PHPackages juniorfontenele/laravel-vault-server - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. juniorfontenele/laravel-vault-server AbandonedArchivedLibrary[Utility & Helpers](/categories/utility) juniorfontenele/laravel-vault-server ==================================== A vault server for Laravel applications. 1.0.0(11mo ago)0248[5 PRs](https://github.com/juniorfontenele/laravel-vault-server/pulls)MITPHPPHP ^8.3CI passing Since Jun 5Pushed 4mo ago1 watchersCompare [ Source](https://github.com/juniorfontenele/laravel-vault-server)[ Packagist](https://packagist.org/packages/juniorfontenele/laravel-vault-server)[ Docs](https://github.com/juniorfontenele/laravel-vault-server)[ GitHub Sponsors](https://github.com/juniorfontenele)[ RSS](/packages/juniorfontenele-laravel-vault-server/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (22)Versions (7)Used By (0) Laravel Vault Server ==================== [](#laravel-vault-server) [![Latest Version on Packagist](https://camo.githubusercontent.com/1b71e2b36c8e1685f4ea6718284d9260d1d9f690db59f43b63bec1acb45195da/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6a756e696f72666f6e74656e656c652f6c61726176656c2d7661756c742d7365727665722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/juniorfontenele/laravel-vault-server)[![Tests](https://camo.githubusercontent.com/e0bb9aaabeb70e22b52c9797d8f83b80ac588ae1f6efe502ada9263b08582ea8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6a756e696f72666f6e74656e656c652f6c61726176656c2d7661756c742d7365727665722f74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/juniorfontenele/laravel-vault-server/actions/workflows/tests.yml)[![Total Downloads](https://camo.githubusercontent.com/59ef8616dca9ad4bfcc97b39055e9a37ef8300d86c759be51cdac112eed76b1e/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6a756e696f72666f6e74656e656c652f6c61726176656c2d7661756c742d7365727665722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/juniorfontenele/laravel-vault-server) A comprehensive vault server package for Laravel applications that provides secure credential storage, JWT-based authentication with asymmetric keys, and cryptographic key management. Built with security-first principles, this package offers hash storage with salt + pepper, client management, and automatic key rotation capabilities. Features -------- [](#features) - **Secure Hash Storage**: Store hashes with salt + pepper for enhanced security - **JWT Authentication**: Asymmetric key-based JWT authentication system - **Client Management**: Create, provision, and manage vault clients - **Key Pair Management**: Generate, rotate, and revoke cryptographic key pairs - **Automatic Cleanup**: Built-in cleanup for expired and revoked keys Installation ------------ [](#installation) You can install the package via composer: ``` composer require juniorfontenele/laravel-vault-server ``` After installation, run the install command to set up the package: ``` php artisan vault-server:install ``` This command will: - Publish the migration files - Optionally run the migrations Configuration ------------- [](#configuration) Publish the configuration file (optional): ``` php artisan vendor:publish --tag=vault-config ``` Usage ----- [](#usage) ### Using Facades [](#using-facades) The package provides several facades for easy access to vault functionality: #### VaultAuth Facade [](#vaultauth-facade) *JWT authentication service for client authentication and authorization.* ``` use JuniorFontenele\LaravelVaultServer\Facades\VaultAuth; // Authenticate client with JWT token $key = VaultAuth::attempt($token); // Returns: Key instance // Check if client is authenticated $isAuthenticated = VaultAuth::check(); // Returns: bool // Check if client has specific scope $canRead = VaultAuth::can('keys:read'); // Returns: bool // Authorize client for specific scope (throws exception if not authorized) VaultAuth::authorize('keys:read'); // Returns: void // Get authenticated client $client = VaultAuth::client(); // Returns: Client|null // Get authentication key $key = VaultAuth::key(); // Returns: Key|null // Logout client VaultAuth::logout(); // Returns: void ``` #### VaultClientManager Facade [](#vaultclientmanager-facade) *Client management service for creating, provisioning, and managing vault clients.