PHPackages                             technicalguru/vault - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Framework](/categories/framework)
4. /
5. technicalguru/vault

ActiveLibrary[Framework](/categories/framework)

technicalguru/vault
===================

A flexible, lightweight PHP-based vault to provide secrets dynamically

v1.0.7(5y ago)116.4k4[4 issues](https://github.com/technicalguru/php-vault/issues)2LGPL-3.0-or-laterPHPPHP &gt;=7.0.0CI failing

Since May 23Pushed 3y ago3 watchersCompare

[ Source](https://github.com/technicalguru/php-vault)[ Packagist](https://packagist.org/packages/technicalguru/vault)[ RSS](/packages/technicalguru-vault/feed)WikiDiscussions master Synced 2d ago

READMEChangelog (7)Dependencies (2)Versions (10)Used By (2)

technicalguru/php-vault
=======================

[](#technicalguruphp-vault)

A flexible PHP-based vault to provide secrets dynamically

License
=======

[](#license)

This project is licensed under [GNU LGPL 3.0](LICENSE.md).

Installation
============

[](#installation)

By Composer
-----------

[](#by-composer)

```
composer install technicalguru/vault
```

By Package Download
-------------------

[](#by-package-download)

You can download the source code packages from [GitHub Release Page](https://github.com/technicalguru/php-vault/releases)

Hashicorp Setup
===============

[](#hashicorp-setup)

The procedure is best described at [Hashicorp Blog](https://www.hashicorp.com/blog/authenticating-applications-with-vault-approle). It describes how to create an `approle`. Here is the essence of it:

```
# Enable the auth method for approle
vault auth enable approle

# Create a renewal policy
echo 'path "auth/token/*" { capabilities = [ "create", "read", "update", "delete", "list", "sudo" ] }' >renewal-policy.hcl
vault policy write renewal-policy renewal-policy.hcl

# Create a file with your policy on the respective secret path:
cat 'path "secret/my-secret" { capabilities = ["read", "list"] }' >app-policy.hcl

# Create the policy
vault policy write my-app-policy app-policy.hcl

# Create the approle with renewal-policy and your application policy
vault write auth/approle/role/my-approle token_policies=renewal-policy,my-app-policy token_period=30m token_ttl=30m token_max_ttl=1h token_explicit_max_ttl=2h

# Get the role ID printed
vault read auth/approle/role/my-approle/role-id

# Create the secret ID and print it
vault write -f auth/approle/role/my-approle/secret-id
```

Please notice that you need to recreate the secret ID whenever you change the application role or a policy.

Examples
========

[](#examples)

Create a HashicorpVault
-----------------------

[](#create-a-hashicorpvault)

Please note that this vault is actually a client to an existing Hashicorp Vault.

```
// Create configuration
$config = array(
	'type'   => 'hashicorp',
	'config' => array(
		'uri'      => 'https://127.0.0.1:8200/v1',
		'roleId'   => '123456-12345-12345-123456',
		'secretId' => 'abcdef-abcde-abcde-abcdef'
	)
);

// Create the vault instance
try {
	$vault = \TgVault\VaultFactory::create($config);
} catch (\TgVault\VaultException $e) {
	// Vault could not be created
}
```

Create a MemoryVault
--------------------

[](#create-a-memoryvault)

```
// Create configuration
$config = array(
	'type'   => 'memory',
	'config' => array(
		'secrets' => array(
			'my/secret/number/1' => array(
				'username' => 'my-username1',
				'password' => 'my-password1',
			),
			'my/secret/number/2' => array(
				'username' => 'my-username2',
				'password' => 'my-password2',
			),
		)
	)
);

// Create the vault instance
try {
	$vault = \TgVault\VaultFactory::create($config);
} catch (\TgVault\VaultException $e) {
	// Vault could not be created
}
```

Create a FileVault
------------------

[](#create-a-filevault)

```
// Create configuration
$config = array(
	'type'   => 'file',
	'config' => array(
		'filename' => 'path-to-json-secret-file'
	)
);

// Create the vault instance
try {
	$vault = \TgVault\VaultFactory::create($config);
} catch (\TgVault\VaultException $e) {
	// Vault could not be created
}
```

The secrets file (JSON) shall look like this:

```
{
	"secrets": {
		"my/secret/number/1" : {
			"username" : "my-username1",
			"password" : "my-password1"
		},
		"my/secret/number/2" : {
			"username" : "my-username2",
			"password" : "my-password2"
		}
	}
}
```

Retrieving a secret
-------------------

[](#retrieving-a-secret)

```
try {
	$mySecret1 = $vault->getSecret('my/secret/number/1');
	$mySecret2 = $vault->getSecret('my/secret/number/2');
} catch (\TgVault\VaultException $e) {
	// secret was not found
}

$username1 = $mySecret1->get('username');
$password1 = $mySecret1->get('password');
$username2 = $mySecret2->get('username');
$password2 = $mySecret2->get('password');
```

A value in a secret is `NULL` when the key does not exists whereas an exception will be thrown when the secret itself cannot be found or an error occurred while retrieval.

Using lazy callback credentials
-------------------------------

[](#using-lazy-callback-credentials)

You can use the `SecretProvider` or `CredentialsProvider` helper classes to pass them credentials without knowing where they come from or how to use a vault.

```
$callback1 = new \TgVault\SecretProvider($vault, 'my/secret/number/1');
$callback2 = new \TgVault\CredentialsProvider($vault, 'my/secret/number/2');

try {
	$username1 = $callback1->get('username');
	$password1 = $callback1->get('password');

	$username2 = $callback2->getUsername();
	$password2 = $callback2->getPassword();
} catch (\TgVault\VaultException $e) {
	// Secret cannot be retrieved or does not exist
}
```

The `CredentialsProvider` takes additional constructor arguments that define, which keys in the secret provide username and password. The defaults are as given above for the `SecretProvider`.

Contribution
============

[](#contribution)

Report a bug, request an enhancement or pull request at the [GitHub Issue Tracker](https://github.com/technicalguru/php-vault/issues).

###  Health Score

33

—

LowBetter than 72% of packages

Maintenance13

Infrequent updates — may be unmaintained

Popularity32

Limited adoption so far

Community17

Small or concentrated contributor base

Maturity57

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 98.2% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~29 days

Recently: every ~8 days

Total

8

Last Release

2024d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/6360165?v=4)[Ralph Schuster](/maintainers/technicalguru)[@technicalguru](https://github.com/technicalguru)

---

Top Contributors

[![technicalguru](https://avatars.githubusercontent.com/u/6360165?v=4)](https://github.com/technicalguru "technicalguru (54 commits)")[![Hookz](https://avatars.githubusercontent.com/u/12357301?v=4)](https://github.com/Hookz "Hookz (1 commits)")

---

Tags

hashicorphashicorp-vaultphpphp-frameworkphp-libraryvaultvault-clientframeworkvaulthashicorpvault-clienthashicorp-vault

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/technicalguru-vault/health.svg)

```
[![Health](https://phpackages.com/badges/technicalguru-vault/health.svg)](https://phpackages.com/packages/technicalguru-vault)
```

###  Alternatives

[hemp/presenter

Easy Model Presenters in Laravel

247616.4k1](/packages/hemp-presenter)[pestphp/pest-plugin-stressless

Stressless plugin for Pest

681.0M18](/packages/pestphp-pest-plugin-stressless)[wpstarter/framework

The WpStarter Framework - Laravel Framework for WordPress

1610.2k5](/packages/wpstarter-framework)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
