neo3k/laravel-kms-encryption

Replace Laravel's built-in encryption with an encryption based on AWS KMS

Maintainers

Details

github.com/neo3k/laravel-aws-kms

Homepage

Source

Issues

Installs: 2

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 1

Forks: 1

Open Issues: 0

1.0.0 2022-05-12 19:00 UTC

Requires

Requires (Dev)

MIT b5c4216436f0e7d48395a112076fb695785fdc18

  • Boris Vera <borisvm90.woop@gmail.com>
  • Arnaud Becher <arnaud.becher.woop@gmail.com>

encryptionawslaravelkms

This package is auto-updated.

Last update: 2024-05-12 23:46:32 UTC

README

Forked from https://github.com/smknstd/laravel-kms-encryption

Introduction

This package replaces Laravel's built-in encryption with an encryption based on AWS KMS.

Two major features provided by kms are:

  • ability to automatically rotate key (annually) without deleting the previous ones
  • you don’t have access to the actual key, which means you can’t leak it

This package has been based on this blogpost

Installation

This package requires Laravel 9.x or higher.

You can install the package via composer:

composer require smknstd/laravel-kms-encryption

Next you should publish the config file, and setup your values :

php artisan vendor:publish --provider="Smknstd\LaravelKmsEncryption\LaravelKmsEncryptionServiceProvider"

If you want to use IAM Roles that are already setup, aws sdk will automatically use them by default. Otherwise, you should setup credentials to the proper aws user allowed to "use" the given kms key, by adding a kms section in your config/services.php file :

    'kms' => [
        'key' => env('AWS_ACCESS_KEY_ID'),
        'secret' => env('AWS_SECRET_ACCESS_KEY'),
        'region' => env('AWS_REGION'),
    ],

Now everytime you'll encrypt something it will use the provided kms key. It includes all fields using eloquent's encrypted casting. If you have previously encrypted data, be aware that you won't be able to decrypt it.

Cookies encryption

If you use laravel's middleware EncryptCookies, it can't work with kms. To let the middleware continue working with laravel's encrypter you need to edit App\Http\kernel.php. Just replace the existing middleware with :

   protected $middlewareGroups = [
     'web' => [
         \Smknstd\LaravelKmsEncryption\Middleware\EncryptCookies::class,
         ...
     ]
   ]

Testing

composer test

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

License

The MIT License (MIT). Please see License File for more information.