SDK for PHP

The Segura SDK for PHP makes it easy for developers to access Segura services in their PHP code and build robust applications and software using Segura PAM and DSM services. The services include Credentials, Devices, and DevOps Secret Management.

Requirements

To run the SDK, your system must meet the minimum requirements, including PHP >= 5.5 and the PHP cURL extension. You must obtain a standard OAuth 2.0 application token from your system administrator.

Information

• Local caching: All information is stored in a local cache to reduce request response time. Data is encrypted before storage to ensure security.
• Credentials: The credential object provides a set of methods for querying and registering credentials.

How to create a credential client

To create a credential, include the vendor autoload and instantiate the Segura\Pam\Credential class.
You must provide the following data:

• Vault URL
• client_id
• client_secret

require 'vendor/autoload.php';
use Segura\Pam\Credential;
// Instantiate a Credential client.
$client = new Credential([
    'url' => 'https://cofre.Segura.com', // Vault URL
    'client_id' => '7e02a0e07eef10e73f56585a9a505fb2e', // OAuth 2.0 Application Client ID
    'client_secret'  => '431eaba0fb56bf360272b54892' // OAuth 2.0 Application Client Secret
]);

Create or update a credential

Use the save method to create or update a credential. If a credential with the provided parameters is found, it will be updated; otherwise, a new credential will be created. Method signature:

/**
 * Creating and Updating a credential
 * @param array $params
 * @return array
 */
public function save(array $params = []) : array { ... }

Required parameters

Example

$credential = $client->save([
    "hostname"  => "mycredential02",
    "ip"        => "22.13.50.71",
    "username"  => "credential05"
]);

Query a registered credential

Use the get method to query a single credential.

Method signature

/**
 * Query a single credential
 * @param string $identifier
 * @return array
 */
public function get(string $identifier) : array { ... }

Optional filter parameters

Example

$credential = $client->get([
    "hostname"  => "mycredential02",
    "username"  => "credential05"
]);

List credentials

Use the fetch method to query a list of credentials.

Method signature

/**
 * Query credential list
 * @param array $filters
 * @return array
 */
public function fetch(array $filters = []) : array { ... }

Optional filter parameters

Example 1: list all credentials

$credentials = $client->fetch();

Example 2: list credentials for a specific device

$credentials = $client->fetch([
    "hostname"  => "mycredential02"
]);

Disable a credential

Use the disable method to deactivate a credential.

Method signature

/**
 * Inactivating a credential
 * @param string $identifier
 * @return array
 */
private function disable(string $identifier) : array { ... }

Optional filter parameters

Example

$credential = $client->disable([
    "hostname"  => "mycredential02",
    "username"  => "credential05"
]);

Devices

The device object provides a set of methods for querying and registering devices.

Creating a device client

To create a device client, include the vendor autoload and instantiate the Segura\Pam\Device class.

You must provide the following data:

• Vault URL
• client_id
• client_secret

require 'vendor/autoload.php';
use Segura\Pam\Device;
// Instantiate a device client.
$client = new Device([
    'url' => 'https://cofre.Segura.com', // Vault URL
    'client_id' => '7e02a0e07eef10e73f56585a9a505fb2e', // OAuth 2.0 Application Client ID
    'client_secret'  => '431eaba0fb56bf360272b54892' // OAuth 2.0 Application Client Secret
]);

Create or update a device

Use the save method to create or update a device. If a device with the provided parameters is found, it will be updated; otherwise, a new device will be created.

Method signature

/**
 * Creating and Updating a device
 * @param array $params
 * @return array
 */
public function save(array $params = []) : array { ... }

Required parameters

Example

$device = $client->save([
    "hostname"  => "mydevice02",
    "ip"        => "22.13.50.71",
    "site"      => "AWS",
    "model"     => "CentOS 7",
    "vendor"    => "CentOS",
    "type"      => "Server"
]);

Query a registered device

Use the get method to query a single device.

Method signature

/**
 * Query a single device
 * @param string $identifier
 * @return array
 */
public function get(string $identifier) : array { ... }

Required parameter

• identifier (String, Hostname or device id).

Example

$device = $client->get("localhost");

List devices

Use the fetch method to query a list of devices.

Method signature

/**
 * Query device list
 * @param array $filters
 * @return array
 */
public function fetch(array $filters = []) : array { ... }

Optional filter parameters

Example 1: list all devices

$devices = $client->fetch();

Example 2: list devices of a specific type

$devices = $client->fetch(["type" => "server"]);

Disable a device

Use the disable method to deactivate a device.

Method signature

/**
 * Inactivating a device
 * @param string $identifier
 * @return array
 */
private function disable(string $identifier) : array { ... }

Required parameter

• identifier (String, Hostname or device id).

Example

$client->disable("localhost");

DevOps secret management

The DSM object provides a set of methods to register an application and manage its secrets and variables.

Creating a DSM client

To create a DSM client, include the vendor autoload and instantiate the Segura\DSM\Application class.

You must provide the following data:

• Vault URL
• client_id
• client_secret

require 'vendor/autoload.php';
use Segura\DSM\Application;

// Instantiate an Application client.
$client = new Application([
    'url'           => 'https://cofre.Segura.com', // Vault URL
    'client_id'     => '7e02a0e07eef10e73f56585a9a505fb2e', // OAuth 2.0 Application Client ID
    'client_secret' => '431eaba0fb56bf360272b54892' // OAuth 2.0 Application Client Secret
]);

Create or update an application

Use the save method to create or update the application. If the client has an application with the combination of application, system, and environment, it will be updated; otherwise, a new application or authorization will be created. If dynamic provisioning is enabled for the application, a secret will be automatically provisioned at the destination.

Method signature

/**
 * Create OR Update the application
 * @param array $params
 * @return array
 */
public function save(array $params = []) : array { ... }

Required parameters

Example

$application = $client->save([
    "application"  => "checkout",
    "system"       => "ecommerce",
    "environment"  => "production"
]);

Get client application information and secrets

Use the get method to return the client application information.

Method signature:

/**
 * Return the client application information
 * @param string $identifier
 * @return array
 */
public function get() : array { ... }

Example:

$application = $client->get();

Register application secrets

Use the secrets method (Note: the example uses registerSecret) to register application secrets.

Method signature

/**
 * Register the application secrets
 * @param array $params
 * @return array
 */
public function secrets(array $params = []) : array { ... }

Required parameter

• secret_type (String, access_key, key_value, credential, certificate, or ssh_key).

Conditional required parameters

Example (using registerSecret from the example)

$application = $client->registerSecret([
    "secret_type"  => "key_value",
    "key_value" => [
        "key1" => "val1", "key2" => "val2", "key3" => "val3"
    ]
]);

Register application variables

Use the variables method (Note: the example uses registerVars) to register application variables.

Method signature

/**
 * Registering the application variables
 * @param array $params
 * @return array
 */
public function variables(array $params = []) : array { ... }

Required parameters

Example (using registerVars from the example)

$application = $client->registerVars([
    "env"  => $envList,
    "helm" => $helm,
    "map"  => $varMap
]);

Delete application authorization

Use the delete method to delete the client application authorization. If dynamic provisioning is enabled for the application, all secrets will be automatically deprovisioned.

Method signature

/**
 * Delete the client application authorization
 * @param string $identifier
 * @return array
 */
public function delete() : array { ... }

Example

$application = $client->delete();