PHPackages bitcoinmatex/vault-to-config - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [CLI & Console](/categories/cli) 4. / 5. bitcoinmatex/vault-to-config ActiveProject[CLI & Console](/categories/cli) bitcoinmatex/vault-to-config ============================ Nette CLI app: renders a Latte configuration template using secrets from HashiCorp Vault and generates NEON for deployment. v0.1.0(yesterday)01↑2900%BSD-3-ClausePHPPHP >=8.1CI passing Since Jun 12Pushed yesterdayCompare [ Source](https://github.com/Bitcoinmatex/vault-to-config)[ Packagist](https://packagist.org/packages/bitcoinmatex/vault-to-config)[ RSS](/packages/bitcoinmatex-vault-to-config/feed)WikiDiscussions master Synced today READMEChangelogDependencies (14)Versions (4)Used By (0) VaultToConfig ============= [](#vaulttoconfig) A CLI tool (a classic Nette application: Bootstrap + DI container, Latte, Symfony Console) that: 1. reads secrets from **HashiCorp Vault** based on the environment (HTTP API, KV v1/v2), 2. injects them as variables into a **Latte** template, 3. validates the output as **NEON** and writes e.g. `local.neon` for deploying any Nette application. Download -------- [](#download) ``` composer create-project bitcoinmatex/vault-to-config cd vault-to-config ./install.sh ``` Usage ----- [](#usage) ``` export VAULT_TOKEN="hvs.****" php bin/console compile:latte ``` For example: ``` bin/console compile:latte prod examples/config.latte config/local.neon --dry-run ``` Environment variables --------------------- [](#environment-variables) VariableDefaultMeaning`VAULT_TOKEN`(required)Vault token (`X-Vault-Token`). Not logged.`VAULT_ADDR``https://127.0.0.1:8200`Vault address.`VAULT_KV_MOUNT``secret`KV mount.`VAULT_KV_VERSION``2`KV engine version (`1` or `2`).`VAULT_SECRET_PATH``{env}`Path template under the mount; `{env}` = 1st arg.`VAULT_NAMESPACE`(optional)Vault Enterprise namespace.Each one also has a flag: `--vault-addr`, `--mount`, `--kv-version`, `--secret-path`. ### Path and layering [](#path-and-layering) The path is relative to **under the mount** (the client inserts `/data/` for KV v2 itself). `{env}` is replaced by the environment. You can merge multiple comma-separated paths (later ones override earlier): ``` export VAULT_SECRET_PATH="apps/myapp/common,apps/myapp/{env}" # KV v2 reads: secret/data/apps/myapp/common + secret/data/apps/myapp/prod ``` Latte template -------------- [](#latte-template) The template starts with `{contentType text}` (if missing, it is added automatically -> no HTML escaping). Available variables: - `{$environment}` - the environment, - `{$vault['key']}` - any key (even with dashes), - `{$key}` - shorthand, if the name is a valid PHP identifier, - the **`|neon`** filter - safely encodes the value as a NEON scalar (quotes + escaping). It is recommended for all values from Vault: `password: {$db_password|neon}`. Security / compliance --------------------- [](#security--compliance) - Secret values are **never logged** - verbose (`-v`) prints only the key names. (DORA art. 9/11 - audit trail without sensitive data.) - The output has `0640` permissions and is in `.gitignore`; delete it after deploy on CI. - NEON is validated before writing - a template error never reaches production. - Diagnostics go to **stderr**, the payload (`--dry-run`) to **stdout**. ### Health Score 37 — LowBetter than 81% of packages Maintenance100 Actively maintained with recent releases Popularity2 Limited adoption so far Community6 Small or concentrated contributor base Maturity34 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 1d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/1110294?v=4)[Roman Mátyus](/maintainers/romanmatyus)[@romanmatyus](https://github.com/romanmatyus) --- Top Contributors [![romanmatyus](https://avatars.githubusercontent.com/u/1110294?v=4)](https://github.com/romanmatyus "romanmatyus (8 commits)") ### Code Quality Static AnalysisPHPStan Code StylePHP\_CodeSniffer Type Coverage Yes ### Embed Badge ![Health badge](/badges/bitcoinmatex-vault-to-config/health.svg) ``` [![Health](https://phpackages.com/badges/bitcoinmatex-vault-to-config/health.svg)](https://phpackages.com/packages/bitcoinmatex-vault-to-config) ``` ### Alternatives [jolicode/castor A lightweight and modern task runner. Automate everything. In PHP. 54642.4k4](/packages/jolicode-castor) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)