-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PHP SDK implementation #316
Merged
Merged
Changes from 15 commits
Commits
Show all changes
17 commits
Select commit
Hold shift + click to select a range
6957fa0
rough implementation of php
milost77 25c6da1
cleaup
milost77 ca871d9
begin adjustments
milost77 24076b3
working cruds
milost77 651a2d3
adding workflow (#1)
milost77 1d71700
Merge branch 'bitwarden:master' into master
milost77 9a12907
readme
milost77 3d09abf
workflow update (#4)
milost77 5e4e2e7
update upon pr
milost77 16d856e
rename authorize to access token login
milost77 bd0433b
updated readme
milost77 d9fbaa7
add bitwarden settings
milost77 2b5ae7c
refactor bitwarden settings class
milost77 fee3691
auth dont return response
milost77 179ead0
remove device_type settings param
milost77 6e34383
Fix prettier
dani-garcia 6889146
Merge branch 'master' into master
dani-garcia File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
name: Publish PHP SDK | ||
|
||
on: | ||
pull_request: | ||
branches: | ||
- master | ||
|
||
jobs: | ||
build_rust: | ||
uses: ./.github/workflows/build-rust-cross-platform.yml | ||
|
||
setup_php: | ||
name: Setup PHP | ||
runs-on: ubuntu-22.04 | ||
needs: | ||
- build_rust | ||
|
||
steps: | ||
- name: Checkout Repository | ||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
|
||
- name: Setup PHP with PECL extension | ||
uses: shivammathur/setup-php@7fdd3ece872ec7ec4c098ae5ab7637d5e0a96067 # 2.26.0 | ||
with: | ||
php-version: '8.0' | ||
tools: composer | ||
extensions: ext-ffi | ||
|
||
- name: Composer check | ||
run: | | ||
composer install | ||
composer validate | ||
working-directory: languages/php/ | ||
|
||
- name: Download x86_64-apple-darwin files | ||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | ||
with: | ||
name: libbitwarden_c_files-x86_64-apple-darwin | ||
path: temp/macos-x64 | ||
|
||
- name: Download aarch64-apple-darwin files | ||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | ||
with: | ||
name: libbitwarden_c_files-aarch64-apple-darwin | ||
path: temp/macos-arm64 | ||
|
||
- name: Download x86_64-unknown-linux-gnu files | ||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | ||
with: | ||
name: libbitwarden_c_files-x86_64-unknown-linux-gnu | ||
path: temp/ubuntu-x64 | ||
|
||
- name: Download x86_64-pc-windows-msvc files | ||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | ||
with: | ||
name: libbitwarden_c_files-x86_64-pc-windows-msvc | ||
path: temp/windows-x64 | ||
|
||
- name: Copy lib files | ||
run: | | ||
mkdir -p languages/php/src/lib/macos-arm64 | ||
mkdir -p languages/php/src/lib/ubuntu-x64 | ||
mkdir -p languages/php/src/lib/macos-x64 | ||
mkdir -p languages/php/src/lib/windows-x64 | ||
|
||
platforms=("macos-arm64" "ubuntu-x64" "macos-x64" "windows-x64") | ||
files=("libbitwarden_c.dylib" "libbitwarden_c.so" "libbitwarden_c.dylib" "bitwarden_c.dll") | ||
|
||
for ((i=0; i<${#platforms[@]}; i++)); do | ||
cp "temp/${platforms[$i]}/${files[$i]}" "languages/php/src/lib/${platforms[$i]}/${files[$i]}" | ||
done | ||
|
||
- name: Publish version | ||
run: curl -XPOST -H'content-type:application/json' 'https://packagist.org/api/update-package?username=malirobot&apiToken=${{secrets.PACKAGIST_KEY}}' -d'{"repository":{"url":"https://packagist.org/packages/bitwarden/sdk"}}' | ||
working-directory: languages/php/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
.DS_Store | ||
vendor |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
# Bitwarden Secrets Manager SDK wrapper for PHP | ||
|
||
PHP bindings for interacting with the [Bitwarden Secrets Manager]. This is a beta release and might be missing some functionality. | ||
Supported are CRUD operations on project and secret entities. | ||
|
||
## Installation | ||
|
||
Requirements: | ||
- PHP >= 8.0 | ||
- Composer | ||
- Bitwarden C libraries which you can generate using BitwardenSDK and following instructions in its readme (requires Rust). https://github.com/bitwarden/sdk | ||
If you are not using the standalone version of this library, file will be placed in `target/debug` folder if you are using from BitwardenSDK repository. | ||
- Access token for the Bitwarden account | ||
|
||
|
||
## Usage | ||
|
||
To interact with the client first you need to obtain the access token from Bitwarden. | ||
You can then initialize BitwardenSettings passing $api_url and $identity_url if needed. These parameteres are | ||
optional and if they are not defined, BitwardenSettings instance will try to get these values from ENV, and | ||
if they are not defined there as well, it will use defaults: `https://api.bitwarden.com` as api_url and | ||
