laranail/db-console
Composer 安装命令:
composer require laranail/db-console
包简介
Self-hosted, multi-server database, user, and privilege management for Laravel: guided flows, engines for MySQL/MariaDB/PostgreSQL/SQL Server/SQLite, scoped RBAC, encrypted catalog, CLI, and an optional REST API with webhooks.
关键字:
README 文档
README
Self-hosted, multi-server database, account, and privilege management for Laravel — guided, auditable flows over MySQL, MariaDB, PostgreSQL, SQL Server, and SQLite, with scoped RBAC, an encrypted catalog, a full CLI, and an optional REST API and webhooks.
Requires PHP ^8.4.1 || ^8.5 and Laravel ^13.0. Headless by design: all logic, no UI (the laranail/db-console-webui package is the thin Livewire/Flux front end). It uses your app's existing database connections — no separate infrastructure to stand up.
db-console is the safe way to run the operations a DBA does by hand — create a database, mint a least-privilege account, grant exactly the rights an app needs, rotate a credential, move a user to a new host — from Laravel, over any number of servers, without ever handing the tool a root account. Every input is allow-list validated, only the engine layer builds SQL (so injection has nowhere to land), secrets redact themselves, privileges are capped below server-wide, and every action lands in a tamper-evident audit trail.
Install
composer require laranail/db-console php artisan db-console:install
The installer publishes the config, runs the catalog migrations, seeds the shipped console roles, assigns the bootstrap Owner (set DB_CONSOLE_OWNER_USER_ID), and runs doctor to health-check your servers.
Point it at a minimal admin account, never root:
CREATE USER 'db_console_admin'@'%' IDENTIFIED BY '…'; GRANT CREATE, DROP, ALTER, INDEX, REFERENCES, CREATE USER, RELOAD ON *.* TO 'db_console_admin'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, INDEX, EXECUTE, CREATE VIEW, SHOW VIEW ON *.* TO 'db_console_admin'@'%' WITH GRANT OPTION;
doctor fails loudly if you point it at a root-like account.
Quick start
Provision a database, a least-privilege account, and its grant in one rollback-safe flow:
php artisan laranail::db-console.wizard \ --server=primary --db=shop_prod --user=shop_app --host=% \ --preset=app_standard --generate
Or drive the services directly from your own code — the same services the CLI, the REST API, and the web UI all call:
use Simtabi\Laranail\DBConsole\Services\DatabaseManager; use Simtabi\Laranail\DBConsole\Domain\{DbName, Charset}; app(DatabaseManager::class)->create('primary', new DbName('shop_prod'), new Charset('utf8mb4'));
Mental model
| Concept | What it is |
|---|---|
| Server | A registered target (config- or catalog-backed) with an engine and a dedicated admin connection. Admin work never rides the app's default connection. |
| Engine | The only layer that builds SQL. Per-dialect (MySQL/MariaDB/Postgres/SQL Server/SQLite), it turns validated value objects into exact statements and declares its honest capabilities. |
| Catalog | A dedicated, optionally-encrypted store of what DBConsole manages. Reads are live from the server; the catalog is history, never the source of truth. |
| Service | DatabaseManager / AccountManager / PrivilegeManager / wizard — authorize → resolve → check capability → ask the engine → run → audit. Every consumer calls these. |
| Secret vault | Four drivers (app-key, KMS, HashiCorp Vault, reference) behind one seam. Secrets redact themselves everywhere. |
| RBAC | Deny-by-default, scope-aware (global ⊇ server ⊇ database), builtin or Spatie-backed. |
Documentation
Full documentation is hosted at https://opensource.simtabi.com/documentation/laranail/db-console/.
Guides
- Installation — requirements, install, the minimal admin account, catalog setup.
- Getting started — register a server, run the wizard, read the audit trail.
- Configuration — every
laranail.db-console.*key. - Architecture — the layers, the invariants, and why they are shaped this way.
- Release — versioning and the release process.
- Comparison — why this exists and how it differs from a raw admin GUI.
Reference
- Engines · Servers & connections · Secret vault · Catalog encryption
- RBAC · Audit trail · Wizard & rollback · Attach / detach · Reconcile
- doctor · Commands · REST API · Webhooks · Events & notifications
Recipes
- Provision a minimal admin per engine
- Configure a KMS / Vault / reference secret driver
- Issue an API token
- Verify a webhook signature
- Use the Spatie RBAC driver
Stability
Pre-1.0. The public surface — services, value objects, the shared validation layer, events, and CLI names — is settling toward a stable 1.0. Breaking changes are called out in UPGRADING.md and the CHANGELOG.
Local development
composer install composer test # Pest — runs entirely on SQLite, no external servers composer lint # Pint, PHPStan (level 8), Rector
The suite is self-contained (in-memory SQLite). Live multi-engine integration against MySQL/MariaDB/PostgreSQL — and a full demo UI — live in laranail/db-console-boilerplate. See CONTRIBUTING.md for conventions.
Sister packages
laranail/console— the command base, formatter, and prompter.laranail/package-tools— the service-provider builder and install flow.laranail/enumerator— the translatable enum toolkit.laranail/db-tools— optional backup, inspection, and audit helpers.laranail/db-console-webui— the thin Livewire + Flux front end for this package.
Community
Questions and ideas are welcome in GitHub Discussions; bugs in Issues.
Contributing & security
See CONTRIBUTING.md. Report vulnerabilities per SECURITY.md (disclosure to opensource@simtabi.com), never in a public issue.
License
MIT — see LICENSE. Copyright (c) 2026 Simtabi LLC.
统计信息
- 总下载量: 0
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 1
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-07-09