README

这是一个PHP库，通过其REST API访问存储在Azure密钥保管库中的证书和秘密。

参见 https://docs.microsoft.com/en-gb/azure/key-vault/general/

安装

将GitHub仓库添加到您的composer.json文件中。

"repositories": {
    "itk-dev/azure-key-vault-php": {
        "type": "vcs",
        "url": "https://github.com/itk-dev/AzureKeyVaultPhp"
    }
},

使用composer安装库。

composer require itk-dev/azure-key-vault-php": "dev-master"

使用方法

<?php

$autoloader = require_once 'vendor/autoload.php';

use Itkdev\AzureKeyVault\Authorisation\VaultToken;
use Itkdev\AzureKeyVault\KeyVault\VaultCertificate;
use Itkdev\AzureKeyVault\KeyVault\VaultSecret;

// The VaultToken class requires a PSR-18 compatible http client and a PSR-17 compatible request factory.
$vaultToken = new VaultToken($httpClient, $requestFactory);

// Requires that you have an tenant if, client id and client secret.
$token = $vaultToken->getToken(
    'xxxx',
    'yyyy',
    'zzzz'
);    

// Certificates
// This requires a PSR-18 compatible http client and a PSR-17 compatible request factory.
// Get vault with the name 'testVault' using the access token.
$vault = new VaultCertificate($httpClient, $requestFactory, 'testVault', $token->getAccessToken());

$cert = $vault->getCertificate('TestCert', '8cb726a7bd52460a96a5496672562df0');
echo $cert->getCert();

// Secrets
// This requires a PSR-18 compatible http client and a PSR-17 compatible request factory.
// Get vault with the name 'testVault' using the access token.
$vault = new VaultSecret($httpClient, $requestFactory, 'testVault', $token->getAccessToken());

$secret = $vault->getSecret('TestCert', '8cb726a7bd52460a96a5496672562df0');
echo $secret->getValue();

在保管库中存储证书

在将.p12文件上传到Azure密钥保管库之前，您可能需要将其重命名为.pfx。

从PKCS12证书中移除密码

如果您不希望在Azure密钥保管库中存储的证书上设置密码，可以使用以下命令来移除密码

openssl pkcs12 -in certificate.p12 -nodes | openssl pkcs12 -export -out certificate.passwordless.pfx