`https://identity.bitwarden.com` as identity_url. You can also pass device type as argument but that is entirely | ||
optional. | ||
|
||
Passing BitwardenSettings instance to BitwardenClient will initialize it. Before using the client you must | ||
be authorized by calling the access_token_login method passing your Bitwarden access token to it. | ||
|
||
|
||
```php | ||
$access_token = '<your token here>'; | ||
$api_url = "<api url>"; | ||
$identity_url = "<identity url>"; | ||
$bitwarden_settings = new \Bitwarden\Sdk\BitwardenSettings($api_url, $identity_url); | ||
|
||
$bitwarden_client = new \Bitwarden\Sdk\BitwardenClient($bitwarden_settings); | ||
$bitwarden_client->access_token_login($access_token); | ||
``` | ||
|
||
After successful authorization you can interact with client to manage your projects and secrets. | ||
```php | ||
$organization_id = "<your organization id here>"; | ||
|
||
$bitwarden_client = new \Bitwarden\Sdk\BitwardenClient($bitwarden_settings); | ||
$res = $bitwarden_client->access_token_login($access_token); | ||
|
||
// create project | ||
$name = "PHP project" | ||
$res = $bitwarden_client->projects->create($name, $organization_id); | ||
$project_id = $res->id; | ||
|
||
// get project | ||
$res = $bitwarden_client->projects->get($project_id); | ||
|
||
// list projects | ||
$res = $bitwarden_client->projects->list($organization_id); | ||
|
||
// update project | ||
$name = "Updated PHP project" | ||
$res = $bitwarden_client->projects->put($project_id, $name, $organization_id); | ||
|
||
// get secret | ||
$res = $bitwarden_client->secrets->get($secret_id); | ||
|
||
// list secrets | ||
$res = $bitwarden_client->secrets->list($organization_id); | ||
|
||
// delete project | ||
$res = $bitwarden_client->projects->delete([$project_id]); | ||
|
||
``` | ||
|
||
Similarly, you interact with secrets: | ||
```php | ||
$organization_id = "<your organization id here>"; | ||
|
||
// create secret | ||
$key = "AWS secret key"; | ||
$note = "Private account"; | ||
$secret = "76asaj,Is_)" | ||
$res = $bitwarden_client->secrets->create($key, $note, $organization_id, [$project_id], $secret); | ||
$secret_id = $res->id; | ||
|
||
// get secret | ||
$res = $bitwarden_sdk->secrets->get($secret_id); | ||
|
||
// list secrets | ||
$res = $bitwarden_client->secrets->list($organization_id); | ||
|
||
// update secret | ||
$note = "Updated account"; | ||
$key = "AWS private updated" | ||
$secret = "7uYTE,:Aer" | ||
$res = $bitwarden_client->secrets->update($secret_id, $key, $note, $organization_id, [$project_id], $secret); | ||
|
||
// delete secret | ||
$res = $bitwarden_sdk->secrets->delete([$secret_id]); | ||
``` | ||
|
||
|
||
[Bitwarden Secrets Manager]: https://bitwarden.com/products/secrets-manager/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"name": "bitwarden/sdk", | ||
"description": "PHP bindings for interacting with the Bitwarden Secrets Manager. This is a beta release and might be missing some functionality.", | ||
"type": "library", | ||
"keywords": ["bitwarden","sdk","password-manager"], | ||
"homepage": "https://github.com/bitwarden/sdk", | ||
"require": { | ||
"php": "^8.0", | ||
"swaggest/json-schema": "^0.12.42", | ||
"ext-ffi": "*" | ||
}, | ||
"autoload": { | ||
"psr-4": { | ||
"Bitwarden\\Sdk\\": "src/" | ||
} | ||
}, | ||
"authors": [ | ||
{ | ||
"name": "Bitwarden Inc." | ||
} | ||
] | ||
} |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mimartin12 Should this be updated with some Bitwarden managed credentials, or do we leave that for after the merge?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What we can do is that I can add someone from Bitwarden as a collaborator on packagist, then the access to the key won't be a problem (it is used in action secrets). The other scenario is to make a completely new package, the only potential problem, one that I haven't thought about before, is that the name of the package is reserved to "bitwarden/sdk", so it would need to be named differently.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can add someone from bitwarden as maintainer and they can afterwards take ownership and remove the old account. That would preserve the package name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What @Hinton is suggesting sounds like a good way to go about it, especially since you will want to preserve the package name. I am not familiar with Packagist, but it looks like their API tokens are scoped to the user account. That means
${{secrets.PACKAGIST_KEY}}
will need to be updated when you do the switch.