ambta/doctrine-encrypt-bundle

Symfony 2 bundle which allows to encrypt data in database with some encrypt algorithm

2.5.6 2020-05-08 14:09 UTC

This package is not auto-updated.

Last update: 2024-11-23 19:31:58 UTC


README

Warning This repository is not actively maintained or developed anymore. In our opinion encrypting database information this way is not good practice and mainly gives little extra protection, but at a huge cost of usability and performance. It can only help when the database itself is stolen without keys. We have now phased it out in our own projects.

Bundle allows to create doctrine entities with fields that will be protected with help of some encryption algorithm in database and it will be clearly for developer, because bundle is uses doctrine life cycle events

This is an fork from the original bundle created by vmelnik-ukrain (Many thanks to him) which can be found here: vmelnik-ukraine/DoctrineEncryptBundle

I improved several things, i make better use of the doctrine events. and it works with lazy loading (relationships)! This will be an long term project we will be working on with long-term support and backward compatibility. We are using this bundle in all our own symfony2 project. More about us can be found on our website. Ambta.com

What does it do exactly

It gives you the opportunity to add the @Encrypted annotation above each string property

/**
 * @Encrypted
 */
protected $username;

The bundle uses doctrine his life cycle events to encrypt the data when inserted into the database and decrypt the data when loaded into your entity manager. It is only able to encrypt string values at the moment, numbers and other fields will be added later on in development.

Advantages and disadvantaged of an encrypted database

Advantages

  • Information is stored safely
  • Not worrying about saving backups at other locations
  • Unreadable for employees managing the database

Disadvantages

  • Can't use ORDER BY on encrypted data
  • In SELECT WHERE statements the where values also have to be encrypted
  • When you lose your key you lose your data (Make a backup of the key on a safe location)

Documentation

This bundle is responsible for encryption/decryption of the data in your database. All encryption/decryption work on the server side.

The following documents are available:

License

This bundle is under the MIT license. See the complete license in the bundle

Versions

I'm using Semantic Versioning like described here

Todos

The following items will be done in order

  1. Review of complete code + fixes/improvements and inline documentation (2.1.1)
  2. Add support for the other doctrine relationships (manyToMany, ManyToOne) (2.2)
  3. Recreate documentation (2.3)
  4. Create example code (2.3)
  5. Create an function to encrypt unencrypted database and vice versa (console command, migration, changed key, etc.) (2.4)
  6. Look for a posibility of automatic encryption of query parameters (2.5)
  7. Look for a posibility to override findOneBy for automatic encryption of parameters (2.6)
  8. Add support to encrypt data by reference to other property as key (Encrypt data specific to user with user key etc.) (2.7)
  9. Add Format-preserving encryption for all data types Doctrine documentation Types (3.0)