provisionsgroup/config-sync-php
Composer 安装命令:
composer create-project provisionsgroup/config-sync-php
包简介
Add remote configuration synchronization to Laravel
README 文档
README
Config Sync is a generic PHP Composer package that can be extended to support multiple backends - where today it only supports HashiCorp Vault - whose purpose is to synchronize a set of backend secrets data to a locally encrypted file. Compared to a typical PHP Laravel apps, the design goals of the Config Sync are to,
- Replace the .env file; especially for secrets
- Replace the ENVIRONMENT variables; especially for secrets
- Decrease coupling for an app when accessing secrets or configuration data from a backend
- Support Kubernetes Pod secrets/configuration bootstrapping while still supporting local development
Prerequisites
- composer
- PHP
- access to somewhere that HashiCorp vault is hosted
- Configuration stored in developer mount in Vault
developerenvironment (see below) will require additional setup in your.envfile
Command
php artisan config:sync --backend=vault --environment=developer
Options
There are four options that can be specified:
--backend=vault : The backend to use for config values
--environment=developer : The backend environment to use
--watch : Flag that keeps the process running rather than running once
--refresh=10 : Only used if the --watch flag is set; frequency of checking with backend and refreshing file
Currently, the only option for --backend is vault and the default is vault so it is not required to specify this option when running the command. The code was written in such a way, that should another backend be chosen in the future, as long as it aligns with the interface, it could easily be swapped out in lieu of Vault.
The --environment option has three choices:
localdeveloperkubernetes
local environment
The local environment will create a Config Safe from your local Vault server using the Vault auth token to authenticate and retrieve the secret to create the Config Safe for your local running application.
developer environment
The developer environment will create a Config Safe from your developer mount in Vault. The first time, you will need to add the following to your local .env file:
VAULT_MOUNT=location of Vault mount
VAULT_SECRET=vault secret name
When authenticating with Vault, Config Sync assumes that you will use your LDAP username and password, but this can be changed in the config.
kubernetes environment
The kubernetes environment will create a Config Safe from the Vault in the environment where the applicaiton is running. This will use the JWT (Kubernetes ServiceAccount token) and the role (i.e. auditor-portal) to authenticate with Vault and fetch the secret for that role to create the Config Safe.
provisionsgroup/config-sync-php 适用场景与选型建议
provisionsgroup/config-sync-php 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 295 次下载、GitHub Stars 达 1, 最近一次更新时间为 2020 年 02 月 26 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 provisionsgroup/config-sync-php 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 provisionsgroup/config-sync-php 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 295
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 1
- 点击次数: 12
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2020-02-26