Edit to use config.php, and other config file (php) to use Vault as credentials authenticator with renewable token .
Config.php
$filename = '/tmp/token'; // Temporary filename for token store $vlt_url = getenv('VAULT_ADDR'); // Set Vault server information in environment variables $vlt_port = getenv('VAULT_PORT');
if (file_exists($filename)) {
$myfile = fopen($filename, "r+");
$token = fread($myfile, filesize($filename));
fclose($myfile);
echo $contents ;
# Renew Token if not max TTL
$ch = curl_init();
$headers = array();
$headers[] = 'X-Vault-Token:' . $token;
curl_setopt($ch, CURLOPT_URL, $vlt_url.":".$vlt_port."/v1/auth/token/renew-self");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$json_secrets = curl_exec($ch);
$GLOBALS['token'] = json_decode($json_secrets)->{'auth'}->{'client_token'};
curl_close($ch);
}
if ($GLOBALS['token'] == "") {
# GET New token
# Vault Login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $vlt_url.":".$vlt_port."/v1/auth/nextcloud/login");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, '{"role_id":"'.getenv('role_id').'","secret_id":"'.getenv('secret_id').'"}');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$json_return = curl_exec($ch);
curl_close($ch);
# Parse Token
$json_token = json_decode($json_return);
$GLOBALS['token'] = $json_token->{'auth'}->{'client_token'};
$_ENV['token'] = $GLOBALS['token'];
$myfile = fopen("/tmp/token", "w+");
fwrite($myfile, $GLOBALS['token']);
fclose($myfile);
}
Exemple for database config file
$vlt_path = getenv('VAULT_NEXTCLOUD_DB_PATH'); // Env var for path in vault
# Set Headers with Token
$headers = array();
$headers[] = 'X-Vault-Token:' . $GLOBALS['token'];
# Get credentials
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $vlt_url.":".$vlt_port."/v1/".$vlt_path);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$json_secrets = curl_exec($ch);
curl_close($ch);
#echo "[DEBUG] : " . $json_secrets;
# Set variables
$user = json_decode($json_secrets)->{'data'}->{'data'}->{'MYSQL_USER'};
$pass = json_decode($json_secrets)->{'data'}->{'data'}->{'MYSQL_PASSWORD'};
$database = json_decode($json_secrets)->{'data'}->{'data'}->{'MYSQL_DATABASE'};
#$host = json_decode($json_secrets)->{'data'}->{'data'}->{'MYSQL_HOST'};
#$port = json_decode($json_secrets)->{'data'}->{'data'}->{'MYSQL_PORT'};
# Configure database
$CONFIG = array (
'dbtype' => 'mysql',
'dbhost' => getenv('MYSQL_HOST'),
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbname' => $database,
'dbuser' => $user,
'dbpassword' => $pass,
);
exemple for smtp.config.php
> $vlt_path = getenv('VAULT_GMAIL_PATH');
#Set headers with token
$headers = array();
$headers[] = 'X-Vault-Token:' . $GLOBALS['token'];
# Get credentials
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $vlt_url.":".$vlt_port."/v1/".$vlt_path);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$json_secrets = curl_exec($ch);
curl_close($ch);
# Set variables
$user = json_decode($json_secrets)->{'data'}->{'data'}->{'name'};
$pass = json_decode($json_secrets)->{'data'}->{'data'}->{'password'};
$host = json_decode($json_secrets)->{'data'}->{'data'}->{'host'};
$port = json_decode($json_secrets)->{'data'}->{'data'}->{'port'};
$mail_from = json_decode($json_secrets)->{'data'}->{'data'}->{'mail'};
$domain = json_decode($json_secrets)->{'data'}->{'data'}->{'domain'};
#if ($host && $mail_from && $domain) {
$CONFIG = array (
'mail_smtpmode' => 'smtp',
'mail_smtphost' => $host ?: '',
'mail_smtpport' => $port ?: '25',
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
'mail_smtpauth' => $user && $pass,
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
'mail_smtpname' => $user ?: '',
'mail_smtppassword' => $pass ?: '',
'mail_from_address' => $mail_from,
'mail_domain' => $domain,
);
#}
It’s not perfect but it works. I hope this will help
Sylvain