garyr/portunus

一个用于存储加密秘密的库

维护者

详细信息

github.com/garyr/portunus

源码

问题

安装数: 5,410

依赖者: 0

建议者: 0

安全性: 0

星标: 5

关注者: 0

分支: 1

开放问题: 1

1.1.9 2018-01-10 00:10 UTC

Requires

Requires (Dev)

MIT f429262f4161c6a078df6a67ae827bdae6ba53f0

  • Gary Rogers <gmrwebde.woop@gmail.com>

storageencryptioncryptvaluesslkeysecrets

This package is auto-updated.

Last update: 2024-08-29 04:19:48 UTC

README

Build Status

Portunus - 密钥之神

一个用于存储加密秘密的库

安装

{
    "require": {
        "garyr/portunus": "1.0.*"
    },
    "scripts": {
        "post-update-cmd": [
            "Portunus\\Console\\Composer::postUpdate"
        ],
        "post-install-cmd": [
            "Portunus\\Console\\Composer::postInstall"
        ]
    }
}

Portunus 安全存储

Portunus 安全存储可以与应用程序环境(例如 'dev', 'test', 'prod' 等)同义。

安全和秘密存储在一个 sqlite 数据库中(默认为应用程序 'vendor-dir' 父目录下的 ./data 目录)。此路径文件名可以使用 composer "extra" 值进行自定义。

{
    "extra": {
       "portunus-data-dir": "data",
        "portunus-db-name": "portunus.sqlite"
    }
}

创建安全存储

$ ./vendor/bin/portunus safe:create dev

Creating safe 'dev'... DONE

PLEASE STORE PRIVATE KEY (CANNOT BE RECOVERED)
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDNbnPVippiJucJ/Ikb0TpxhZXi58x99Mw/vAHhG5Og9HaLtdRp
...
-----END RSA PRIVATE KEY-----

重要:请存储私钥以备后用。运行时需要私钥来解密所有秘密。Portunus 不提供存储或传输私钥的机制。

列出安全存储

$ ./vendor/bin/portunus safe:list

+-----------+----------------------+-----------+---------------------+---------------------+
| Safe Name | Signature            | # Secrets | Created             | Updated             |
+-----------+----------------------+-----------+---------------------+---------------------+
| dev       | b7f67d9ea53c0d8c6... | 12        | 2015-05-07 16:30:46 | 2015-05-07 16:30:46 |
| test      | a55dbfe5222125270... | 12        | 2015-05-07 16:30:49 | 2015-05-07 16:30:49 |
| prod      | a87b4d977d7bcfe75... | 12        | 2015-05-07 16:30:52 | 2015-05-07 16:30:52 |
+-----------+----------------------+-----------+---------------------+---------------------+

存储秘密

存储一个秘密键:值对

$ ./vendor/bin/portunus secret:store dev foo bar

Using safe 'dev'...

Creating secret 'foo'... DONE

此命令将在安全存储 'dev' 中以 'foo' 为参考加密字符串 'bar'

列出存储的秘密

$ ./bin/portunus secret:list dev

+-----------+-------------------------+--------+---------------------+---------------------+
| Key Name  | Signature               | Length | Created             | Updated             |
+-----------+-------------------------+--------+---------------------+---------------------+
| foo       | fe1cbb60a0249ecbd3f2... | 128    | 2015-05-07 16:32:03 | 2015-05-07 16:32:03 |
| foo.foo   | 847b80314a68c84ab0c9... | 128    | 2015-05-07 16:33:21 | 2015-05-07 16:33:21 |
| foo3      | 0e0da8e1ef532f19120e... | 128    | 2015-05-07 16:33:41 | 2015-05-07 16:33:41 |
| foofoo    | 998d5692a9f162e07937... | 128    | 2015-05-07 16:33:18 | 2015-05-07 16:33:18 |
+-----------+-------------------------+--------+---------------------+---------------------+

在您的应用程序中检索秘密

// callback to deliver private key
$callback = function($safeName) {
    // this should return your private key
    return $myPrivateKeyBytes;
};

$Agent = new Portunus\Application\Agent();
$Agent->setSafe('dev');
$Agent->setPrivateKeyCallback($callback);

// retrieve decrypted value 'bar'
$value = $Agent->getKey('foo');

测试

基本的 PHPUnit 测试覆盖率

$ cd path/to/Portunus/
$ composer install
$ phpunit