PHPackages neosmart/securestore - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. neosmart/securestore ActiveLibrary neosmart/securestore ==================== PHP interface to load and decrypt SecureStore secrets. 00PHP Since Mar 30Pushed 1mo agoCompare [ Source](https://github.com/neosmart/securestore-php)[ Packagist](https://packagist.org/packages/neosmart/securestore)[ RSS](/packages/neosmart-securestore/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) SecureStore PHP library ======================= [](#securestore-php-library) This repository/package houses a PHP implementation of the cross-platform, language-agnostic [SecureStore secrets specification](https://neosmart.net/SecureStore). In particular, this library may be used for interacting with [SecureStore](https://github.com/neosmart/securestore-rs) secrets containers, providing an easy-to-use and idiomatic interface for loading SecureStore containers and decrypting/retrieving secrets from within your existing PHP code. Usage ----- [](#usage) *This PHP library is largely intended to be used alongside one of the SecureStore cli companion apps, used to create SecureStore values and manage (add/remove/update) the secrets stored therein. In this example, we'll be using the [`ssclient`](https://github.com/neosmart/securestore-rs/tree/master/ssclient) cli utility to create a new store.* ### Creating a secrets vault [](#creating-a-secrets-vault) Typical SecureStore usage begins by creating a new SecureStore "vault" (an encrypted secrets container) that will store the credentials (usually both usernames and passwords) that your app will need. Begin by compiling or downloading and installing a copy of [`ssclient`](https://github.com/neosmart/securestore-rs/tree/master/ssclient), the SecureStore companion cli. While you can compile it yourself or manually download [pre-built binaries for your platform](https://github.com/neosmart/securestore-rs/releases), you might find it easiest to just install it with `npm`: ``` ~> npm install --global ssclient ``` after which you can proceed with the following steps: ``` ~> mkdir secure/ ~> cd secure/ ~> ssclient create --export-key secrets.key Password: ************ Confirm Password: ************ # Now you can use `ssclient -p` with your password or # `ssclient -k secrets.key` to encrypt/decrypt with # the same keys. ``` ### Adding secrets [](#adding-secrets) Secrets may be added with your password or the equivalent encryption key file, and may be specified in-line as arguments to `ssclient` or more securely at a prompt by omitting the value when calling `ssclient create`: ``` # ssclient defaults to password-based decryption: ~> ssclient set aws:s3:accessId AKIAV4EXAMPLE7QWERT Password: ********* ``` similarly: ``` # Use `-k secrets.key` to load the encryption key and # skip the prompt for the vault password: ~> ssclient -k secrets.key set aws:s3:accessKey Value: v1Lp9X7mN2B5vR8zQ4tW1eY6uI0oP3aS5dF7gH9j ``` ### Retrieving secrets [](#retrieving-secrets) Secrets can be retrieved [at the commandline with `ssclient`](https://github.com/neosmart/securestore-rs/tree/master/ssclient) or programmatically with a SecureStore library [for your development language or framework of choice](https://neosmart.net/SecureStore). This library contains the PHP implementation of the SecureStore protocol. The implementation is fully contained within the single `SecureStore.php` file and also published to packagist for use with `composer` – use whichever option you are most comfortable with. ``` composer add neosmart/securestore ``` ``` // require_once("SecureStore.php"); // or // require __DIR__ . '/vendor/autoload.php'; use NeoSmart\SecureStore\SecretsManager; // Load a vault using the decryption key file $sm = SecretsManager::loadWithKeyFile('secure/secrets.json', 'secure/secrets.key'); // List all secrets $allKeys = $sm->keys(); // Retrieve and decrypt secrets $accessId = $sm->get('aws:s3:accessId'); $accessKey = $sm->get('aws:s3:accessKey'); // Continue to use them as you normally would ``` While it is **strongly recommended** to only load secrets programmatically via the encryption key, an alternative `SecretsManager::loadWithPassword("path/to/secrets.json", "your-password")` interface is also available (this can be used if you're developing an interactive tool using SecureStore, for example). API overview ============ [](#api-overview) The `SecureStore` library provides a high-level interface for decrypting and accessing secrets stored in SecureStore v3 vaults. ### `NeoSmart\SecureStore\SecretsManager` [](#neosmartsecurestoresecretsmanager) The primary class used to load vaults and retrieve decrypted secrets. MethodDescription`static loadWithKeyFile(string $path, string $keyPath): self`A convenience method to load and decrypt a vault using SecureStore key file.`static loadWithPassword(string $path, string $password): self`A convenience method to load and decrypt a vault with a password.`static load(string $path, KeySource $keySource): self`Loads a vault using a pre-configured `KeySource` object.`get(string $name): ?string`Retrieves and decrypts a specific secret by its key name. Returns `null` if the secret does not exist.`keys(): array`Returns an array containing the names of all secrets available in the loaded vault.--- ### `NeoSmart\SecureStore\KeySource` [](#neosmartsecurestorekeysource) An abstraction layer used to define the source of the decryption key (either a user-provided password or a cryptographic master key). MethodDescription`static fromFile(string $path): self`Loads a decryption key from a file. Supports raw binary or ASCII-armored (PEM-style) SecureStore formats.`static fromPassword(string $password): self`Initializes a key source using a password. The decryption key will be derived per the SecureStore v3 spec.`static fromKey(array|string $key): self`Loads a decryption key from a raw string or an array of bytes. ### Health Score 19 — LowBetter than 10% of packages Maintenance60 Regular maintenance activity Popularity0 Limited adoption so far Community6 Small or concentrated contributor base Maturity11 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/c2643dd7c6df61aed49d9f3d917ac6d61cafbbda5f9b1619f50d3b749dca415a?d=identicon)[mqudsi](/maintainers/mqudsi) --- Top Contributors [![mqudsi](https://avatars.githubusercontent.com/u/606923?v=4)](https://github.com/mqudsi "mqudsi (7 commits)") ### Embed Badge ![Health badge](/badges/neosmart-securestore/health.svg) ``` [![Health](https://phpackages.com/badges/neosmart-securestore/health.svg)](https://phpackages.com/packages/neosmart-securestore) ``` PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)