laravel-vault maintained by freebuu
PHP Laravel Vault
Get your .env from remote (HaspiCorp Vault) on deploy
Warning! This is very beginning alpha version without usable realise. Not recommended for using now
Quickstart
Install
composer require freebuu/laravel-vault
php artisan vendor:publish --tag=config --provider="FreeBuu\LaravelVault\LaravelVaultServiceProvider"
Configure
Add patches from Vault and variables to secrets in vault.php
'vars' => [
'patches' => [
'/secret/database/{env}'
],
'patch_variables' => [
'env' => 'production',
],
]
Override credentials
Make vault.json file with Vault options - structure MUST be same as vault.php
You can override here ALL options from vault.php
{
"connections": {
"vault": {
"host": "http://vault",
"role_id": "your_secret_id",
"secret_id": "your_secret_id"
}
}
}
Use
base64 -w 0 vault.json | php artisan vault:get --stdin --b64
If all OK (credentials is actual and have access to secret patches), you see merged values from all patches:
+---------+------------+
| Key | Value |
+---------+------------+
| secret1 | value1 |
| secret2 | value2 |
+---------+------------+
- For save this in .env - add option --output=currentEnv
- For save this in .env.next - add option --output=nextEnv
Use in CI
Here is a shorthand command special from CI
- On runner, obtain a token docs
- Obtain .env with that token
php artisan vault:ci s.JYVfe67632rRDtyf --app=my_project --env=production
- s.JYVfe67632rRDtyf - Vault one-time token
- my_project - App name, set the 'app' patch variable. Optional.
- production - App env, set the 'env' patch variable. Optional.