Tenant Security Client PHP

The SDK is published to Packagist. Refer to their docs on how to add this library as a dependency to your existing PHP application. The minimum PHP version supported by this library is PHP 7.4.

Quickstart

This is a minimal example of round tripping a document.
<?php
declare(strict_types=1);
namespace IronCore;
use Exception;
use IronCore\Exception\TenantSecurityException;

// Initialize the SDK
$TSP_ADDRESS = "http://localhost:32804";
$API_KEY = getenv("API_KEY");
$tenantSecurityClient = new TenantSecurityClient($TSP_ADDRESS, $API_KEY);

$TENANT_ID = getenv("TENANT_ID");

// Create metadata used to associate this document to a tenant, name the document, and
// identify the service or user making the call
$metadata = new RequestMetadata($TENANT_ID, new IclFields("serviceOrUserId", "PII"), []);

// Create a map containing your data
$custRecord = [
    "ssn" => new Bytes("000-12-2345"),
    "address" => new Bytes("2825-519 Stone Creek Rd, Bozeman, MT 59715"),
    "name" => new Bytes("Jim Bridger")
];

// Use the SDK to encrypt the record
try {
    $encryptedResults = $tenantSecurityClient->encrypt($custRecord, $metadata);
} catch (Exception $e) {
    echo 'Caught exception: ',  $e->getMessage(), "\n";
    exit(1);
}

$edek = $encryptedResults->getEdek();
$encryptedDocument = $encryptedResults->getEncryptedFields();
// This is where you would persist the EDEK and encryptedDocument to your persistence layer
// Later, after you retrieve the EDEK and encryptedDocument from your persistence layer...
$retrievedEncryptedDocument = new EncryptedDocument($encryptedDocument, $edek);

try {
    $decryptedPlaintext = $tenantSecurityClient->decrypt($retrievedEncryptedDocument, $metadata);
} catch (Exception $e) {
    echo 'Caught exception: ',  $e->getMessage(), "\n";
    exit(1);
}
$decryptedValues = $decryptedPlaintext->getDecryptedFields();

Examples

Examples of using the Tenant Security Client SDK to protect sensitive data can be found on GitHub.

Docs

See the docs for a more complete register of all exposed classes and methods.

Changelog

The changelog can be viewed in the library repository.