iamacarpet · October 19, 2021 14:11
diff --git a/composer.json b/composer.json
 {
    "require": {
        "google/cloud": "^0.171.0"
    }
 }
diff --git a/index.php b/index.php
 <?php

 require __DIR__ . "/vendor/autoload.php";

 use Google\Cloud\SecretManager\V1\Replication;
 use Google\Cloud\SecretManager\V1\Replication\Automatic;
 use Google\Cloud\SecretManager\V1\Secret;
 use Google\Cloud\SecretManager\V1\SecretPayload;
 use Google\Cloud\SecretManager\V1\SecretManagerServiceClient;

 class SecretManager {
    private $client;

    public function __construct()
    {
        $this->client = new SecretManagerServiceClient();
    }

    public function __destruct()
    {
        $this->client->close();
    }

    public function createSecret($name, $value)
    {
        $secret = $this->client->createSecret(
            $this->client->projectName(
                $this->getProjectName()
            ),
            $name,
            new Secret([
                'replication' => new Replication([
                    'automatic' => new Automatic()
                ])
            ])
        );
        
        return $this->addSecretVersion($secret->getName(), $value);
    }

    public function accessSecret($name, $version = 'latest')
    {
        $formattedName = $this->client->secretVersionName($this->getProjectName(), $name, $version);
        $response = $this->client->accessSecretVersion($formattedName);
        return $response->getPayload()->getData();
    }

    public function rotateSecret($name, $value)
    {
        $secretName = $this->client->secretName($this->getProjectName(), $name);

        $newSecretVersion = $this->addSecretVersion(
            $secretName,
            $value
        );


        $pagedResponse = $this->client->listSecretVersions($secretName, [
            'filter' => 'state:ENABLED'
        ]);
        foreach ($pagedResponse->iteratePages() as $page) {
            foreach ($page as $element) {
                if ($element->getName() != $newSecretVersion->getName()) {
                    // If the version isn't our latest one, destroy it.
                    $this->client->destroySecretVersion($element->getName());
                }
            }
        }
    }

    private function addSecretVersion($name, $value)
    {
        $payload = new SecretPayload([
            'data' => $value
        ]);
        
        return $this->client->addSecretVersion($name, $payload);
    }

    private function getProjectName()
    {
        return "a1-alpha";
    }
 }

 function str_rand(int $length = 64){ // 64 = 32
    $length = ($length < 4) ? 4 : $length;
    return bin2hex(random_bytes(($length-($length%2))/2));
 }

 $client = new SecretManager();

 $secretName = "testing-" . str_rand(6);
 echo "Using secret name: " . $secretName . "\n";
 $secretValue1 = str_rand(36);
 echo "Using initial secret value: " . $secretValue1 . "\n";

 echo "Creating secret...\n\n";
 $client->createSecret($secretName, $secretValue1);

 echo "Accessing secret...\n";
 $returnedValue1 = $client->accessSecret($secretName);

 if ($returnedValue1 !== $secretValue1) {
    die("Secret value returned doesn't match, got " . $returnedValue1 . "\n");
 } else {
    echo "Secret returned ok\n\n";
 }

 for ($i = 0; $i < 3; $i++) {
    $secretValue = str_rand(36);
    echo "Using secret value " . ($i+2) . ": " . $secretValue . "\n";

    echo "Rotating Secret...\n\n";
    $client->rotateSecret($secretName, $secretValue);

    echo "Accessing secret...\n";
    $returnedValue = $client->accessSecret($secretName);

    if ($returnedValue !== $secretValue) {
        die("Secret value returned doesn't match, got " . $returnedValue . "\n");
    } else {
        echo "Secret returned ok\n\n";
    }
 }
diff --git a/result.txt b/result.txt
 iamacarpet@penguin:~/secret-manager-api$ php index.php 
 Using secret name: testing-a0da94
 Using initial secret value: a3bd90d8498d1b1078e4a22ea4f8a73b8d46
 Creating secret...

 Accessing secret...
 Secret returned ok

 Using secret value 2: afc261c9cb75bde343f1308402449969419f
 Rotating Secret...

 Accessing secret...
 Secret returned ok

 Using secret value 3: ff193fdbe301336babc66cb3b536c6987c50
 Rotating Secret...

