PHP SDK

The PHP language wrapper for interacting with the Bitwarden Secrets Manager. The SDK, like the Secrets Manager CLI built on-top of it, can be used to execute the following operations:

• Authenticate using an access token.
• Retrieve a single secret or all secrets in a project.
• List all secrets, secrets in a project, or projects.

Note

This SDK is a beta release. Therefore, some functionality may be missing.

Requirements

Setting up a Secrets Manager account prior to using the PHP SDK is reccomended. This includes:

• Enabling the Secrets Manager CLI.
• Setting up machine accounts.
• Setting up access tokens.

Dependencies

• PHP version 8.0 or newer
• Composer
• Bitwarden C libraries. Generate using the BitwardenSDK and following instructions in the readme (requires Rust).

Note

If you are not using the standalone version of this library, the files will be placed in target/debug folder if you are using from the BitwardenSDK repository.

GitHub Repository

Locate the PHP GitHub repository here.

Build locally

Initialize BitwardenSettings by passing in api_url and identity_url. If these values are not defined in /.env, Bitwarden will use defaults https://api.bitwarden.com and https://identity.bitwarden.com for api_url and identity_url respectively.

$access_token = '<your token here>';
$api_url = "<api url>";
$identity_url = "<identity url>";
$bitwarden_settings = new \Bitwarden\Sdk\BitwardenSettings($api_url, $identity_url);

$bitwarden_client = new \Bitwarden\Sdk\BitwardenClient($bitwarden_settings);
$bitwarden_client->access_token_login($access_token);

After successful authorization, you can interact with the client to manage projects and secrets.

$organization_id = "<your organization id here>";

$bitwarden_client = new \Bitwarden\Sdk\BitwardenClient($bitwarden_settings);
$res = $bitwarden_client->access_token_login($access_token);

Secrets Manager operations

Once the Bitwarden client has been created and authorized, Secrets Manager CLI commands can be passed into the client.

Projects

The project command is used to access, manipulate, and create projects. The scope of access assigned to your machine account will determine what actions can be completed with the project command.

create project

$name = "PHP project"
$res = $bitwarden_client->projects->create($name, $organization_id);
$project_id = $res->id;

get project

$res = $bitwarden_client->projects->get($project_id);

list projects

$res = $bitwarden_client->projects->list($organization_id);

update projects

$name = "Updated PHP project"
$res = $bitwarden_client->projects->put($project_id, $name, $organization_id);

delete project

$res = $bitwarden_client->projects->delete([$project_id]);

Secrets

The secret command is used to access, manipulate and create secrets. As with all commands, secrets and projects outside your access token’s scope of access cannot be read or written-to.

create secret

$key = "AWS secret key";
$note = "Private account";
$secret = "76asaj,Is_)"
$res = $bitwarden_client->secrets->create($key, $note, $organization_id, [$project_id], $secret);
$secret_id = $res->id;

get secret

$res = $bitwarden_sdk->secrets->get($secret_id);

list secret

$res = $bitwarden_client->secrets->list($organization_id);

update secret

$note = "Updated account";
$key = "AWS private updated"
$secret = "7uYTE,:Aer"
$res = $bitwarden_client->secrets->update($secret_id, $key, $note, $organization_id, [$project_id], $secret);

delete secret

$res = $bitwarden_sdk->secrets->delete([$secret_id]);