jardissupport/secret
最新稳定版本:v1.0.0
Composer 安装命令:
composer require jardissupport/secret
包简介
Secret resolution for encrypted configuration values using AES-256-GCM and Sodium with key provider abstraction
关键字:
README 文档
README
Part of the Jardis Business Platform — Enterprise-grade PHP components for Domain-Driven Design
Secret resolution for encrypted configuration values. Encrypt secrets with AES-256-GCM or Sodium, store them safely in .env files, and decrypt transparently at load time. Plugs into the DotEnv cast chain — no manual decryption calls needed.
Features
- AES-256-GCM Encryption — authenticated encryption via OpenSSL;
AesSecretResolverhandles encrypt and decrypt - Sodium XSalsa20-Poly1305 — libsodium-based encryption via
SodiumSecretResolverwith explicitsodium:prefix - DotEnv Integration —
SecretHandlerplugs directly intoDotEnv::addHandler()as a prepended cast handler - Resolver Chain —
SecretResolverChaindelegates to the first resolver whose prefix matches the encrypted value - Key Providers —
FileKeyProviderreads a 32-byte key from a file;EnvKeyProviderreads from an environment variable; both auto-detect base64 encoding - Makefile Tooling —
make generate-key-file,make encrypt, andmake encrypt-sodiumfor setup and secret rotation - Typed Exceptions —
InvalidKeyExceptionandDecryptionFailedExceptionfor precise error handling
Installation
composer require jardissupport/secret
Quick Start
1. Generate a key and encrypt a value
make generate-key-file # Creates support/secret.key make encrypt VALUE="my-database-password" # Outputs: secret(base64...)
2. Store the encrypted value in .env
DB_PASSWORD=secret(base64encodedEncryptedValue)
3. Integrate with DotEnv
use JardisSupport\DotEnv\DotEnv; use JardisSupport\Secret\Handler\SecretHandler; use JardisSupport\Secret\KeyProvider\FileKeyProvider; $dotEnv = new DotEnv(); $dotEnv->addHandler( new SecretHandler(new FileKeyProvider('support/secret.key')), prepend: true, ); $config = $dotEnv->loadPrivate('/path/to/app'); // $config['DB_PASSWORD'] → decrypted plaintext, no secret() wrapper
Advanced Usage
use JardisSupport\Secret\Handler\SecretHandler; use JardisSupport\Secret\Handler\SecretResolverChain; use JardisSupport\Secret\KeyProvider\EnvKeyProvider; use JardisSupport\Secret\KeyProvider\FileKeyProvider; use JardisSupport\Secret\Resolver\AesSecretResolver; use JardisSupport\Secret\Resolver\SodiumSecretResolver; use JardisSupport\DotEnv\DotEnv; // Key from environment variable instead of a file // EnvKeyProvider auto-detects base64-encoded keys $keyProvider = new EnvKeyProvider('APP_SECRET_KEY'); // Build a custom resolver chain with explicit ordering // Sodium resolver matches 'sodium:...' prefix; AES is the catch-all fallback $chain = (new SecretResolverChain()) ->addResolver(new SodiumSecretResolver($keyProvider)) ->addResolver(new AesSecretResolver($keyProvider)); // Encrypt a Sodium value (e.g. in a setup script) // make encrypt-sodium VALUE="my-api-key" → secret(sodium:base64...) // .env with mixed encryption algorithms: // DB_PASSWORD=secret(base64AesEncryptedValue) // API_KEY=secret(sodium:base64SodiumEncryptedValue) // PLAIN=no-encryption-needed $dotEnv = new DotEnv(); $dotEnv->addHandler(new SecretHandler($keyProvider), prepend: true); // SecretHandler automatically wires both AES and Sodium resolvers; // use a manual chain only when you need fine-grained resolver control $config = $dotEnv->loadPrivate('/path/to/app'); // DB_PASSWORD → AES-decrypted string // API_KEY → Sodium-decrypted string // PLAIN → 'no-encryption-needed' (passed through unchanged)
Documentation
Full documentation, guides, and API reference:
docs.jardis.io/en/support/secret
License
This package is licensed under the MIT License.
Jardis · Documentation · Headgent
KI-gestützte Entwicklung
Dieses Package liefert einen Skill für Claude Code, Cursor, Continue und Aider mit. Installation im Konsumentenprojekt:
composer require --dev jardis/dev-skills
Mehr Details: https://docs.jardis.io/skills
统计信息
- 总下载量: 17
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 5
- 依赖项目数: 0
- 推荐数: 1
其他信息
- 授权协议: MIT
- 更新时间: 2026-03-14