Posted on Jul 19

Token Vault – Securely Store & Manage API Tokens in Laravel

Managing API tokens across multiple providers can get messy — especially when it comes to securing them and handling expirations.

That’s why I built Token Vault — a Laravel package designed to securely store, encrypt, and manage all types of API tokens in a consistent and standardised way.

🧰 What Is Token Vault?

Token Vault is a Laravel package that provides a clean, encrypted, polymorphic way to store API tokens like:

GitHub personal access tokens
GitLab tokens
Access keys for any third-party API

Everything is encrypted, scoped to a model (e.g. User, Project, etc).

🧩 Features

✅ Encrypted token storage (AES-256 encryption)
✅ Polymorphic support – attach tokens to any model
✅ Built-in expiration support
✅ Safe token masking for UI
✅ Enum support for provider names

🚀 Getting Started

Install the package via Composer:

composer require cleaniquecoders/token-vault

Publish the migration:

php artisan vendor:publish --tag="token-vault-migrations" php artisan migrate

🔧 Usage

1. Use the Trait in Your Model

use CleaniqueCoders\TokenVault\Traits\InteractsWithTokenVault; class User extends Authenticatable { use InteractsWithTokenVault; }

2. Store a Token

use CleaniqueCoders\TokenVault\Enums\Provider; $user->tokens()->create([ 'provider' => Provider::GitHub, 'type' => 'access_token', 'token' => 'ghp_xxxx', // encrypted automatically 'meta' => ['label' => 'Deploy token'], 'expires_at' => now()->addDays(30), ]);

3. Retrieve & Use Tokens

$token = $user->tokens()->latest()->first(); $plainText = $token->getDecryptedToken(); // use cautiously $masked = $token->getMaskedToken(); // safe for display

4. Check Expiry & Validation

$token->isExpired(); // true or false

🔄 Supported Providers

You can define your supported providers using enums via the built-in Provider enum:

use CleaniqueCoders\TokenVault\Enums\Provider; Provider::GitHub->label(); // "GitHub" Provider::GitHub->description() // "GitHub API token"

You can also extend this enum to support additional providers as your app evolves.

🧪 Testing With Pest

This package includes Pest support out of the box with factories and migrations, so testing integration is straightforward.

it('stores encrypted token and decrypts correctly', function () { $user = User::factory()->create(); $token = $user->tokens()->create([ 'provider' => Provider::GitHub, 'type' => 'access_token', 'token' => 'ghp_test123456', ]); expect($token->getDecryptedToken())->toBe('ghp_test123456'); });