The 1Password Connect PHP SDK provides your PHP applications access to the 1Password Connect API hosted on your infrastructure and leverage the power of 1Password Secrets Automation
The library can be used by PHP applications, tools, and other automations to access and manage items in 1Password Vaults.
You can install the SDK using composer
composer require dragonbe/connect-sdk-phpTo use the 1Password Connect SDK for PHP, there are two components necessary:
- The 1Password Connect SDK for PHP (this library)
- The 1Password Connect Server
Besides these components, you need to configure 1Password (admin level) to allow "Secrets Automation". This process is fully documented by 1Password, so please visit 1Password Secrets Automation Workflow documentation first. Without the 1Password Connect Server, this library will not work.
The rest of this documentation makes the assumption you have the 1Password Connect Server already configured and is listening to port 8080 on localhost. With cURL it is possible to verify this.
curl \
-H "Accept: application/json" \
-H "Authorization: Bearer $OP_API_TOKEN" \
http://127.0.0.1:8080/v1/vaultsIf you receive a successful response with data from your vaults, you have successfully set up your 1Password Connect Server. If not, review the documentation to find out if you skipped a step.
[
{
"id": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
"name": "Shared Secrets",
"content_version": 3,
"description": "Shared secrets for APIs, online services, and more",
"attribute_version": 1,
"items": 2,
"type": "USER_CREATED",
"created_at": "2021-05-01T15:20:46Z",
"updated_at": "2022-06-22T14:33:39Z"
}
]The rest of this documentation will focus on the usage of the 1Password Connect SDK for PHP.
In this current version I'm not using environment variables.
For the configuration of the 1Password Connect SDK for PHP I use a PHP config file local.php in the directory /config. This file is ignored by source control, so it does not accidentally make it into the repository exposing the secret access token.
<?php
declare(strict_types=1);
return [
'1password' => [
'access_token' => '*******', // The access token you received from 1Password configuration
],
];PROTIP: Make sure that this file is read-only, and only accessible for the user account that will run this SDK.
For the API client (this library) we need to use this configuration file. The bare minimum you should code is the following:
<?php
declare(strict_types=1);
use OnePassword\Connect\OnePasswordConnectFactory;
require_once __DIR__ . '/../vendor/autoload.php';
$config = require_once __DIR__ . '/config/local.php';
$opc = OnePasswordConnectFactory::create($config['1password']['access_token']);Retrieving a list of vaults who have been assigned to this access token, requires a few more lines.
// List a list of vaults
$vaults = $opc->listVaults();
foreach ($vaults as $vault) {
echo 'Vault: ' . $vault->getName() . ' (' . $vault->getId() . ')' .PHP_EOL;
}This will return something like the following output:
Vault: Shared Secrets (xxxxxxxxxxxxxxxxxxxxxxxxxx)
Shared Secrets contains 2 item(s)
To retrieve items in those vaults, a few more lines are needed:
$items = $opc->listItems('xxxxxxxxxxxxxxxxxxxxxxxxxx');
foreach ($items as $item) {
echo 'Item title: ' . $item->getTitle() . PHP_EOL;
}This will return you the following output:
Item title: Azure Test Access Token: PHP SDK Example v1.0.0
Item title: Azure API Manager
The 1Password Connect PHP client uses the psr/log library to log runtime information.
This project is a work in progress and has been put a side for a while because of other priorities in life. Updates will appear if you watch this repository for updates.
To execute the unit tests, you can use composer test and it will fire up all PHPUnit tests.
1Password is the world’s most-loved password manager. By combining industry-leading security and award-winning design, the company provides private, secure, and user-friendly password management to businesses and consumers globally. More than 60,000 business customers trust 1Password as their enterprise password manager.
1Password requests you practice responsible disclosure if you discover a vulnerability. Please submit discoveries via BugCrowd.
For information about security practices, please visit our Security homepage.