 Accessing secret...
 Secret returned ok

 Using secret value 4: d512ffae4ed5bcaeb08c0e8bf418301000aa
 Rotating Secret...

 Accessing secret...
 Secret returned ok
	<?php

	require __DIR__ . "/vendor/autoload.php";

	use Google\Cloud\SecretManager\V1\Replication;
	use Google\Cloud\SecretManager\V1\Replication\Automatic;
	use Google\Cloud\SecretManager\V1\Secret;
	use Google\Cloud\SecretManager\V1\SecretPayload;
	use Google\Cloud\SecretManager\V1\SecretManagerServiceClient;

	class SecretManager {
	private $client;

	public function __construct()
	{
	$this->client = new SecretManagerServiceClient();
	}

	public function __destruct()
	{
	$this->client->close();
	}

	public function createSecret($name, $value)
	{
	$secret = $this->client->createSecret(
	$this->client->projectName(
	$this->getProjectName()
	),
	$name,
	new Secret([
	'replication' => new Replication([
	'automatic' => new Automatic()
	])
	])
	);

	return $this->addSecretVersion($secret->getName(), $value);
	}

	public function accessSecret($name, $version = 'latest')
	{
	$formattedName = $this->client->secretVersionName($this->getProjectName(), $name, $version);
	$response = $this->client->accessSecretVersion($formattedName);
	return $response->getPayload()->getData();
	}

	public function rotateSecret($name, $value)
	{
	$secretName = $this->client->secretName($this->getProjectName(), $name);

	$newSecretVersion = $this->addSecretVersion(
	$secretName,
	$value
	);


	$pagedResponse = $this->client->listSecretVersions($secretName, [
	'filter' => 'state:ENABLED'
	]);
	foreach ($pagedResponse->iteratePages() as $page) {
	foreach ($page as $element) {
	if ($element->getName() != $newSecretVersion->getName()) {
	// If the version isn't our latest one, destroy it.
	$this->client->destroySecretVersion($element->getName());
	}
	}
	}
	}

	private function addSecretVersion($name, $value)
	{
	$payload = new SecretPayload([
	'data' => $value
	]);

	return $this->client->addSecretVersion($name, $payload);
	}

	private function getProjectName()
	{
	return "a1-alpha";
	}
	}

	function str_rand(int $length = 64){ // 64 = 32
	$length = ($length < 4) ? 4 : $length;
	return bin2hex(random_bytes(($length-($length%2))/2));
	}

	$client = new SecretManager();

	$secretName = "testing-" . str_rand(6);
	echo "Using secret name: " . $secretName . "\n";
	$secretValue1 = str_rand(36);
	echo "Using initial secret value: " . $secretValue1 . "\n";

	echo "Creating secret...\n\n";
	$client->createSecret($secretName, $secretValue1);

	echo "Accessing secret...\n";
	$returnedValue1 = $client->accessSecret($secretName);

	if ($returnedValue1 !== $secretValue1) {
	die("Secret value returned doesn't match, got " . $returnedValue1 . "\n");
	} else {
	echo "Secret returned ok\n\n";
	}

	for ($i = 0; $i < 3; $i++) {
	$secretValue = str_rand(36);
	echo "Using secret value " . ($i+2) . ": " . $secretValue . "\n";

	echo "Rotating Secret...\n\n";
	$client->rotateSecret($secretName, $secretValue);

	echo "Accessing secret...\n";
	$returnedValue = $client->accessSecret($secretName);

	if ($returnedValue !== $secretValue) {
	die("Secret value returned doesn't match, got " . $returnedValue . "\n");
	} else {
	echo "Secret returned ok\n\n";
	}
	}
	iamacarpet@penguin:~/secret-manager-api$ php index.php
	Using secret name: testing-a0da94
	Using initial secret value: a3bd90d8498d1b1078e4a22ea4f8a73b8d46
	Creating secret...

	Accessing secret...
	Secret returned ok

	Using secret value 2: afc261c9cb75bde343f1308402449969419f
	Rotating Secret...

	Accessing secret...
	Secret returned ok

	Using secret value 3: ff193fdbe301336babc66cb3b536c6987c50
	Rotating Secret...

	Accessing secret...
	Secret returned ok

	Using secret value 4: d512ffae4ed5bcaeb08c0e8bf418301000aa
	Rotating Secret...

	Accessing secret...
	Secret returned ok