### Install and Publish Laravel Azure Key Vault Package Source: https://context7.com/shared-digitaltechnologies/laravel-azure-keyvault/llms.txt Installs the `shrd/laravel-azure-keyvault` package using Composer and publishes its configuration file for customization. This is the initial setup step for integrating with Azure Key Vault. ```bash composer require shrd/laravel-azure-keyvault php artisan vendor:publish --provider="Shrd\Laravel\Azure\KeyVault\ServiceProvider" ``` -------------------------------- ### Interact with Azure Key Vault using Vault Facade Source: https://context7.com/shared-digitaltechnologies/laravel-azure-keyvault/llms.txt Demonstrates how to use the `Vault` facade in Laravel to interact with Azure Key Vault. It shows how to get the underlying `KeyVaultClient`, use specific credential drivers, and parse Key Vault reference strings. ```php use Shrd\Laravel\Azure\KeyVault\Facades\Vault; // Get the underlying KeyVaultClient instance $client = Vault::client(); // Use a specific credential driver $client = Vault::client('managed-identity'); // Parse a Key Vault reference string into a reference object $reference = Vault::reference('@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/my-secret)'); // Get the vault name from a reference echo $reference->getVaultName(); // "myvault" echo $reference->getName(); // "my-secret" ``` -------------------------------- ### Resolve Key Vault References with Artisan Command Source: https://context7.com/shared-digitaltechnologies/laravel-azure-keyvault/llms.txt Provides an Artisan console command to test and debug Azure Key Vault references directly from the command line. This command can resolve various reference formats, including direct URIs and Microsoft Key Vault specific strings, with options for verbose output. It requires the package to be installed in a Laravel project. ```bash # Resolve a Key Vault reference string php artisan keyvault:resolve "@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/my-secret)" # Resolve a direct URI php artisan keyvault:resolve "https://myvault.vault.azure.net/secrets/my-secret" # Resolve with verbose output showing full data structure php artisan keyvault:resolve "@Microsoft.KeyVault(VaultName=myvault;SecretName=my-secret)" ``` -------------------------------- ### Direct Key Vault Client Usage in PHP Source: https://context7.com/shared-digitaltechnologies/laravel-azure-keyvault/llms.txt Demonstrates how to use the KeyVaultClient for direct interaction with Azure Key Vault API operations. It covers fetching and caching secrets, keys, and certificates, performing signing and verification operations, configuring cache TTL, and obtaining authenticated HTTP requests. Dependencies include the Shrd\Laravel\Azure\KeyVault library. ```php use Shrd\Laravel\Azure\KeyVault\Facades\Vault; use Shrd\Laravel\Azure\KeyVault\References\KeyVaultSecretReference; use Shrd\Laravel\Azure\KeyVault\References\KeyVaultKeyReference; // Get the client instance $client = Vault::client(); // Or with specific credential $client = Vault::client('production-credential'); // Fetch secret data (always makes API call, updates cache) $secretData = $client->fetchSecretData('https://myvault.vault.azure.net/secrets/my-secret'); // Get secret data (uses cache if available) $secretData = $client->getSecretData('https://myvault.vault.azure.net/secrets/my-secret'); // Fetch key data (always makes API call, updates cache) $keyData = $client->fetchKeyData('https://myvault.vault.azure.net/keys/my-key'); // Get key data (uses cache if available) $keyData = $client->getKeyData('https://myvault.vault.azure.net/keys/my-key'); // Fetch certificate data (always makes API call, updates cache) $certData = $client->fetchCertificateData('https://myvault.vault.azure.net/certificates/my-cert'); // Get certificate data (uses cache if available) $certData = $client->getCertificateData('https://myvault.vault.azure.net/certificates/my-cert'); // Direct signing operation $keyRef = KeyVaultKeyReference::fromUri('https://myvault.vault.azure.net/keys/my-key'); $signResponse = $client->sign($keyRef, 'RS256', 'data to sign'); echo $signResponse->kid; // Key ID used echo $signResponse->value; // Base64url signature // Direct verification operation $isValid = $client->verify($keyRef, 'RS256', 'data to sign', $signResponse->value); // Configure cache TTL $client->setCacheTTL('30 minutes'); $ttl = $client->getCacheTTL(); // Returns CarbonInterval // Get authenticated HTTP request for custom operations $request = $client->request(); $response = $request->get('https://myvault.vault.azure.net/secrets?api-version=7.4'); ``` -------------------------------- ### Manage Key Vault References with Laravel Source: https://context7.com/shared-digitaltechnologies/laravel-azure-keyvault/llms.txt This snippet illustrates the usage of reference classes like `KeyVaultSecretReference`, `KeyVaultKeyReference`, and `KeyVaultCertificateReference`. It demonstrates creating references from names, URIs, specific string formats, and property arrays, along with accessing their properties and converting them to different string representations. ```php use Shrd\Laravel\Azure\KeyVault\References\KeyVaultSecretReference; use Shrd\Laravel\Azure\KeyVault\References\KeyVaultKeyReference; use Shrd\Laravel\Azure\KeyVault\References\KeyVaultCertificateReference; use Shrd\Laravel\Azure\KeyVault\References\KeyVaultReference; // Create secret reference from name $secretRef = KeyVaultSecretReference::fromName( vaultName: 'myvault', secretName: 'my-secret', secretVersion: 'abc123' // Optional ); // Create from URI string $secretRef = KeyVaultSecretReference::fromUri('https://myvault.vault.azure.net/secrets/my-secret'); // Create from Azure App Configuration reference string $secretRef = KeyVaultSecretReference::fromString( '@Microsoft.KeyVault(VaultName=myvault;SecretName=my-secret;SecretVersion=abc123)' ); // Create from properties array $secretRef = KeyVaultSecretReference::fromProperties([ 'SecretUri' => 'https://myvault.vault.azure.net/secrets/my-secret' ]); // Or $secretRef = KeyVaultSecretReference::fromProperties([ 'VaultName' => 'myvault', 'SecretName' => 'my-secret', 'SecretVersion' => 'abc123' ]); // Universal factory method (auto-detects format) $secretRef = KeyVaultSecretReference::from($anyFormat); // Access reference properties echo $secretRef->getVaultName(); // "myvault" echo $secretRef->getName(); // "my-secret" echo $secretRef->getVersion(); // "abc123" echo $secretRef->getHost(); // "myvault.vault.azure.net" echo $secretRef->getPath(); // "/secrets/my-secret/abc123" echo (string) $secretRef; // Full URI echo $secretRef->toReferenceString(); // "@Microsoft.KeyVault(SecretUri=...)" echo $secretRef->getCacheKey(); // Cache key for internal use // Check if a string is a Key Vault reference if (KeyVaultReference::isKeyVaultReferenceString($value)) { $ref = KeyVaultReference::from($value); } // Generic factory automatically detects entity type $ref = KeyVaultReference::from('https://myvault.vault.azure.net/secrets/my-secret'); // Returns KeyVaultSecretReference $ref = KeyVaultReference::from('https://myvault.vault.azure.net/keys/my-key'); // Returns KeyVaultKeyReference $ref = KeyVaultReference::from('https://myvault.vault.azure.net/certificates/my-cert'); // Returns KeyVaultCertificateReference ``` -------------------------------- ### Perform Cryptographic Operations with Azure Key Vault Keys in PHP Source: https://context7.com/shared-digitaltechnologies/laravel-azure-keyvault/llms.txt Illustrates how to obtain Key clients from Azure Key Vault using URIs, reference strings, or property arrays. It covers accessing key data, signing data with supported algorithms, verifying signatures, and retrieving the key reference for future use. ```php use Shrd\Laravel\Azure\KeyVault\Facades\Vault; // Get a Key client from URI $key = Vault::key('https://myvault.vault.azure.net/keys/my-signing-key'); // Get a Key client from reference string $key = Vault::key('@Microsoft.KeyVault(KeyUri=https://myvault.vault.azure.net/keys/my-signing-key)'); // Get a Key client from properties array $key = Vault::key([ 'VaultName' => 'myvault', 'KeyName' => 'my-signing-key', 'KeyVersion' => 'version123' // Optional ]); // Access key data $data = $key->getData(); echo $data->get('kty'); // Key type (RSA, EC, etc.) echo $data->get('key_ops'); // Allowed operations echo $data->get('n'); // RSA modulus (if RSA key) echo $data->get('e'); // RSA exponent (if RSA key) // Sign data using the key $dataToSign = 'Important