heliip / laravel-encrypted-responses
Laravel middleware to encrypt API responses using Laravel Crypt with optional compressed payloads.
Maintainers
Package info
github.com/cponce-framepexls/laravel-encrypted-responses
pkg:composer/heliip/laravel-encrypted-responses
Requires
- php: ^8.3
- ext-json: *
- ext-zlib: *
- illuminate/contracts: ^13.0
- illuminate/encryption: ^13.0
- illuminate/http: ^13.0
- illuminate/support: ^13.0
- symfony/http-foundation: ^7.4|^8.0
Requires (Dev)
- orchestra/testbench: ^11.0
- phpunit/phpunit: ^11.5.50|^12.5.8|^13.0
This package is auto-updated.
Last update: 2026-06-10 05:20:51 UTC
README
Laravel package for encrypting API responses with Laravel's Crypt service.
Requirements
- PHP 8.3 or higher
- Laravel 13
- PHP extensions:
json,zlib
Installation
composer require heliip/laravel-encrypted-responses php artisan vendor:publish --tag=encrypted-responses-config
Usage
Enable automatic registration for the api middleware group:
ENCRYPT_RESPONSES_AUTO_REGISTER=true
Or register the middleware manually in bootstrap/app.php:
use Heliip\LaravelEncryptedResponses\Http\Middleware\EncryptResponse; use Illuminate\Foundation\Configuration\Middleware; ->withMiddleware(function (Middleware $middleware) { $middleware->api(append: [ EncryptResponse::class, ]); })
For specific routes, use the middleware alias:
Route::middleware('encrypt.responses')->get('/profile', ProfileController::class);
Configuration
The configuration file is published to config/encrypted-responses.php.
Common environment variables:
ENCRYPT_RESPONSES_ENABLED=true ENCRYPT_RESPONSES_AUTO_REGISTER=false ENCRYPT_RESPONSES_JSON_ENCODED_COMPRESSED_PAYLOAD=true ENCRYPT_RESPONSES_COMPRESS=true ENCRYPT_RESPONSES_COMPRESSION_LEVEL=9 ENCRYPT_RESPONSES_OUTPUT=raw ENCRYPT_RESPONSES_CONTENT_TYPE=text/plain
ENCRYPT_RESPONSES_OUTPUT=raw returns the encrypted string as the response body.
ENCRYPT_RESPONSES_OUTPUT=json returns:
{"payload":"encrypted-value"}
Payload Format
With ENCRYPT_RESPONSES_JSON_ENCODED_COMPRESSED_PAYLOAD=true, payloads are encoded as:
Crypt::encryptString(json_encode(base64_encode(gzcompress(json_encode($data), 9))))
Exclusions
The middleware skips:
- Binary file responses
- Streamed responses
- Empty responses such as
204and304 - Excluded paths and route names
- Excluded content types such as images, video, PDF, and ZIP
To skip encryption for a single request:
X-Skip-Response-Encryption: 1
Manual Encryption
use Heliip\LaravelEncryptedResponses\Facades\EncryptedResponse; $encrypted = EncryptedResponse::encrypt(['ok' => true]);
Testing
composer test
License
The MIT License (MIT). See LICENSE.md.