* ``` use JuniorFontenele\LaravelVaultServer\Facades\VaultClientManager; use JuniorFontenele\LaravelVaultServer\Enums\Scope; // Create a new client $newClient = VaultClientManager::createClient( name: 'My Application', allowedScopes: [Scope::KEYS_READ->value, Scope::KEYS_ROTATE->value], description: 'Application description' ); // Returns: NewClient { client: {id: "cl_123", name: "My Application"}, plaintext_provision_token: "tok_abc" } // Provision an existing client $provisionedClient = VaultClientManager::provisionClient($clientId, $provisionToken); // Returns: Client instance // Delete a client VaultClientManager::deleteClient($clientId); // Returns: void // Cleanup inactive clients $deletedClients = VaultClientManager::cleanupInactiveClients(); // Returns: int (number of deleted clients) ``` #### VaultHash Facade [](#vaulthash-facade) *Secure password storage and validation service using salt + pepper hashing.* ``` use JuniorFontenele\LaravelVaultServer\Facades\VaultHash; // Store a password hash with salt + pepper VaultHash::store($userId, $password); // Verify a password against stored hash $isValid = VaultHash::verify($userId, $password); // Returns: bool // Delete a stored password hash VaultHash::delete($userId); ``` #### VaultKey Facade [](#vaultkey-facade) *Cryptographic key pair management service for JWT signing and verification.* ``` use JuniorFontenele\LaravelVaultServer\Facades\VaultKey; // Create a new key pair $newKey = VaultKey::create( clientId: $clientId, keySize: 2048, expiresIn: 365 // days ); // Returns: NewKey { key: {id: "key_123", public_key: "-----BEGIN PUBLIC KEY-----...", algorithm: "RS256"}, private_key: "-----BEGIN PRIVATE KEY-----..." } // Get a key by ID $key = VaultKey::getById($keyId); // Returns: Key instance // Revoke a key VaultKey::revoke($keyId); // Cleanup expired keys $expiredKeys = VaultKey::cleanupExpiredKeys(); // Returns: collection of expired keys // Cleanup revoked keys $revokedKeys = VaultKey::cleanupRevokedKeys(); // Returns: collection of revoked keys ``` ### Using Artisan Commands [](#using-artisan-commands) The package provides several Artisan commands for managing clients and keys: #### Client Management Commands [](#client-management-commands) *Commands for managing vault clients through the command line.* ``` # Install the vault server (publishes migrations and optionally runs them) php artisan vault-server:install # Create a new client (interactive or with parameters) php artisan vault-server:client create # Create a client with parameters php artisan vault-server:client create \ --name="My App" \ --description="Application description" \ --scopes="keys:read,keys:rotate" # List all clients php artisan vault-server:client list # Delete a client (interactive) php artisan vault-server:client delete # Provision a client (interactive) php artisan vault-server:client provision # Cleanup inactive clients php artisan vault-server:client cleanup ``` #### Key Management Commands [](#key-management-commands) *Commands for managing cryptographic key pairs.* ``` # Generate a new key pair (interactive) php artisan vault-server:key generate # Rotate a key (creates new key, interactive) php artisan vault-server:key rotate # List keys for a client (interactive) php artisan vault-server:key list # Revoke a key (interactive) php artisan vault-server:key revoke # Cleanup expired and revoked keys php artisan vault-server:key cleanup ``` ### Events [](#events) The package dispatches various events that you can listen to for auditing and monitoring: #### Client Events [](#client-events) - `ClientCreated` - When a new client is created - `ClientDeleted` - When a client is deleted - `ClientProvisioned` - When a client is provisioned - `ClientTokenGenerated` - When a JWT token is generated for a client - `InactiveClientsCleanup` - When inactive clients are cleaned up #### Hash Events [](#hash-events) - `HashStored` - When a hash is stored - `HashVerified` - When a hash is verified - `HashDeleted` - When a hash is deleted - `RehashNeeded` - When a hash needs to be rehashed #### Key Events [](#key-events) - `KeyCreated` - When a new key pair is created - `KeyRetrieved` - When a key is retrieved - `KeyRevoked` - When a key is revoked - `KeyRotated` - When a key is rotated - `ExpiredKeysCleanedUp` - When expired keys are cleaned up - `RevokedKeysCleanedUp` - When revoked keys are cleaned up #### Pepper