irabbi360 / laravel-attribute-mask
Mask Eloquent attributes on retrieval like $casts
Installs: 8
Dependents: 0
Suggesters: 0
Security: 0
Stars: 4
Watchers: 0
Forks: 0
Open Issues: 0
pkg:composer/irabbi360/laravel-attribute-mask
Requires
- php: ^8.1 | ^8.2 | ^8.3 | ^8.4
- illuminate/contracts: ^10.0 | ^11.0 | ^12.0
- spatie/laravel-package-tools: ^1.16
Requires (Dev)
- laravel/pint: ^1.14
- nunomaduro/collision: ^8.8
- orchestra/testbench: ^10.0.0||^9.0.0
- pestphp/pest: ^4.0
- pestphp/pest-plugin-arch: ^4.0
- pestphp/pest-plugin-laravel: ^4.0
README
A Laravel package that automatically masks sensitive model attributes on retrieval. Supports email, phone, and text masking with highly configurable rules.
Features
- Automatic attribute masking on retrieval
- Email, phone, and text masking support
- Configurable mask character and visibility
- Global or per-attribute masking rules
- Auto-detection of phone fields by column name
Installation
composer require irabbi360/laravel-attribute-mask
Publish the config file:
php artisan vendor:publish --tag="attribute-mask-config"
Configuration
The default configuration (config/attribute-mask.php):
return [ 'enabled' => true, 'mask_char' => '*', 'email_masking' => [ 'show_domain' => true, 'show_start' => 1, 'show_end' => 1, ], 'phone_masking' => [ 'show_start' => 3, 'show_end' => 2, 'patterns' => ['phone', 'phone_number', 'mobile', 'mobile_number', ...], ], 'text_masking' => [ 'show_start' => 3, 'show_end' => 3, ], ];
Usage
Define Maskable Attributes
Add the HasMaskedAttributes trait and define maskable attributes using the maskables() method:
use Irabbi360\LaravelAttributeMask\Concern\HasMaskedAttributes; use Illuminate\Database\Eloquent\Model; class User extends Model { use HasMaskedAttributes; /** * Get the attributes that should be masked. */ protected function maskables(): array { return ['email', 'phone', 'phone_number', 'ssn']; } }
Alternatively, use the $maskable property:
class User extends Model { use HasMaskedAttributes; protected array $maskable = ['email', 'phone', 'ssn']; }
Masking Behavior
Attributes are automatically masked on retrieval:
$user = User::find(1); $user->email; // t**t@example.com $user->phone; // 123****90 $user->ssn; // 123***789
Retrieving Original Values
Get the unmasked value using getOriginal():
$user->getOriginal('email'); // test@example.com
Or temporarily disable masking:
config(['attribute-mask.enabled' => false]); $original = $user->email; config(['attribute-mask.enabled' => true]);
Email Masking
Configure email masking behavior:
'email_masking' => [ 'show_domain' => true, // Show domain part 'show_start' => 2, // Show first 2 characters 'show_end' => 2, // Show last 2 characters ],
Examples:
test@example.com→te**t@example.comjohn.doe@example.com→jo**oe@example.com
Phone Masking
Phone fields are auto-detected by column name. Configure visibility:
'phone_masking' => [ 'show_start' => 3, 'show_end' => 2, ],
Examples:
1234567890→123****90+1-555-123-4567→+15-***-67
Add custom phone patterns:
'phone_masking' => [ 'patterns' => ['phone', 'mobile', 'whatsapp', 'fax'], ],
Text Masking
For other text attributes:
'text_masking' => [ 'show_start' => 3, 'show_end' => 3, ],
Examples:
secretpassword→sec********rdAPI_KEY_12345→API***345
Custom Mask Character
Change the mask character globally:
'mask_char' => '#', // Result: test@example.com → t##t@example.com
Disable Masking
Disable globally:
'enabled' => false,
Or temporarily:
config(['attribute-mask.enabled' => false]); $user->email; // Returns unmasked value
Testing
composer test
Changelog
See CHANGELOG.md for details on updates.
Contributing
See CONTRIBUTING.md for contribution guidelines.
Security
Report security vulnerabilities via Security Policy.
Credits
License
The MIT License. See LICENSE.md for details.