message to sign'; $signature = $key->sign('RS256', $dataToSign); // Returns base64url-encoded signature string // Verify a signature $isValid = $key->verify('RS256', $dataToSign, $signature); // Returns true if signature is valid // Supported algorithms: RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384, ES512 // Get the key reference for later use $keyReference = $key->getKeyReference(); echo $keyReference->toReferenceString(); // Output: @Microsoft.KeyVault(KeyUri=https://myvault.vault.azure.net/keys/my-signing-key) ``` -------------------------------- ### Inject KeyVaultService for Testable Code in PHP Source: https://context7.com/shared-digitaltechnologies/laravel-azure-keyvault/llms.txt Illustrates how to inject the KeyVaultService into Laravel controllers, jobs, or other classes for improved testability. This service allows for easy resolution of secrets, retrieval of keys, and verification of signatures, simplifying secure data handling within application logic. It requires the Shrd\Laravel\Azure\KeyVault library and proper service provider configuration. ```php use Shrd\Laravel\Azure\KeyVault\KeyVaultService; class PaymentController extends Controller { public function __construct(private KeyVaultService $vault) { } public function processPayment(Request $request) { // Resolve API key from Key Vault $stripeKey = $this->vault->resolve(config('services.stripe.secret')); // Get signing key for webhooks $signingKey = $this->vault->key(config('services.stripe.webhook_signing_key')); // Verify webhook signature $payload = $request->getContent(); $signature = $request->header('Stripe-Signature'); if (!$signingKey->verify('RS256', $payload, $signature)) { abort(401, 'Invalid webhook signature'); } // Process payment... } } // In a service provider or config class AppServiceProvider extends ServiceProvider { public function boot(KeyVaultService $vault) { // Resolve database password at boot time $dbConfig = config('database.connections.mysql'); $vault->resolveKeys($dbConfig, ['password']); config(['database.connections.mysql' => $dbConfig]); } } ``` -------------------------------- ### Manage Certificates with Laravel Azure Key Vault Source: https://context7.com/shared-digitaltechnologies/laravel-azure-keyvault/llms.txt This snippet demonstrates how to use the `Vault::certificate()` method to obtain a certificate client. It covers obtaining clients from URIs, reference strings, and property arrays. It also shows how to access certificate data, policies, keys, and perform signing/verification operations. ```php use Shrd\Laravel\Azure\KeyVault\Facades\Vault; // Get a Certificate client from URI $cert = Vault::certificate('https://myvault.vault.azure.net/certificates/my-certificate'); // Get a Certificate client from reference string $cert = Vault::certificate('@Microsoft.KeyVault(CertificateUri=https://myvault.vault.azure.net/certificates/my-certificate)'); // Get a Certificate client from properties array $cert = Vault::certificate([ 'VaultName' => 'myvault', 'CertificateName' => 'my-certificate', 'CertificateVersion' => 'version456' // Optional ]); // Access certificate data $data = $cert->getData(); echo $data->id; // Certificate identifier echo $data->kid; // Key identifier echo $data->sid; // Secret identifier echo $data->x5t; // X.509 thumbprint echo $data->cer; // Base64-encoded public certificate // Access certificate policy $policy = $data->policy; // Get the certificate's private key as a Secret $secret = $cert->getSecret(); $privateKeyPem = $secret->toString(); // PEM or PKCS#12 depending on policy // Get the certificate's Key client for signing $key = $cert->getKey(); // Sign data using the certificate's key $signature = $cert->sign('RS256', 'data to sign'); // Verify signature using the certificate's key $isValid = $cert->verify('RS256', 'data to sign', $signature); // Get references for later use $secretRef = $cert->getSecretReference(); $keyRef = $cert->getKeyReference(); ``` -------------------------------- ### Configure Azure Key Vault Settings in Laravel Source: https://context7.com/shared-digitaltechnologies/laravel-azure-keyvault/llms.txt Defines the configuration for the Azure Key Vault integration in Laravel. This includes setting the Azure credential driver, enabling/disabling