PHPackages violet88/silverstripe-vault - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. violet88/silverstripe-vault ActiveSilverstripe-vendormodule[Security](/categories/security) violet88/silverstripe-vault =========================== A SilverStripe module for encrypting and decrypting data using the HashiCorp Vault API v2.0.0(2y ago)01BSD-3-ClausePHPPHP >=7.4 || ^8.0 Since Mar 29Pushed 2y agoCompare [ Source](https://github.com/Violet88github/silverstripe-vault)[ Packagist](https://packagist.org/packages/violet88/silverstripe-vault)[ RSS](/packages/violet88-silverstripe-vault/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (4)Versions (14)Used By (0) SilverStripe Vault Module ========================= [](#silverstripe-vault-module) This module provides a way to store sensitive data securely using the [Vault](https://www.vaultproject.io/) service (specifically the [Transit API](https://developer.hashicorp.com/vault/api-docs/secret/transit)). Requirements ------------ [](#requirements) - SilverStripe ^4 || ^5 - PHP ^7.4 || ^8.0 - [Vault Server](https://vaultproject.io) with [Transit API](https://developer.hashicorp.com/vault/api-docs/secret/transit) enabled Installation ------------ [](#installation) Install the module using composer. ``` composer require violet88/silverstripe-vault ``` Configuration ------------- [](#configuration) ### Vault [](#vault) The module requires transit to be enabled on the Vault server. The following policy can be used to enable transit. ``` path "transit/*" { capabilities = ["create", "read", "update", "delete", "list", "sudo"] } ``` The transit engine can be enabled using the following command. ``` vault secrets enable transit ``` ### SilverStripe [](#silverstripe) #### Configuration File [](#configuration-file) The module requires a Vault server to be configured. The server can be configured in the `vault.yml` file. ``` --- name: vault --- Violet88/VaultModule/VaultClient: vault_token: # Vault Authorization Token vault_url: # Vault URL vault_transit_path: # Transit Path, defaults to 'transit' ``` Additionally, a default key can be configured in the `vault.yml` file. ``` Violet88/VaultModule/VaultKey: name: # Key Name type: # Key Type, e.g. aes256-gcm96 ``` If no key is configured, the module will use the following defaults. ``` Violet88/VaultModule/VaultKey: name: "silverstripe" type: "aes256-gcm96" ``` Keys will be created automatically if they do not exist, be sure to set Vault permissions accordingly. #### Environment Variables [](#environment-variables) Along with the `vault.yml` file, the module supports the following environment variables. ``` VAULT_TOKEN="s.1234567890abcdef" VAULT_URL="https://vault.example.com" VAULT_TRANSIT_PATH="transit" ``` Setting these environment variables will override the corresponding values set in the `vault.yml` file. Usage ----- [](#usage) The module provides an `Encrypted` field type that automatically encrypts and decrypts data when it is saved and retrieved from the database. ```