PHPackages bitcot/aws-secrets-manager - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Caching](/categories/caching) 4. / 5. bitcot/aws-secrets-manager ActiveLibrary[Caching](/categories/caching) bitcot/aws-secrets-manager ========================== AWS Secrets Manager implementation with saving the encrypted values in cache 088PHP Since Mar 24Pushed 3y ago1 watchersCompare [ Source](https://github.com/harsha-bitcot/awsSecretsManager)[ Packagist](https://packagist.org/packages/bitcot/aws-secrets-manager)[ RSS](/packages/bitcot-aws-secrets-manager/feed)WikiDiscussions main Synced 4d ago READMEChangelogDependenciesVersions (1)Used By (0) bitcot/aws-secrets-manager ========================== [](#bitcotaws-secrets-manager) A library to get secret key value pairs from AWS Secrets Manager This library encrypts the retrieved values and stores it in the cache indefinitely. Getting the latest key value pairs from AWS and updating them in the cache can be achieved with any one of the following methods: - Clear the cache by calling [`secrets::clearSecrets();`](#clear-all-the-secrets-from-cache) - [Laravel implementation example](#clear-secrets-laravel) - Setup Automatic update from AWS at runtime by adding [`secrets::isLatest('key');`](#check-if-the-key-value-pair-in-the-cache-matches-with-the-one-in-aws) and [`secrets::markAsWorking('key');`](#mark-a-secret-key-value-pair-as-working) in a try-catch block where the secret is used - [Implementation approximation](#implementation-approximation) - \[Laravel specific\] Use the Artisan command `php artisan cache:clear` ### Prerequisites [](#prerequisites) - [Setup a secret in AWS](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html) - [Create an AWS access key ID and secret access key](https://aws.amazon.com/premiumsupport/knowledge-center/create-access-key/) - [Setting up Credentials for the AWS SDK ](https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html) Installation ------------ [](#installation) Installation is super-easy via [Composer](https://getcomposer.org/): ``` $ composer require bitcot/aws-secrets-manager ``` or add it by hand to your `composer.json` file. Setup ----- [](#setup) 1. Setup environment variables in `.env` file in the root of your project. [Additional information](https://github.com/vlucas/phpdotenv) ``` APP_KEY= BSM_AWS_PROFILE= BSM_SECRET_NAME= BSM_AWS_REGION= BSM_CACHE_KEY= BSM_MAX_RETRY_COUNT= ``` - **APP\_KEY** \[required\] base64 string preferably 32 characters long used for encryption [Additional information](https://laravel.com/docs/8.x/encryption#configuration) - If this is 'not set'/'empty string' all the methods in this library will return failed response values (`null` in case of `secrets::get($key)`) - **BSM\_AWS\_PROFILE** \[Default: default\] Profile for AWS access key ID and secret access key stored in ~/.aws/credentials - **BSM\_SECRET\_NAME** \[Default: project/env\] Name of the secret stored in AWS - **BSM\_AWS\_REGION** \[Default: us-east-2\] AWS Region in which the secret is stored - **BSM\_CACHE\_KEY** \[Default: bsmAwsSecrets\] Key of the secrets stored in the cache - **BSM\_MAX\_RETRY\_COUNT** \[Default: 10\] No of failed attempts before marking the key as inactive. This is applicable only if automatic update of values is being used 2. Include this namespace to retrieve secrets ``` use Bitcot\AwsSecretsManager\secrets; ``` Usage ----- [](#usage) ### Retrieving value using a key [](#retrieving-value-using-a-key) ``` secrets::get('key'); ``` #### Returns [](#returns) - Value of the given key - `null` If the secret is an empty string - `null` If no secret exists for the given key in AWS ### Retrieving all the key value pairs [](#retrieving-all-the-key-value-pairs) ``` secrets::getAll(); ``` #### Returns [](#returns-1) - Key value pairs object - If no key value pairs exists in AWS, an Empty object would be returned ### Get All the info of secrets [](#get-all-the-info-of-secrets) ``` secrets::getInfo(); ``` #### To get the values of only one key value pair, Pass the key while calling this method [](#to-get-the-values-of-only-one-key-value-pair-pass-the-key-while-calling-this-method) ``` secrets::getInfo('key'); ``` #### Returns [](#returns-2) An object containing the value, retry count and status of every key stored in the cache - `null` If the key is passed while calling the method and no secret exists with that key. ### Clear all the secrets from cache [](#clear-all-the-secrets-from-cache) ``` secrets::clearSecrets(); ``` #### Returns [](#returns-3) `true` If the secrets in cache are successfully cleared, `false` Otherwise. ### Check if the key value pair in the cache matches