bella-baxter/sdk 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

bella-baxter/sdk

Composer 安装命令:

composer require bella-baxter/sdk

包简介

Official PHP SDK for the Bella Baxter secret management platform

README 文档

README

Official PHP SDK for the Bella Baxter secret management platform.

Requirements

  • PHP 8.1+
  • Extensions: ext-curl, ext-json, ext-openssl (all bundled by default)

Installation

composer require bella-baxter/sdk

Quick Start

use BellaBaxter\BaxterClient;
use BellaBaxter\BaxterClientOptions;

$client = new BaxterClient(new BaxterClientOptions(
    baxterUrl:       'https://baxter.example.com',
    clientId:        'bella_ak_abc123',       // from: bella apikeys create
    clientSecret:    'your-secret-here',
    environmentSlug: 'production',
    enableE2ee:      true,                    // end-to-end encryption
));

$secrets = $client->getAllSecrets();
echo $secrets['DATABASE_URL'];

End-to-End Encryption (E2EE)

When enableE2ee: true is set:

  1. The SDK generates a P-256 ECDH key pair on startup
  2. The public key is sent as X-E2E-Public-Key header with every request
  3. The server encrypts the response using ECDH-P256 + HKDF-SHA256 + AES-256-GCM
  4. The SDK decrypts the response transparently

Secret values are never visible in plaintext — not in server logs, proxies, or network captures.

// E2EE is opt-in — disabled by default
$clientWithE2ee = new BaxterClient(new BaxterClientOptions(
    // ...
    enableE2ee: true,
));

API

getAllSecrets(): array<string,string>

Fetches all secrets for the configured environment.

$secrets = $client->getAllSecrets();
// ['DATABASE_URL' => 'postgres://...', 'API_KEY' => '...']

getSecret(string $key): string

Fetches all secrets and returns a single value by key. Throws \RuntimeException if not found.

$dbUrl = $client->getSecret('DATABASE_URL');

getSecretsVersion(int $version): array<string,string>

Fetches secrets at a specific version snapshot.

$secrets = $client->getSecretsVersion(42);

Configuration

Option Type Default Description
baxterUrl string Base URL of the Baxter API
clientId string API key client ID
clientSecret string API key client secret
environmentSlug string Environment slug (e.g. production)
enableE2ee bool false Enable end-to-end encryption
timeoutSeconds int 10 HTTP request timeout

Laravel Integration

// config/services.php
'bella' => [
    'url'         => env('BAXTER_URL'),
    'client_id'   => env('BAXTER_CLIENT_ID'),
    'client_secret' => env('BAXTER_CLIENT_SECRET'),
    'environment' => env('BAXTER_ENVIRONMENT', 'production'),
    'e2ee'        => env('BAXTER_E2EE', true),
],

// AppServiceProvider::register()
$this->app->singleton(BaxterClient::class, function () {
    return new BaxterClient(new BaxterClientOptions(
        baxterUrl:       config('services.bella.url'),
        clientId:        config('services.bella.client_id'),
        clientSecret:    config('services.bella.client_secret'),
        environmentSlug: config('services.bella.environment'),
        enableE2ee:      (bool) config('services.bella.e2ee'),
    ));
});

Symfony Integration

# config/services.yaml
BellaBaxter\BaxterClientOptions:
    arguments:
        $baxterUrl:       '%env(BAXTER_URL)%'
        $clientId:        '%env(BAXTER_CLIENT_ID)%'
        $clientSecret:    '%env(BAXTER_CLIENT_SECRET)%'
        $environmentSlug: '%env(BAXTER_ENVIRONMENT)%'
        $enableE2ee:      true

BellaBaxter\BaxterClient:
    arguments:
        $options: '@BellaBaxter\BaxterClientOptions'

Typed Secret Code Generation

bella secrets generate php fetches the secrets manifest (key names + type hints, no values) from the Bella API and generates a typed AppSecrets class. Each method calls getenv() at runtime — no secret values are ever embedded in the generated file.

bella secrets generate php \
  --project my-app \
  --environment production \
  --output AppSecrets.php

Generated AppSecrets.php:

<?php
// Auto-generated by bella secrets generate php — do not edit manually.

class AppSecrets
{
    public function getDatabaseUrl(): string
    {
        $v = getenv('DATABASE_URL');
        if ($v === false) throw new \RuntimeException("Secret 'DATABASE_URL' is not set.");
        return $v;
    }

    public function getPort(): int
    {
        $v = getenv('PORT');
        if ($v === false) throw new \RuntimeException("Secret 'PORT' is not set.");
        return (int) $v;
    }

    public function isEnableFeatureX(): bool
    {
        $v = getenv('ENABLE_FEATURE_X');
        if ($v === false) throw new \RuntimeException("Secret 'ENABLE_FEATURE_X' is not set.");
        return filter_var($v, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ?? false;
    }
}

Usage alongside the SDK

// Secrets must be in the environment before accessing.
// Use bella run, the SDK (BaxterClient), or a .env file loaded at bootstrap.

$secrets = new AppSecrets();
$dbUrl = $secrets->getDatabaseUrl();  // string — throws if missing
$port  = $secrets->getPort();         // int — parsed automatically

Because each method reads getenv() on every call, values updated between requests (or via bella watch) are always current.

Options

Option Default Description
-p, --project <slug> .bella context Project slug
-e, --environment <slug> .bella context Environment slug
--provider <slug> default Provider slug
-o, --output <path> AppSecrets.php Output file path
--class-name <name> AppSecrets Class name
--dry-run Print to stdout without writing

bella-baxter/sdk 适用场景与选型建议

bella-baxter/sdk 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 50 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 03 月 26 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「secrets」 「vault」 「secret-management」 「bella-baxter」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 bella-baxter/sdk 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 bella-baxter/sdk 我们能提供哪些服务?
定制开发 / 二次开发

基于 bella-baxter/sdk 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 50
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 36
  • 依赖项目数: 2
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-03-26