matiux/broadway-sensitive-serializer-bundle

Bundle for serializer implementation with support for data sensitization

v1.0.1 2022-09-20 22:01 UTC

This package is auto-updated.

Last update: 2022-09-20 22:01:55 UTC


README

check dependencies test codecov type coverage psalm level security analysis status coding standards status

This bundle is the wrapper for the Broadway Sensitive Serializer library. You can find more info on the base library here.

Setup for development

git clone https://github.com/matiux/broadway-sensitive-serializer-bundle.git && cd broadway-sensitive-serializer-bundle
cp docker/docker-compose.override.dist.yml docker/docker-compose.override.yml
rm -rf .git/hooks && ln -s ../scripts/git-hooks .git/hooks

Install dependencies to run test or execute examples

make build-php ARG="--no-cache"
make upd
make composer ARG="install"

Run test

make build-php ARG="--no-cache"
make upd
make phpunit

Whole Strategy configuration

Read the docs

broadway_sensitive_serializer:
  aggregate_master_key: 'm4$t3rS3kr3tk31' # Master key to encrypt the keys of aggregates. Get it from an external service or environment variable
  key_generator: open-ssl # For now is the only one generator implemented
  # To use the DBAL  implementation, install matiux/broadway-sensitive-serializer-dbal package with composer
  aggregate_keys: broadway_sensitive_serializer.aggregate_keys.dbal
  #aggregate_keys: broadway_sensitive_serializer.aggregate_keys.in_memory # Default implementation, of little use outside of testing
  data_manager:
    name: AES256 # For now, it is the only encryption strategy implemented
    key: null # Encryption key to sensitize data. If null you will need to pass the key at runtime. This is the convenient way, check out the examples and wiki on main library
    iv: null # Initialization vector. If null it will be generated internally and iv_encoding must be set to true. This is the convenient way, check out the examples and wiki on main library
    iv_encoding: true # Encrypt the iv and is appends to encrypted value. It makes sense to set it to true if the iv option is set to null. This is the convenient way, check out the examples and wiki on main library
    #--- Alternatively -----
    #data_manager:
    #  name: AES256
    #  parameters:
    #    AES256:
    #      key: null
    #      iv: null
    #      iv_encoding: true
  strategy:
    name: whole
    aggregate_key_auto_creation: true # Enable AggregateKey model auto creation. This is the convenient way, check out the examples and wiki on main library
    value_serializer: json # Strategy to serialize payload's values. Default json
    excluded_id_key: id # The key of the aggregate id which should not be encrypted
    excluded_keys: # List of keys to be excluded from encryption
      - occurred_at
    events: # List of events supported by the strategy
      - SensitiveUser\User\Domain\Event\AddressAdded
      - SensitiveUser\User\Domain\Event\UserRegistered
  #--- Alternatively -----
  #strategy:
  #  name: whole
  #  parameters:
  #    whole:
  #      aggregate_key_auto_creation: true
  #      value_serializer: json
  #      excluded_id_key: id
  #      excluded_keys:
  #        - occurred_at
  #      events:
  #        - SensitiveUser\User\Domain\Event\AddressAdded
  #        - SensitiveUser\User\Domain\Event\UserRegistered

Partial Strategy configuration

Read the docs

broadway_sensitive_serializer:
  aggregate_master_key: 'm4$t3rS3kr3tk31' # Master key to encrypt the keys of aggregates. Get it from an external service or environment variable
  key_generator: open-ssl # For now is the only one generator implemented
  # To use the DBAL  implementation, install matiux/broadway-sensitive-serializer-dbal package with composer
  aggregate_keys: broadway_sensitive_serializer.aggregate_keys.dbal
  #aggregate_keys: broadway_sensitive_serializer.aggregate_keys.in_memory # Default implementation, of little use outside of testing
  data_manager:
    name: AES256 # For now, it is the only encryption strategy implemented
    key: null # Encryption key to sensitize data. If null you will need to pass the key at runtime. This is the convenient way, check out the examples and wiki on main library
    iv: null # Initialization vector. If null it will be generated internally and iv_encoding must be set to true. This is the convenient way, check out the examples and wiki on main library
    iv_encoding: true # Encrypt the iv and is appends to encrypted value. It makes sense to set it to true if the iv option is set to null. This is the convenient way, check out the examples and wiki on main library
    #--- Alternatively -----
    #data_manager:
    #  name: AES256
    #  parameters:
    #    AES256:
    #      key: null
    #      iv: null
    #      iv_encoding: true
  strategy:
    name: partial
    aggregate_key_auto_creation: true # Enable AggregateKey model auto creation. This is the convenient way, check out the examples and wiki on main library
    value_serializer: json # Strategy to serialize payload's values. Default json
    events: # List of events supported by the strategy
      - SensitiveUser\User\Domain\Event\AddressAdded:
        - address # List of keys to sensitize
      - SensitiveUser\User\Domain\Event\UserRegistered:
        - name
        - surname
  #--- Alternatively -----
  #strategy:
  #  name: partial
  #  parameters:
  #    partial:
  #      aggregate_key_auto_creation: true
  #      value_serializer: json
  #      events:
  #        - SensitiveUser\User\Domain\Event\AddressAdded:
  #           - address
  #        - SensitiveUser\User\Domain\Event\UserRegistered:
  #           - name
  #           - surname

Custom Strategy configuration

Read the docs

broadway_sensitive_serializer:
  aggregate_master_key: 'm4$t3rS3kr3tk31' # Master key to encrypt the keys of aggregates. Get it from an external service or environment variable
  key_generator: open-ssl # For now is the only one generator implemented
  # To use the DBAL  implementation, install matiux/broadway-sensitive-serializer-dbal package with composer
  aggregate_keys: broadway_sensitive_serializer.aggregate_keys.dbal
  #aggregate_keys: broadway_sensitive_serializer.aggregate_keys.in_memory # Default implementation, of little use outside of testing
  data_manager:
    name: AES256 # For now, it is the only encryption strategy implemented
    key: null # Encryption key to sensitize data. If null you will need to pass the key at runtime. This is the convenient way, check out the examples and wiki on main library
    iv: null # Initialization vector. If null it will be generated internally and iv_encoding must be set to true. This is the convenient way, check out the examples and wiki on main library
    iv_encoding: true # Encrypt the iv and is appends to encrypted value. It makes sense to set it to true if the iv option is set to null. This is the convenient way, check out the examples and wiki on main library
    #--- Alternatively -----
    #data_manager:
    #  name: AES256
    #  parameters:
    #    AES256:
    #      key: null
    #      iv: null
    #      iv_encoding: true
  strategy:
    name: custom
    aggregate_key_auto_creation: true # Enable AggregateKey model auto creation. This is the convenient way, check out the examples and wiki on main library
    value_serializer: json # Strategy to serialize payload's values. Default json
  #--- Alternatively -----
  #strategy:
  #  name: custom
  #  parameters:
  #    custom:
  #      aggregate_key_auto_creation: true
  #      value_serializer: json