You can use our PHP SDK to:

Encrypt data server-side
Invoke Functions
Decrypt data through Outbound Relay

Encrypting data with our backend SDKs instead of Inbound Relay may expose you to greater compliance burden because plaintext data touches your server before it is encrypted.

Instead you can:

Use an Inbound Relay to encrypt data before it reaches your server.
Use our client-side SDKs to encrypt data before sending it to your server.

Quickstart

Dependencies

The Evervault SDK requires PHP 7.1.0 or later.

The bindings also require the following extensions:

If you install the bindings using Composer, these should automatically be installed. Otherwise, ensure that the extensions are available on your system.

Install SDK

Our PHP SDK is distributed via Composer, or it can be installed manually.

You can install the Evervault PHP bindings using Composer. Simply run the following command:

1
$ composer require evervault/evervault-php

To use the bindings, use Composer's autoload:

1
require_once('vendor/autoload.php');

Initialize SDK

The SDK needs to be initialized with an App's API Key. If you don't have one yet, you can get one by creating an App in the Evervault Dashboard.

1
<?php
2
use \Evervault\Evervault;
3
4
$evervault = new Evervault('<API_KEY>');

Encrypt a string

Now that the SDK is initialized, we can encrypt a string.

1
$encrypted = $evervault->encrypt('Hello, world!');

Pulling all of this together leaves us with the following working example. You can copy and paste the code below (using a sandbox API key), run it in your own environment and run the encryption and decryption for yourself.

1
<?php
2
use \Evervault\Evervault;
3
4
$evervault = new Evervault('<API_KEY>');
5
6
$encryptedName = $evervault->encrypt('Alice');
7
8
$ch = curl_init();
9
curl_setopt($ch, CURLOPT_URL, 'https://example.com');
10
11
$evervault->enableOutboundRelay($ch);
12
$response = curl_exec($ch);
13
curl_close($ch);
14
15
echo $response;

Reference

$evervault->encrypt($data)

Encrypts data using Evervault Encryption. Evervault Strings can be used across all of our products. To encrypt data using the PHP SDK, simply pass a string or array into the encrypt() method.

The encrypted data can be stored in your database as normal and can be used with any of Evervault’s other services.

1
<?php
2
$evervault = new Evervault('<API_KEY>');
3
4
$encrypted = $evervault->encrypt('Alice');
5
6
echo $encrypted;

Parameters

$dataRequiredstring | array

The data to encrypt.

$evervault->run($functionName, $data, $options)

Lets you invoke an Evervault Function with a given payload.

1
<?php
2
$evervault = new Evervault('<API_KEY>');
3
4
$encrypted = $evervault->encrypt('Alice');
5
6
$result = $evervault->run(
7
    'hello-function',
8
    (object) [
9
        'name' => 'Claude Shannon',
10
        'ssn' => 'ev:encrypted_string'
11
    ],
12
    (object) [
13
        'async' => false,
14
        'version' => null 
15
    ]
16
);

Parameters

$functionNameRequiredstring

Name of the function the run token is for.

$payloadRequiredarray

Payload for the function.

$options

Additional options for running the function.

$options->asyncboolean, Default: false

Run your Function in async mode. Asynchronous Function runs will be queued for processing and return a 200 OK response saying your run has been queued.

$options->versioninteger, Default: null

Specify the version of your Function to run. By default, the latest version will be run.

Response

Function runs will return a JSON object containing a Function Run ID and the result from your Function in the following format:

1
{
2
  "result": {
3
    "message": "Hello from a Function! It seems you have 14 letters in your name",
4
    "name": "ev:RFVC:TTLHY04oVJlBuvPx:A7MeNriTKFES0Djl9uKaPvHCAn9PjSfOHu7tswXFCHF9:jwYKE13o3iQlr6Dn/DRk80XpNOGb:$"
5
  },
6
  "runId": "09413338da56",
7
  "appUuid": "app_dfda72e016b1"
8
}

$evervault->createRunToken($functionName, $data)

Creates a single use, time bound token (5 minutes) for invoking an Evervault Function with a given payload. If the payload is an empty object, the Run Token will be valid for any payload.

Run Tokens can be used to invoke an Evervault Function client-side without providing a sensitive API Key.

1
<?php
2
$evervault = new Evervault('<API_KEY>');
3
4
$runToken = $evervault->createRunToken(
5
    'hello-function',
6
    (object) [
7
        'name' => 'Claude Shannon',
8
        'ssn' => 'ev:encrypted_string'
9
    ]
10
);
11
12
var_dump($runToken);

Parameters

$functionNameRequiredstring

Name of the Function the Run Token is for.

$dataRequiredarray

Payload that the token can be used with.

Response

When you create a Run Token, the SDK will return a JSON object containing your token.

1
{
2
  "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlciI6IjAuMCJ9.eyJhcHBVdWlkIjoiYXBwX2RmZGE3MmUwMTZiMCIsImZ1bmN0aW9uTmFtZSI6ImhlbGxvLWNhZ2UtdGFsbC13YWxscy10cmF2ZWwiLCJydW5JZCI6IjRiMjhmMzNlLWU3NjYtNDI2OC1iNmY2LTUyYzZkM2VmMGQzYyIsImV4cCI6MTY2Nzg3Njc2Nn0.gCiFw7UJ8gjZfeXNEaqX4H1Y9HBX9avjioZ4yDU8PTtmGT4QTzVOhnDV46v_yyXLxpO1BgzoBRpYbLciiW1_QXSLmx6cCuJy4vHUZwssHT13vB7AXIl_88Ab5R7w9vpOQIDoCjhPVWJsolwUiiGh_5yE4wGv6WPTIfSv249_hpJLMz3AAffXUckiLPxFporY73KXtTANQH_zniivB91KdBnyGhle7gTs1EXWLqpdMIrqOz9cmoXU31DGd-AgeMzM082s_XtdCFq7FNLLtg6Nx8Mx8Bjl0cKV41R-jbTpHSXxutLX-PSDmWn5wSqDhlQoEWdTLsoS6xp7qhZ2urYyYg"
3
}

Run Tokens can then be used to authenticate Function runs from the client-side.

shamir:~$

curl -X POST https://run.evervault.com/hello-function \
		 -H 'Authorization: Bearer eyJ..Tg' \
		 -H 'Content-Type: application/json' \
		 --data '{"name": "Claude Shannon", "ssn": "ev:encrypted_string"}'

The payload used to invoke your Function must be identical to the payload used to create the Run Token.

$evervault->enableOutboundRelay($curlHandler)

Configures your application to proxy HTTP requests using Outbound Relay for any requests to Outbound Relay destinations sent using the cURL handler provided.

Outbound Relay must be enabled for a CurlHandle after the destination URL has been set, and before curl_exec() is called.

1
<?php
2
$evervault = new Evervault('<API_KEY>');
3
4
$curlHandler = curl_init();
5
6
curl_setopt($ch, CURLOPT_URL, 'https://example.com');
7
$evervault->enableOutboundRelay($curlHandler);
8
9
$response = curl_exec($ch);
10
curl_close($ch);

Parameters

$curlHandlerRequiredCurlHandle

If the destination URL has been added as an Outbound Relay destination in the Evervault Dashboard, any requests sent to this destination using the CurlHandle provided will be proxied through Outbound Relay.