diontech/laravel-vault

构建保险库和解密/加密密钥。实现了每个保险库(或如果你愿意,每个密钥)使用特定密钥。保险库可以是独立的,也可以与你的应用模型相关。

维护者

详细信息

github.com/DionTech/laravel-vault

源代码

问题

安装: 335

依赖: 0

建议者: 0

安全: 0

星标: 8

关注者: 1

分支: 1

开放问题: 0

v1.2.1 2022-04-28 09:52 UTC

Requires

Requires (Dev)

MIT 26a281bde3ba6a10e47c8aefc663d14435516b3c

  • Daniel Koch <daniel.koch.woop@diontech.de>

This package is auto-updated.

Last update: 2024-09-24 13:51:50 UTC

README

Latest Version run-tests GitHub last commit GitHub issues Packagist Downloads License Twitter Follow

关于保险库

使用保险库,您可以创建作为应用独立单元的保险库或与您应用中的模型相关的保险库,例如每个用户都可以有自己的个人保险库。每个保险库可以包含密钥。而不是使用默认的解密/加密函数,保险库将使用您选择的密钥来保护密钥。例如,用户可以定义其“魔法密钥密码”,每次需要访问密钥时都必须提供。您将如何处理这取决于您的具体情况。

保险库将内部处理密钥长度,并确保长度为16或32,具体取决于您将使用的加密方式(AES-128-CBC = 16,AES-256-CBC = 32)。因此,您可以选择您想要的密钥。

发布/ Laravel 支持

  • laravel 8: v1.1.x
  • laravel 9: v1.2.x

安装

composer require diontech/laravel-vault
php artisan migrate

使用

//creating a vault without a related model
$vault = \DionTech\Vault\Models\Vault::create([
    'name' => 'application vault'
]);

//use default APP_KEY, adding secret
\DionTech\Vault\Support\Facades\Vault::open($vault)->add("facaded_secret", "AN_API_KEY");

//use default APP_KEY, overwrite secret
\DionTech\Vault\Support\Facades\Vault::open($vault)->overwrite("facaded_secret", "AN_API_KEY_overwritten");

//use default APP_KEY, get secret
\DionTech\Vault\Support\Facades\Vault::open($vault)->get("facaded_secret");


//use own key, adding secret
\DionTech\Vault\Support\Facades\Vault::open($vault)->useKey("DO_NOT_FORGETT_IT")->add("facaded_secret", "AN_API_KEY");

//use own key, overwrite secret
\DionTech\Vault\Support\Facades\Vault::open($vault)->useKey("DO_NOT_FORGETT_IT")->overwrite("facaded_secret", "AN_API_KEY_overwritten");

//use own key, get secret
\DionTech\Vault\Support\Facades\Vault::open($vault)->useKey("DO_NOT_FORGETT_IT")->get("facaded_secret");
//adding a vault using the polymorphic relation
//at your model, add morphMany relation, for example at User:

use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
    //...
    
    public function vaults()
    {
        return $this->morphMany(\DionTech\Vault\Models\Vault::class, 'vaultable');
    }
}


//now add a vault at an $user instance later
$user = User::first();

$user->vaults()->create([
    'name' => 'personal'
]);

//now you will have access to the methods like using a facade when you will use the related model based vaults(), starting with open()

$user->vaults()->first()->add("AN_API_KEY", "this-is-the-sensible-value");
$user->vaults()->first()->overwrite("AN_API_KEY", "this-is-the-sensible-value-overwritten");
$user->vaults()->first()->get("AN_API_KEY");

现在编写代码的新选项更多了

Vault::open("a vault name")->add("facaded_secret", "simple value"); //will create the vault

或者当想要基于关系的保险库时

$user = User::first(); 
Vault::setContext($user)->open("personal")->add('bad_password_storing_itself', '12345678'); //will create a vault in relation to the user

因此,当您只输入一个字符串时,保险库就会被创建或加载(如果已经存在)。

更改 KeyService 哈希算法

您可以将配置文件发布 - 之后,您可以在 config/vault.php 中更改算法;默认设置为 sha512。支持的列表在https://php.ac.cn/manual/de/function.hash-hmac-algos.php上列出。