Any way to put secrets to vault?

[Peter2121]

I don't see any method to create/update secrets.
Is it planned?

[technicalguru]

Hello,
Thank you for your interest in php-vault. The library is not intended to manipulate secrets. The idea behind php-vault is to access vaults in a transparent way while at the same time you are able to use traditional secret mechanisms in order to ease transition. At the same time, it is not meant to keep passwords of front-end users but of secrets of any back-end communication.

The project was intentionally designed as read-only because the nature of PHP is direct front-end exposure. Any malicious attacker could use the editing feature to change the secrets in your vault.

Adding write features to the library is easy for some of the vault implementations, whereas other implementations cannot support this, e.g. MemoryVault that has no knowledge about where the config comes from or how to create it.

There are currently no plans to enhance it in that way for above reasons. Nevertheless, I want to encourage you to clone the project and add this feature by yourself in case you require it.

[Peter2121]

Hello,
Thanks for this clarification.
We certainly do not want to manipulate the 'normal' secrets (like DB passwords) using php-vault at read/write manner. The idea is using vault (Hashicorp Vault) to store some sensitive data of the application itself. So it could be in a separate branch, the only accessible for writing. I don't see any security issues here.

There are currently no plans to enhance it in that way for above reasons. Nevertheless, I want to encourage you to clone the project and add this feature by yourself in case you require it.

OK, I'll discuss it with my colleagues. As for now, we did not take a definitive decision about using php-vault in our project. If we decide to extend php-vault to read/write mode - I'll post here the address of the repository where this work will be operated.

Thank you!