Suggestion: Retrieve Keys from Key Vaults

[edgreenberg]

On Azure and AWS, there is a secure Key and Secret storage system. Azure calls this KeyVault. AWS calls it KMS.

When using oauth2-server, which is installed in the vendor directory, these secrets are retrieved from static files, in the constructor of CryptKey.

It would be nice to be able to pass these secrets into the Oauth2 package from outside, so that they could be retrieved from the key vault.

In azure, the keys in the key vault are presented to PHP applications via environment variables. Perhaps there could be some configuration that would allow \League\OAuth2\Server::CryptKey to retrieve the keys in a user-provided fashion.

Obviously one doesn't want to change files that are in the vendor directory.

[Sephster]

Hi @edgreenberg. You should be able to just pass the keys to the constructor of the AuthorizationServer and ResourceServer as strings. The constructor will accept either a CryptKeyInterface or a string to cater for the scenario you are describing if I am understanding correctly. Just to check, are you using version 8?

[Sephster]

Closing as not heard back from @edgreenberg - if you'd still like to discuss this, please feel free to reply to this issue and I will be happy to reopen it. Thanks