sources:
use Cyphera\Keychain\Bridge;
$material = Bridge::resolve('vault', [
'ref' => 'customer-primary',
'addr' => 'http://127.0.0.1:8200',
'token' => 'my-token',
]);VAULT_ADDR-- Vault server URL (used by VaultProvider and Bridge)VAULT_TOKEN-- Vault authentication token
composer install
composer testdocker compose up -d
VAULT_ADDR=http://localhost:8200 VAULT_TOKEN=test-token composer testApache-2.0. See LICENSE.