with the one in AWS [](#check-if-the-key-value-pair-in-the-cache-matches-with-the-one-in-aws) ##### This can be used to set up automatic update of the values in cache if a new value is avaliable in aws [](#this-can-be-used-to-set-up-automatic-update-of-the-values-in-cache-if-a-new-value-is-avaliable-in-aws) ``` secrets::isLatest('key'); ``` This method clears all the secrets stored in the cache by default if latest value in AWS does not match with the one in cache. To stop this, pass `false` as the second argument. ``` secrets::isLatest('key', false); ``` #### Returns [](#returns-4) `true` If the value in AWS matches with the one in cache, `false` Otherwise. - Returns `true` if the given key doesn't exist in AWS ### Mark a secret key value pair as working [](#mark-a-secret-key-value-pair-as-working) #### This should be clubbed with `isLatest()` to achieve automatic update of the values in cache if a new value is available in aws [](#this-should-be-clubbed-with-islatest-to-achieve-automatic-update-of-the-values-in-cache-if-a-new-value-is-available-in-aws) ``` secrets::markAsWorking('key'); ``` #### Returns [](#returns-5) `true` If the key value pair has been marked as working and set retry count to 0, `false` Otherwise. ### Get status of the secrets [](#get-status-of-the-secrets) ``` secrets::status(); ``` #### Returns [](#returns-6) An object containing arrays of Total, active, failing, failed and unknown keys. Implementation types -------------------- [](#implementation-types) ### Manual update of the values in cache if a new value is available in aws [](#manual-update-of-the-values-in-cache-if-a-new-value-is-available-in-aws) ##### Get secrets [](#get-secrets) Include this namespace at the top of the file ``` use Bitcot\AwsSecretsManager\secrets; ``` To retrieve the values ``` echo secrets::get('key'); ``` ##### Update values from AWS [](#update-values-from-aws) - Clear the cache by calling [`secrets::clearSecrets();`](#clear-all-the-secrets-from-cache) - [Laravel implementation example](#clear-secrets-laravel) - \[Laravel specific\] Use the Artisan command `php artisan cache:clear` ### Automatic update of the values in cache if a new value is available in AWS\[Approximation\] [](#-automatic-update-of-the-values-in-cache-if-a-new-value-is-available-in-awsapproximation) Include this namespace at the top of the file ``` use Bitcot\AwsSecretsManager\secrets; ``` To retrieve the latest values ``` function apiCallSimulation($secondTry = false){ echo secrets::get('key'); //call the API if ('API call failed dude to wrong/invalid secret'){ if (!secrets::isLatest('key') && !$secondTry){ return apiCallSimulation(true); } } if ('API call is successful'){ secrets::markAsWorking('key'); } } ``` ### Clear secrets - Laravel example [](#clear-secrets---laravel-example) create a custom artisan command, Include the namespace at the top and use this code in handle method ``` public function handle(secrets $secrets) { $success = $secrets->clearSecrets(); if ($success){ $this->info('The command was successful!'); }else { $this->error('Something went wrong!'); } return 0; } ``` To be continued... ------------------ [](#to-be-continued) ### Health Score 15 — LowBetter than 3% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity9 Limited adoption so far Community7 Small or concentrated contributor base Maturity22 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://avatars.githubusercontent.com/u/81676401?v=4)[harsha-bitcot](/maintainers/harsha-bitcot)[@harsha-bitcot](https://github.com/harsha-bitcot) --- Top Contributors [![harsha-bitcot](https://avatars.githubusercontent.com/u/81676401?v=4)](https://github.com/harsha-bitcot "harsha-bitcot (15 commits)") ### Embed Badge ![Health badge](/badges/bitcot-aws-secrets-manager/health.svg) ``` [![Health](https://phpackages.com/badges/bitcot-aws-secrets-manager/health.svg)](https://phpackages.com/packages/bitcot-aws-secrets-manager) ``` ### Alternatives [predis/predis A flexible and feature-complete Redis/Valkey client for PHP. 7.8k305.7M2.4k](/packages/predis-predis)[snc/redis-bundle A Redis bundle for Symfony 1.0k39.4M67](/packages/snc-redis-bundle)[react/cache Async, Promise-based cache interface for ReactPHP 444112.4M40](/packages/react-cache)[wp-media/wp-rocket Performance optimization plugin for WordPress 7431.3M3](/packages/wp-media-wp-rocket)[illuminate/cache The Illuminate Cache package. 12835.6M1.4k](/packages/illuminate-cache)[colinmollenhour/php-redis-session-abstract A Redis-based session handler with optimistic locking 6325.6M14](/packages/colinmollenhour-php-redis-session-abstract) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)