This is another Rest Api tutorial using php. I am accessing HashiCorp Vault API using Lumen micro-restframework.The vault is use to store the enterprise level secrets data,password and keys etc. We can access stored secrets data using rest api.



My previous rest api tutorial was Confluence Rest API Example Using Laravel.

What is Vault?

This Vault is a secrets management tool powered by Hashicorp. You can store sensitive and secrets data into vault access that data using UI, CLI or HTTP API.The data could be type of tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data.

How To Access Hashicorp Vault Using Rest API

The Hashicorp Vault providing rest interface to access vault functionality.You can store new secrets, update secrets, get secrets, store key etc using rest api.

We can access Hashicorp Vault api same as other rest api, like creating client and access using rest end points.The data format would be of JSON type for send receive request.

How To Get Secrets Using HashiCorp Vault Rest API

First, we will get already stored secrets using HTTP rest api, Later on this tutorial, I will let you know how to store new secrets into vault server using rest api.

Create Hashicorp Vault Client

We will create a private method, that will use to create connection with Hashicorp Vault server.

var $vaultAPI = 'https://valut-server/v1/' private function _clientVault() { $client = new Client([ 'base_uri' => $vaultAPI, 'timeout' => 900, 'headers' => ['Content-Type' => 'application/x-www-form-urlencoded', "Accept" => "application/x-www-form-urlencoded", 'x-vault-token' => $_ENV['VAULT_TOKEN']], 'http_errors' => false, 'verify' => false ]); return $client; } 1 2 3 4 5 6 7 8 9 10 11 12 var $ vaultAPI = 'https://valut-server/v1/' private function _clientVault ( ) { $ client = new Client ( [ 'base_uri' = > $ vaultAPI , 'timeout' = > 900 , 'headers' = > [ 'Content-Type' = > 'application/x-www-form-urlencoded' , "Accept" = > "application/x-www-form-urlencoded" , 'x-vault-token' = > $ _ENV [ 'VAULT_TOKEN' ] ] , 'http_errors' = > false , 'verify' = > false ] ) ; return $ client ; }

Above code, we are authorizing api using token based authentication, We have stored VAULT_TOKEN into Lumen .env file and passed into vault client request.

Service Method to Access Secrets From Vault

We will create service method to access already stored secrets. The Request would be Get type and passed secrets path where it was stored.

public function getVaultSecrets() { $client = $this->_clientVault(); $response = $client->get('/app/testsecrets/'); $data = $response->getBody()->getContents(); return json_decode($data); } 1 2 3 4 5 6 7 8 public function getVaultSecrets ( ) { $ client = $ this - > _clientVault ( ) ; $ response = $ client - > get ( '/app/testsecrets/' ) ; $ data = $ response - > getBody ( ) - > getContents ( ) ; return json_decode ( $ data ) ; }

We have stored secrets into '/app/testsecrets/' path, the data stored in json format.

Service Method to Store New Secrets into Vault

We will create service method to store new secrets into vault server.Created a HTTP Post type request and passed json data into http request body.The json data will stored into specified path.

public function storeVaultSecrets($vault_path, $data) { $client = $this->_clientVault(); $response = $client->post($vault_path, [ 'body' => $data ]); $data = $response->getBody()->getContents(); return json_decode($data); } 1 2 3 4 5 6 7 8 9 public function storeVaultSecrets ( $ vault_path , $ data ) { $ client = $ this - > _clientVault ( ) ; $ response = $ client - > post ( $ vault_path , [ 'body' = > $ data ] ) ; $ data = $ response - > getBody ( ) - > getContents ( ) ; return json_decode ( $ data ) ; }

We will take two parameters, first is the vault path where data will store and second one is the data.We will send json data into request body to the vault server.