Protection for your laravel backups

v3.2 2020-03-10 07:48 UTC

This package is auto-updated.

Last update: 2020-06-29 18:30:21 UTC


Latest Version on Packagist Software License Build Status Scrutinizer Score


Secure your backups

This package helps you encrypt and password-protect your backups taken with Spatie's fantastic spatie/laravel-backup-package.

Backup Shield simply listens for when the .zip-file generated by Laravel-backup is done, grabs it and applies your password and encryption of your liking.

Using older versions of Laravel? Check out the v1 branch (for Laravel 5.2) and the v2 branch.


composer require olssonm/laravel-backup-shield

Supports laravel/framework: "^5.8" and above (including Laravel 6 & 7.) Requires PHP: "^7.1".

Please note that spatie/laravel-backup: "^6" and laravel/framework: "^6.0|^7.0" requires PHP 7.2.


Publish your configuration using php artisan vendor:publish and select BackupShieldServiceProvider. Or directly via php artisan vendor:publish --provider="Olssonm\BackupShield\BackupShieldServiceProvider".

You only have the ability to set two different options; password and encryption.

// Default configuration; backup-shield.php
return [
    'password' => env('APP_KEY'),
    'encryption' => \Olssonm\BackupShield\Encryption::ENCRYPTION_DEFAULT


Your password (duh). The default is the application key (APP_KEY in your .env-file). You might want to set something more appropriate. Remember to use long strings and to keep your password safe – without it you will never be able to open your backup.

Set to NULL if you want to keep your backup without a password.


Set your type of encryption. Available options are:

\Olssonm\BackupShield\Encryption::ENCRYPTION_DEFAULT (PHP < 7.2: PKWARE/ZipCrypto, PHP >= 7.2: AES 128)
\Olssonm\BackupShield\Encryption::ENCRYPTION_WINZIP_AES_128 (AES 128)
\Olssonm\BackupShield\Encryption::ENCRYPTION_WINZIP_AES_192 (AES 192)
\Olssonm\BackupShield\Encryption::ENCRYPTION_WINZIP_AES_256 (AES 256)

Important information regarding encryption

Using the ENCRYPTION_DEFAULT (PKWARE/ZipCrypto) crypto gives you the best portability as most operating systems can natively unzip the file – however, ZipCrypto might be weak. The Winzip AES-methods on the other hand might require a separate app and/or licence to be able to unzip depending on your OS; suggestions for macOS are Keka and Stuffit Expander.

Also to note is that when zipping very large files ZipCrypto might be very inefficient as the entire data-set will have to be loaded into memory to perform the encryption, if the zipped file's content is bigger than your available RAM you will run out of memory.

Differences when using PHP < 7.2 and PHP >= 7.2

Since PHP 7.2 (coupled with zip-extension >= 1.14.0) PHP can natively password-protect .zip-files via the ZipArchive-methods. If these conditions are met, ZipArchive is used. Else, the package will automatically use the nelexa/zip-package.

The former might be less memory-intensive.


$ composer test


$ phpunit


The MIT License (MIT). Please see the LICENSE.md for more information.

© 2020 Marcus Olsson.