PHPackages f-lombardo/secrets-loader - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. f-lombardo/secrets-loader ActiveLibrary[Utility & Helpers](/categories/utility) f-lombardo/secrets-loader ========================= Load secret values from SSM into environment variables - Forked from bref/secrets-loader 1.1.0(2y ago)025.3k↓19%[1 PRs](https://github.com/f-lombardo/secrets-loader/pulls)MITPHPPHP >=8.0CI passing Since Jul 27Pushed 1y ago1 watchersCompare [ Source](https://github.com/f-lombardo/secrets-loader)[ Packagist](https://packagist.org/packages/f-lombardo/secrets-loader)[ RSS](/packages/f-lombardo-secrets-loader/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (5)Versions (8)Used By (0) [![OpenSSF Scorecard](https://camo.githubusercontent.com/349b2682d87e0a962d00efb172fbf61f6463cb36354193cfb1b0b172f49eb3f1/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f662d6c6f6d626172646f2f736563726574732d6c6f616465722f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/f-lombardo/secrets-loader)[![Quality Gate Status](https://camo.githubusercontent.com/dd0dbf5b248111c91f5af6247777d5edaf9c2cfb406600dabefa46afb8a637f7/68747470733a2f2f736f6e6172636c6f75642e696f2f6170692f70726f6a6563745f6261646765732f6d6561737572653f70726f6a6563743d662d6c6f6d626172646f5f736563726574732d6c6f61646572266d65747269633d616c6572745f737461747573)](https://sonarcloud.io/summary/new_code?id=f-lombardo_secrets-loader)[![OpenSSF Best Practices](https://camo.githubusercontent.com/0c56849f54a91808d4616ee2ece5143ec08cda3aad00563f108e98093f60188e/68747470733a2f2f7777772e626573747072616374696365732e6465762f70726f6a656374732f383737332f6261646765)](https://www.bestpractices.dev/projects/8773) Load secrets ============ [](#load-secrets) Automatically load secrets from SSM into environment variables when running with Bref. This work is a fork of the [project](https://github.com/brefphp/secrets-loader) created by [Matthieu Napoli](https://github.com/mnapoli), who is also the creator of the amazing [Bref](https://bref.sh/) project. I introduced here the ability to load parameters from Secrets Manager and to have an SSM parameter containing many application environment variables in ini format. Load secrets from Secrets Manager --------------------------------- [](#load-secrets-from-secrets-manager) This library replaces at runtime secrets read from AWS Secrets Manager. Those secrets can be both in JSON format or in plain text. ``` provider: # ... environment: MY_PARAMETER: bref-secretsmanager:/my-app/my-parameter-in-plain-text MY_PARAMETER_JSON: bref-secretsmanager-json:/my-app/my-parameter-in-json ``` In this example the Bref Lambda function will see an environment variable `MY_PARAMETER` which value will be the content of secret `/my-app/my-parameter-in-plain-text`. Secret pointed by `/my-app/my-parameter-in-json` should be a JSON string of the form: ``` { "VAR1": "value1", "VAR2": "value2" } ``` The Lambda function will have access to two environment variables `VAR1=value1` and `VAR2=value2`. SSM parameter in .ini format ---------------------------- [](#ssm-parameter-in-ini-format) Migrating an existing complex Symfony application to Bref leads to having many environment variables defined in `serverless.yml`. Instead of having a one to one mapping between lambda environment variables and SSM parameters, I suggest to have a single lambda environment variable with the special name `BREF_PARAMETER_STORE` that stores a string in ini format. That string will be expanded in many application environment variables. For example a lambda could have the environment variable `BREF_PARAMETER_STORE=ssm:/some/parameter`. Data contained in that parameter could be: ``` VAR1=foo VAR2=bar ``` The lambda execution runtime should then see `VAR1=foo` and `VAR2=bar` as environment variables. This project is fully compatible with the behavior of the original library, whose documentation I report below. Usage following the original library ------------------------------------ [](#usage-following-the-original-library) This library is fully compatible with the orginal one developed by Bref's author. Read the Bref documentation: It replaces (at runtime) the variables whose value starts with `bref-ssm:`. For example, you could set such a variable in `serverless.yml` like this: ``` provider: # ... environment: MY_PARAMETER: bref-ssm:/my-app/my-parameter ``` In AWS Lambda, the `MY_PARAMETER` would be automatically replaced and would contain the value stored at `/my-app/my-parameter` in AWS SSM Parameters. It could be also used to read a set of parameters from a SSM variable that contains a string in an INI format. For example, if there is an SSM parameter `/my-app/my-par-store` that contains this sting: ``` FOO=bar BAR=baz ``` and we have this `severless.yml` configuration with the special variable `BREF_PARAMETER_STORE` set this way: ``` provider: # ... environment: BREF_PARAMETER_STORE: /my-app/my-par-store ``` our lambda will see the these environment variables: ``` FOO=bar BAR=baz ``` This feature is shipped as a separate package so that all its code and dependencies are not installed by default for all Bref users. Install this package if you want to use the feature. Notes for developers -------------------- [](#notes-for-developers) In the [docker](/docker) directory you can find a `docker compose` project that allows the developing and testing of the application. You can run it with ``` cd docker docker compose up -d docker compose exec php bash ``` Last command leads you inside the PHP container where you can run tests and quality checks using the [quality.sh](scripts/quality.sh) script: ``` scripts/quality.sh ``` Installation in your PHP project -------------------------------- [](#installation-in-your-php-project) ``` composer require f-lombardo/secrets-loader ``` ### Health Score 33 — LowBetter than 75% of packages Maintenance30 Infrequent updates — may be unmaintained Popularity27 Limited adoption so far Community11 Small or concentrated contributor base Maturity53 Maturing project, gaining track record Bus Factor1 Top contributor holds 76.2% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~13 days Total 3 Last Release 772d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/218cb4a9046e5063979c3abceff00afabfe1354e40f5df405a95ffb173baee88?d=identicon)[f-lombardo](/maintainers/f-lombardo) --- Top Contributors [![f-lombardo](https://avatars.githubusercontent.com/u/280709?v=4)](https://github.com/f-lombardo "f-lombardo (32 commits)")[![mnapoli](https://avatars.githubusercontent.com/u/720328?v=4)](https://github.com/mnapoli "mnapoli (8 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)")[![GrahamCampbell](https://avatars.githubusercontent.com/u/2829600?v=4)](https://github.com/GrahamCampbell "GrahamCampbell (1 commits)") --- Tags aws-lambdabrefphpserverlesssecretsbrefssmaws-ssm ### Code Quality TestsPHPUnit Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/f-lombardo-secrets-loader/health.svg) ``` [![Health](https://phpackages.com/badges/f-lombardo-secrets-loader/health.svg)](https://phpackages.com/packages/f-lombardo-secrets-loader) ``` ### Alternatives [bref/secrets-loader Load secret values from SSM into environment variables 15522.6k4](/packages/bref-secrets-loader)[csharpru/vault-php Best Vault client for PHP that you can find 8410.3M4](/packages/csharpru-vault-php)[bref/dev-server Local development server for serverless web apps 3612.5k](/packages/bref-dev-server) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)