PHPackages brainlet-ali/laravel-locksmith - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. brainlet-ali/laravel-locksmith ActiveLibrary[Security](/categories/security) brainlet-ali/laravel-locksmith ============================== Secrets rotation orchestration for Laravel with zero-downtime grace periods. v0.1.0(5mo ago)83MITPHPPHP ^8.1CI passing Since Dec 7Pushed 5mo agoCompare [ Source](https://github.com/brainlet-ali/laravel-locksmith)[ Packagist](https://packagist.org/packages/brainlet-ali/laravel-locksmith)[ Docs](https://github.com/brainlet-ali/laravel-locksmith)[ RSS](/packages/brainlet-ali-laravel-locksmith/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (6)Versions (3)Used By (0) Laravel Locksmith ================= [](#laravel-locksmith) **Secrets rotation orchestration for Laravel.** Manage the complete lifecycle of credential rotation: generate, validate, swap, and cleanup - with zero downtime. Why Locksmith? -------------- [](#why-locksmith) - **Zero-downtime rotation** - Grace periods let both old and new keys work during transition - **Self-cleaning** - Old keys automatically deleted from providers after grace period - **Rotation lifecycle** - Generate → Validate → Swap → Cleanup, all orchestrated - **Notifications** - Get alerted on rotation success/failure via Mail or Slack - **Audit logging** - Track every rotation with correlation IDs - **Open source** - MIT licensed, forever free Installation ------------ [](#installation) ``` composer require brainlet-ali/laravel-locksmith php artisan locksmith:install ``` Two Ways to Rotate ------------------ [](#two-ways-to-rotate) MethodForHow**Recipes**Services with key-generation APIsLocksmith creates new keys via API**Key Pools**Services without APIsYou pre-add keys, Locksmith rotates through themQuick Start ----------- [](#quick-start) **Recipe-based (AWS IAM):** ``` php artisan locksmith:init aws.credentials # Stores username + first key php artisan locksmith:rotate aws.credentials --recipe=aws ``` Output: ``` Discarding previous key for [aws.credentials]... Rotating secret [aws.credentials]... Secret [aws.credentials] rotated successfully. ``` **Key Pool (services without APIs):** ``` php artisan locksmith:pool api.secret --add # Add pre-generated keys php artisan locksmith:pool api.secret --rotate # Rotate to next key ``` **Read secrets:** ``` $secret = Locksmith::get('api.secret'); ``` Commands -------- [](#commands) ``` locksmith:install # Interactive setup locksmith:init # Initialize credentials locksmith:rotate # Rotate with recipe locksmith:rollback # Rollback to previous locksmith:status # View secrets status locksmith:clear-expired # Clear expired grace periods locksmith:prune-logs # Remove old rotation logs locksmith:pool # Manage key pools locksmith:pool-rotate # Rotate all configured pools ``` Self-Cleaning Rotation ---------------------- [](#self-cleaning-rotation) Locksmith automatically manages key lifecycle: ``` ┌─────────────────────────────────────────────────────────────────┐ │ ROTATE │ │ ├── Discard previous_value immediately (if exists) │ │ ├── Generate new key via recipe │ │ ├── Validate new key works │ │ ├── Store: value=new, previous_value=old │ │ └── Schedule cleanup job (runs after grace period) │ │ │ │ GRACE PERIOD (60 min default) │ │ ├── Both old and new keys work │ │ └── Applications gradually switch to new key │ │ │ │ AFTER GRACE PERIOD (automatic) │ │ ├── Job runs: deletes old key from provider (AWS, etc.) │ │ └── Clears previous_value from database │ │ │ │ ROTATE AGAIN (on-demand) │ │ ├── Discards current previous_value BEFORE generating new │ │ └── Prevents hitting provider key limits (AWS = 2 keys max) │ └─────────────────────────────────────────────────────────────────┘ ``` Built-in Recipe --------------- [](#built-in-recipe) RecipeWhat it does`AwsRecipe`Rotates IAM access keys with self-managed credentials**Self-managed AWS credentials:** - Username, Access Key ID, and Secret stored encrypted in Locksmith - No `.env` variables needed for AWS - User rotates their own keys (IAM permissions on self) - Old keys auto-deleted from AWS after grace period Features -------- [](#features) - AES-256 encryption at rest - Dual-key grace periods (zero downtime) - Self-cleaning rotation with scheduled jobs - On-demand discard for immediate rotation - Scheduled rotation via Laravel scheduler - Mail & Slack notifications - Audit logging with correlation IDs - Caching layer (reduces DB calls) Requirements ------------ [](#requirements) - PHP 8.1+ - Laravel 9.x, 10.x, or 11.x Documentation ------------- [](#documentation) Full docs: [docs/DOCUMENTATION.md](docs/DOCUMENTATION.md) License ------- [](#license) MIT ### Health Score 32 — LowBetter than 72% of packages Maintenance73 Regular maintenance activity Popularity9 Limited adoption so far Community6 Small or concentrated contributor base Maturity34 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 154d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/2220d267614e415f398e1cfa62c76c2ba144b1c7c1ddec5cc829f34b562bf35f?d=identicon)[brainlet-ali](/maintainers/brainlet-ali) --- Top Contributors [![brainlet-ali](https://avatars.githubusercontent.com/u/16162821?v=4)](https://github.com/brainlet-ali "brainlet-ali (2 commits)") --- Tags laravelsecurityencryptionsecretscredentialsrotationapi keyszero-downtime ### Code Quality TestsPHPUnit Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/brainlet-ali-laravel-locksmith/health.svg) ``` [![Health](https://phpackages.com/badges/brainlet-ali-laravel-locksmith/health.svg)](https://phpackages.com/packages/brainlet-ali-laravel-locksmith) ``` ### Alternatives [tzsk/otp A secure, database-free One-Time Password (OTP) generator and verifier for PHP and Laravel. 241641.4k1](/packages/tzsk-otp)[ercsctt/laravel-file-encryption Secure file encryption and decryption for Laravel applications 642.6k](/packages/ercsctt-laravel-file-encryption)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)