Using PHP SDK

6 min

the kron pam php sdk provides a secure and efficient way to integrate kron pam vault credential management directly into php based applications it allows applications and automation scripts to dynamically retrieve and rotate privileged credentials, eliminating the need to store static passwords in source code or configuration files the sdk communicates through the kron pam secrets management agent , which acts as a secure intermediary between the application and the kron pam vault this integration supports modern php environments (php 8 1 and later) and can be deployed on both linux and windows platforms integration steps add the kron pam php sdk package include the composer autoloader in your php script require dir '/vendor/autoload php'; ensure network connectivity between the application environment and the kron pam secrets management agent and/or kron pam password vault example implementation below is a sample php script that demonstrates how to connect to the kron pam secret management agent and/or kron pam vault and then retrieve credentials from the vault \<?php require dir '/vendor/autoload php'; use krontechnology\aapmphpsdk\passwordmanager; use com\kron\aapm\rpc\validresponsetype; // config $pamurl = 'https //test krontech com'; $agenthost = '10 20 30 40'; $agentport = 6396; $token = '6d8beac9 843c 41d1 8131 0cfc09fc4899'; $accountpath = '/testlinuxservers'; // java örneğindeki gibi çoklu account listesi $accountnames = \[ 'staticaccountpassword' ]; $responsetypes = \[validresponsetype text, validresponsetype json]; $showusernameoptions = \[true, false]; $passwordmanager = passwordmanager instancewithserver($agenthost, $agentport); $passwordmanager >httpaddress($pamurl); //$passwordmanager >ignoreagentcertificate("localhost"); $passwordmanager >ignoreinterceptorcertificate(); $passwordmanager >disableagentcertificate(); $passwordmanager >enabledebug(true); echo "passwordmanager instantiated \n"; / tek bir istek atar ve sdk'nın döndürdüğü result nesnesini geri verir / function makerequest( passwordmanager $passwordmanager, string $accountname, string $token, string $accountpath, int $responsetype, bool $showusername ) { return $passwordmanager >getpasswordwithparams( $accountname, $token, $accountpath, \[ 'comment' => 'multi account test', 'showusername' => $showusername, 'passwordchangerequired' => false, 'responsetype' => $responsetype, 'apiversion' => 'v2', ] ); } try { foreach ($accountnames as $name) { foreach ($responsetypes as $type) { foreach ($showusernameoptions as $showusername) { $logprefix = sprintf('\[account %s | type %s | show %s]', $name, ($type === validresponsetype json ? 'json' 'text'), ($showusername ? 'true' 'false') ); try { $result = makerequest($passwordmanager, $name, $token, $accountpath, $type, $showusername); if ($result >haserror()) { fwrite(stderr, $logprefix " error > msg " $result >geterrvalue() php eol); } else { echo $logprefix " success > value " php eol $result >getvalue() php eol; } } catch (throwable $e) { // bir account başarısız olsa bile döngü devam etsin fwrite(stderr, $logprefix " exception > " $e >getmessage() php eol); } } } } } catch (exception $e) { echo "an error occurred " $e >getmessage() "\n"; } when executed successfully, the sdk returns live credentials from the kron pam vault passwordmanager instantiated grpc call completed with status code 0 success 3xpzr9er configuration parameters before retrieving any credentials from the kron pam vault, your application must establish a secure connection to the kron pam secrets management agent and/or define the kron pam vault server address $passwordmanager = passwordmanager instancewithserver('agentipaddress', agentport); $passwordmanager >httpaddress('https //kronpamipaddress'); parameter description agentipaddress kron pam secrets manager agent ip address (hostname) agentport kron pam secrets manager agent port kronpamipaddress defines the https endpoint of the kron pam vault itself — where the sdk will direct api requests to retrieve credentials or rotate passwords the primary sdk function used to retrieve credentials from the kron pam vault is getpasswordwithparams( string $accountname, string $accounttoken, string $accountpath, array $options = \[] ) this method securely requests and retrieves the password (and optionally the username) for a managed account in kron pam vault via the configured kron pam secrets management agent and/or kron pam vault parameter definition $accounttoken kron pam aapm token assigned for account $accountname account name registered in kron pam vault $accountpath account path within the vault (e g , /databases/sharedaccouts, /windows) comment optional descriptive comment for the fetching password showusername include username in response (true/false) passwdexpirationinminutes duration before password expiration (in minutes) passwordchangerequired whether to force a new password rotation upon retrieval prettify enables formatted response output tenantid specifies the tenant or logical domain when working in multi tenant environments ensures credentials are retrieved from the correct scope responsetype format of the response (text, json) enabledebug(true) enables debug logs for python sdk apiversion ensures that the aapm agent returns a response in the same format as kron pam for static credential types (default value v2) ignoreagentcertificate ignores connection errors when using a self signed certificate for the aapm agent ignoreinterceptorcertificate ignores connection errors when using a self signed certificate defined on kron pam disableagentcertificate parameter required for using the aapm agent without a certificate (not recommended) disableinterceptorcertificate parameter required for using kron pam without a certificate (not recommended)