kubeseal-php is a PHP wrapper for sealed-secrets kubeseal executable
that allows you to encrypt your Kubernetes secrets using a public key in PHP.
- PHP >= 8.1
kubesealexecutable- sealed secrets public key* OR
kubesealexecutable connected to Kubernetes cluster
* public key can be fetched by running kubeseal --fetch-cert > kubeseal_cert.pem
This package can be installed on any PHP version >= 8.1 using composer.
composer require tavsec/kubeseal-phpCurrently, kubeseal-php supports raw encryption of secrets using kubeseal executable. This means that the secret values can be encrypted
one by one, and the resulting encrypted values can be used in Kubernetes (sealed secrets) manifests.
In the future releases we might support encrypting the whole secret at once, using multiple values, and producing the full manifest.
All 3 encryption scopes are supported: strict, cluster-wide and namespace-wide.
use Tavsec\KubesealPhp\Kubeseal;
$kubeseal = new Kubeseal();
$kubeseal->setKubesealPath("/usr/bin/kubeseal");
// Required only if you don't have kubeseal connected to Kubernetes cluster
$kubeseal->setCertificatePath("kubeseal_cert.pem");
// Encrypt using strict scope
$sealedValue = $kubeseal->encryptRaw(
data: "my-secret-value",
scope: Kubeseal::SCOPE_STRICT,
secretName: "secret-name",
namespace: "namespace"
);
// Encrypt using namespace-wide scope
$sealedValue = $kubeseal->encryptRaw(
data: "my-secret-value",
scope: Kubeseal::SCOPE_NAMESPACE,
namespace: "namespace"
);
// Encrypt using cluster-wide scope
$sealedValue = $kubeseal->encryptRaw(
data: "my-secret-value",
scope: Kubeseal::SCOPE_CLUSTER
);
echo $sealedValue; // #Ag...