Events [](#pepper-events) - `PepperRotated` - When the pepper is rotated - `PepperDecryptionFailed` - When pepper decryption fails #### Example Event Listener [](#example-event-listener) ``` use JuniorFontenele\LaravelVaultServer\Events\Client\ClientCreated; class ClientCreatedListener { public function handle(ClientCreated $event): void { // Log the client creation Log::info('New vault client created', [ 'client_id' => $event->client->id, 'client_name' => $event->client->name, ]); // Send notification // Perform additional actions } } ``` API Routes ---------- [](#api-routes) The package automatically registers API routes for vault operations. By default, routes are registered under the `/vault` prefix. You can access: - `POST /vault/client/{clientId}/provision` - Provision a client - `POST /vault/password/{userId}` - Securely store a password - `POST /vault/password/{userId}/verify` - Verify a password - `DELETE /vault/password/{userId}` - Delete a password - `POST /vault/kms/rotate` - Rotate client key pair - `GET /vault/kms/{kid}` - Get key by ID Middleware ---------- [](#middleware) The package includes JWT validation middleware that you can use to protect your routes: ``` // Basic JWT authentication Route::middleware('vault.jwt')->group(function () { // Protected routes here }); // JWT authentication with scope validation Route::middleware(['vault.jwt:keys:read'])->group(function () { // Routes requiring 'keys:read' scope }); ``` Testing ------- [](#testing) ``` composer test ``` Run tests with coverage: ``` composer test-coverage ``` Code Quality ------------ [](#code-quality) The package includes several code quality tools: ``` # Run all quality checks composer lint # Format code composer format # Static analysis composer analyze # Refactor code composer rector ``` Security -------- [](#security) This package implements several security best practices: - **Asymmetric JWT**: Uses RSA keys for JWT signing and verification - **Salt + Pepper**: Hashes are stored with both salt and pepper for enhanced security - **Key Rotation**: Supports automatic key rotation and cleanup - **Scope-based Access**: Client access is controlled via scopes - **Audit Trail**: Comprehensive event system for monitoring Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Contributing ------------ [](#contributing) Please see [CONTRIBUTING](https://github.com/juniorfontenele/laravel-vault-server/blob/main/CONTRIBUTING.md) for details. Security Vulnerabilities ------------------------ [](#security-vulnerabilities) Please review [our security policy](https://github.com/juniorfontenele/laravel-vault-server/security/policy) on how to report security vulnerabilities. Credits ------- [](#credits) - [Junior Fontenele](https://github.com/juniorfontenele) - [All Contributors](../../contributors) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 38 — LowBetter than 85% of packages Maintenance66 Regular maintenance activity Popularity11 Limited adoption so far Community10 Small or concentrated contributor base Maturity56 Maturing project, gaining track record Bus Factor1 Top contributor holds 71.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 341d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/3694405?v=4)[Junior Fontenele](/maintainers/juniorfontenele)[@juniorfontenele](https://github.com/juniorfontenele) --- Top Contributors [![juniorfontenele](https://avatars.githubusercontent.com/u/3694405?v=4)](https://github.com/juniorfontenele "juniorfontenele (5 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (1 commits)") --- Tags vaultjuniorfontenelelaravel-vault-servervault server ### Code Quality TestsPest Static AnalysisPHPStan, Rector Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/juniorfontenele-laravel-vault-server/health.svg) ``` [![Health](https://phpackages.com/badges/juniorfontenele-laravel-vault-server/health.svg)](https://phpackages.com/packages/juniorfontenele-laravel-vault-server) ``` ### Alternatives [csharpru/vault-php Best Vault client for PHP that you can find 8410.3M4](/packages/csharpru-vault-php)[tokenly/laravel-vault A Laravel interface for Hashicorp Vault 1717.1k](/packages/tokenly-laravel-vault)[aedart/athenaeum Athenaeum is a mono repository; a collection of various PHP packages 255.2k](/packages/aedart-athenaeum) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)