Using PHP SDK

the kron pam php sdk provides a secure and efficient way to integrate kron pam vault credential management directly into php based applications it allows applications and automation scripts to dynamically retrieve and rotate privileged credentials, eliminating the need to store static passwords in source code or configuration files the sdk communicates through the kron pam secrets management agent , which acts as a secure intermediary between the application and the kron pam vault this integration supports modern php environments (php 8 1 and later) and can be deployed on both linux and windows platforms integration steps add the kron pam php sdk package include the composer autoloader in your php script require dir '/vendor/autoload php'; ensure network connectivity between the application environment and the kron pam secrets management agent and/or kron pam password vault example implementation below is a sample php script that demonstrates how to connect to the kron pam secret management agent and/or kron pam vault and then retrieve credentials from the vault \<?php require dir '/vendor/autoload php'; use krontechnology\aapmphpsdk\passwordmanager; use krontechnology\aapmphpsdk\intercept\directhttpinterceptor; use com\kron\aapm\rpc\validresponsetype; // initialize the password manager instance $passwordmanager = passwordmanager instancewithserver('localhost', 8080); $passwordmanager >httpaddress('https //10 20 42 121'); echo "passwordmanager instantiated \n"; try { // retrieve password with parameters $result = $passwordmanager >getpasswordwithparams( 'testaccount', '9920067c a5c9 428c 85bc 50894cb51adf', '/linuxtest', \[ 'comment' => 'test comment', 'showusername' => true, 'passwordchangerequired' => true, 'responsetype' => validresponsetype text, 'prettify' => true, 'passwdexpirationinminutes' => '5', 'tenantid' => 'host' ] ); // response handling if ($result >haserror()) { echo "error " $result >geterrvalue() "\n"; echo "error code " $result >getfailmode() "\n"; } else { echo passwordmanager instantiated success \[username aioc, password 9hg2klm3t] process finished with exit code 0success " $result >getvalue() "\n"; } } catch (exception $e) { echo "an error occurred " $e >getmessage() "\n"; } when executed successfully, the sdk returns live credentials from the kron pam vault passwordmanager instantiated grpc call completed with status code 0 success 3xpzr9er configuration parameters before retrieving any credentials from the kron pam vault, your application must establish a secure connection to the kron pam secrets management agent and/or define the kron pam vault server address $passwordmanager = passwordmanager instancewithserver('agentipaddress', agentport); $passwordmanager >httpaddress('https //kronpamipaddress'); parameter description agentipaddress kron pam secrets manager agent ip address (hostname) agentport kron pam secrets manager agent port kronpamipaddress defines the https endpoint of the kron pam vault itself — where the sdk will direct api requests to retrieve credentials or rotate passwords the primary sdk function used to retrieve credentials from the kron pam vault is getpasswordwithparams( string $accountname, string $accounttoken, string $accountpath, array $options = \[] ) this method securely requests and retrieves the password (and optionally the username) for a managed account in kron pam vault via the configured kron pam secrets management agent and/or kron pam vault parameter definition $accounttoken kron pam aapm token assigned for account $accountname account name registered in kron pam vault $accountpath account path within the vault (e g , /databases/sharedaccouts, /windows) comment optional descriptive comment for the fetching password showusername include username in response (true/false) passwdexpirationinminutes duration before password expiration (in minutes) passwordchangerequired whether to force a new password rotation upon retrieval prettify enables formatted response output tenantid specifies the tenant or logical domain when working in multi tenant environments ensures credentials are retrieved from the correct scope responsetype format of the response (text, json)