-
-
Save MinDBreaK/8c11c6b7948186eb36dec4acaf73cf99 to your computer and use it in GitHub Desktop.
Simple Hashicorp Vault Parameter Resolver for Symfony
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Your env var to resolve : kvStore:key[:version] | |
VAULT_TEST=api:test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
parameters: | |
# Use the `vault` prefix to process it through the VaultParameterResolver | |
'vault.test': "%env(vault:VAULT_TEST)%" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
namespace App\Config; | |
use Psr\Log\LoggerInterface; | |
use Symfony\Component\DependencyInjection\EnvVarProcessorInterface; | |
use Symfony\Contracts\HttpClient\Exception\ClientExceptionInterface; | |
use Symfony\Contracts\HttpClient\Exception\DecodingExceptionInterface; | |
use Symfony\Contracts\HttpClient\Exception\RedirectionExceptionInterface; | |
use Symfony\Contracts\HttpClient\Exception\ServerExceptionInterface; | |
use Symfony\Contracts\HttpClient\Exception\TransportExceptionInterface; | |
use Symfony\Contracts\HttpClient\HttpClientInterface; | |
class VaultParameterResolver implements EnvVarProcessorInterface | |
{ | |
public const VAULT_URL = 'http://vault:8200'; | |
private HttpClientInterface $httpClient; | |
private string $vaultToken; | |
private LoggerInterface $logger; | |
private string $vaultUri; | |
public function __construct( | |
HttpClientInterface $httpClient, | |
LoggerInterface $logger, | |
string $vaultUri = self::VAULT_URL, | |
string $vaultToken = '' | |
) { | |
$this->httpClient = $httpClient; | |
$this->vaultToken = $vaultToken; | |
$this->logger = $logger; | |
$this->vaultUri = $vaultUri; | |
} | |
/** | |
* @param string $prefix | |
* @param string $name The name of the env var | |
* @param \Closure $getEnv | |
* | |
* @return mixed|null | |
*/ | |
public function getEnv(string $prefix, string $name, \Closure $getEnv) | |
{ | |
$nameValue = $getEnv($name); // We get the env var value | |
$params = explode(':', $nameValue); // Get the parameters kvStore:key[:version] | |
return $this->getValue(...$params); // Return the value | |
} | |
public static function getProvidedTypes(): array | |
{ | |
return ['vault' => 'string']; // Vault will always return a string in kv | |
} | |
private function getValue(string $secretKV, string $key, int $version = null) | |
{ | |
$data = []; | |
$options = [ | |
'headers' => [ | |
'X-Vault-Token' => $this->vaultToken // Set you vault token | |
], | |
]; | |
if ($version !== null) { | |
$options['query']['version'] = $version; // If we have a version, set it in the query | |
} | |
try { | |
$res = $this->httpClient->request( | |
'GET', | |
$this->vaultUri . '/v1/secret/data/' . $secretKV, | |
$options | |
); | |
$data = $res->toArray()['data']; // Retrieve your configuration | |
} catch (TransportExceptionInterface|ClientExceptionInterface|DecodingExceptionInterface|RedirectionExceptionInterface|ServerExceptionInterface $e) { | |
$this->logger->critical($e->getMessage()); | |
} | |
$values = $data['data'] ?? []; | |
if (!array_key_exists($key, $values)) { // If the key does not exist, just return null. | |
return null; // You could also throw an MissingParameterException for example. | |
} | |
return $values[$key]; // Return your value | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment