Encrypted symfony entity's by verified and standardized libraries

4.0.5 2019-05-31 01:46 UTC



This is a fork from the original bundle created by ambta which can be found here: ambta/DoctrineEncryptBundle

This bundle has updated security by not rolling it's own encryption and using verified standardized library's from the field.

Using Halite

To use Halite (much faster, but uses php-extension sodium, and libsodium)

composer require "ext-sodium >=7.2" "paragonie/halite >=4.3" "paragonie/sodium_compat >=1.5"

// Config.yml
    encryptor_class: Halite

Using Defuse

To use Defuse, you will only need the package.

composer require "defuse/php-encryption ^2.0"

// Config.yml
    encryptor_class: Defuse


Add the @Encrypted annotation on entities you wish to encrypt.

Currently this package only supports strings and blobs. Encrypted strings will take more space than their un-encrypted counterparts, so if you limit their length, you may want to consider increasing the length by around 4x (with a minimum of around 250 characters for even very short strings).

For example

 * @ORM\Column(type="string", length=250)

changes to

 * @Encrypted
 * @ORM\Column(type="string", length=1000)

See Usage

Secret key

Secret key is generated if there is no key found. This is automatically generated and stored in the folder defined in the configuration

// Config.yml
    secret_directory_path: '%kernel.project_dir%'   # Default value

Filename example: .DefuseEncryptor.key or .HaliteEncryptor.key

If you lose this key, you've lost access to the data. So you may want to back it up securely.

Do not forget to add these files to your .gitignore file, you do not want this on your repository!