caching, specifying the cache store, prefix, and Time To Live (TTL) for cached Key Vault responses. ```php // config/azure-keyvault.php return [ // Azure credential driver name (from laravel-azure-identity) "credential" => env('AZURE_KEYVAULT_CREDENTIAL'), "cache" => [ // Enable/disable caching of Key Vault responses "enabled" => env('AZURE_KEYVAULT_CACHE_ENABLED', true), // Laravel cache store to use (null = default store) "store" => env('AZURE_KEYVAULT_CACHE_STORE'), // Cache key prefix for Key Vault items "prefix" => env('AZURE_KEYVAULT_CACHE_PREFIX', 'azure-keyvault:'), // Cache TTL (supports Carbon interval strings) "ttl" => env('AZURE_KEYVAULT_TTL', '1 hour') ] ]; ``` -------------------------------- ### Access Azure Key Vault Secrets in PHP Source: https://context7.com/shared-digitaltechnologies/laravel-azure-keyvault/llms.txt Demonstrates how to retrieve secret clients from Azure Key Vault using various methods (URI, reference string, properties array). It also shows how to access the secret value, resolved value, raw data, metadata, and associated key client. The code handles different content types like JSON and PKCS#12. ```php use Shrd\Laravel\Azure\KeyVault\Facades\Vault; // Get a Secret client from URI $secret = Vault::secret('https://myvault.vault.azure.net/secrets/my-secret'); // Get a Secret client from reference string $secret = Vault::secret('@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/my-secret)'); // Get a Secret client from properties array $secret = Vault::secret([ 'VaultName' => 'myvault', 'SecretName' => 'my-secret', 'SecretVersion' => 'abc123' // Optional: specific version ]); // Access the secret value $value = $secret->toString(); echo (string) $secret; // Stringable interface // Get the resolved value (auto-parses JSON content types) $resolved = $secret->getResolvedValue(); // Returns array if contentType is application/json, string otherwise // Access secret data and metadata $data = $secret->getData(); echo $data->value; // Raw secret value echo $data->id; // Secret identifier URI echo $data->kid; // Associated key identifier (if any) echo $data->contentType; // MIME type of secret echo $data->managed; // Whether managed by Key Vault // Check content type if ($data->isJson()) { $arrayValue = $data->getArrayValue(); $specific = $data->get('nested.key', 'default'); } if ($data->isPKCS12()) { // Handle PKCS#12 certificate bundle } if ($data->isPem()) { // Handle PEM-encoded certificate } // Access tags and attributes $tags = $data->tags; $attributes = $data->attributes; $enabled = $data->getAttribute('enabled'); $expires = $data->getAttribute('exp'); // Get associated key client (if secret has an associated key) $key = $secret->getKey(); if ($key) { $signature = $key->sign('RS256', $dataToSign); } ``` -------------------------------- ### Resolve Secrets from Azure Key Vault Source: https://context7.com/shared-digitaltechnologies/laravel-azure-keyvault/llms.txt Shows how to resolve secret values from Azure Key Vault using the `Vault::resolve()` method. This method automatically detects Key Vault reference strings (both URI and `@Microsoft.KeyVault()` format) and retrieves the actual secret values. It also handles non-Key Vault values and allows resolving multiple keys from an array. ```php use Shrd\Laravel\Azure\KeyVault\Facades\Vault; // Resolve a Key Vault reference string to its actual value $apiKey = Vault::resolve('@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/api-key)'); // Resolve using direct URI $dbPassword = Vault::resolve('https://myvault.vault.azure.net/secrets/db-password'); // Non-Key Vault values are returned unchanged $regularValue = Vault::resolve('plain-text-value'); // Returns: "plain-text-value" // Resolve with a specific credential $secret = Vault::resolve($referenceString, 'production-credential'); // Resolve multiple keys in an array at once $config = [ 'database' => [ 'password' => '@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/db-password)', 'host' => 'localhost' ], 'api_key' => '@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/api-key)' ]; Vault::resolveKeys($config, ['database.password', 'api_key']); // $config now contains resolved secret values ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.