pmingram/laravel-model-encryptor

A model trait for flexible encryption and decryption of data

Maintainers

Details

github.com/pmingram/laravel-model-encryptor

Source

Issues

Installs: 30

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 1

Forks: 0

v1.0.0 2021-01-16 10:21 UTC

Requires

  • php: >=7.0

MIT 1874b8e323a4d0cf8ef268401c5da4559595e472

This package is auto-updated.

Last update: 2024-09-16 18:30:59 UTC

README

Software License PHP Version Latest Version on Packagist

A model trait for flexible encryption and decryption of data

Installation

You can install the package via composer:

composer require pmingram/laravel-model-encryptor

Usage and Configuration

This package is a trait that can be added to any Laravel model you wish to apply encryption to:

use PmIngram\Laravel\ModelEncryptor\HasEncryption;

class ModelName extends Model
{
    use HasEncryption;
}

By default, the trait will apply encryption to any record on creation - but to actually encrypt data, you need to configure some properties within your model:

There is no specific scope requirement for these properties, but it is recommended to use a protected scope.

Encryption and Decryption

Models can be encrypted and decrypted easily with a simple method call:

$model->encrypt();
$model->decrypt();

This will encrypt or decrypt the data within the current model instance, but will not persist the change to the database. This is particularly useful in the event you wish to decrypt the data for presentation (for example, in a view or in a resource for an API endpoint) but you want to keep that data encrypted in the database.

To persist to the database, simply pass true as an optional argument within the method:

$model->encrypt(true);
$model->decrypt(true);

Example Configuration

Model

<?php

namespace App\Models;

use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use PmIngram\Laravel\ModelEncryptor\HasEncryption;

class ExampleModel extends Model
{
    use HasEncryption, HasFactory;

    protected $encryptOnCreate = true;
    protected $encryptionKey = '';
    protected $encryptionSaltColumn = 'column_b';
    protected $encryptionColumnKeys = [
        'column_c', 'column_e',
    ];

    protected $fillable = [
        'column_a', 'column_b', 'column_c', 'column_d', 'column_e',
    ];

    public function __construct(array $attributes = [])
    {
        $this->encryptionKey = config('encryptionkeys.model.example');

        parent::__construct($attributes);
    }
}

Laravel Configuration File - "encryptionkeys.php"

<?php

return [
    'models' => [
        'example' => env('ENCKEY_MODEL_EXAMPLE', null),
    ]
];

Environment Variable (.env)

ENCKEY_MODEL_EXAMPLE=somerandomstring

Recommendation on Encryption Keys and Security

While it is entirely possible to store the model-level encryption key within the model itself, as a string in the $encryptionKey property, it is strongly advised to abstract the string out to a configuration file as per the example above, then use the .env file to set the strings.

It is both bad practice and a security risk to store encryption keys and passwords within a codebase, especially when that codebase is persisted to a VCS such as Git or SVN.

Important Note

The Laravel application key is used with this trait. If the application key is changed, any encrypted data will no longer be readable. Of course this is the case with any encryption routines deployed, but should be considered if you need to change your application's key.

License

The MIT License (MIT). Please see License File for more information.