smknstd / laravel-kms-encryption
Replace Laravel's built-in encryption with an encryption based on AWS KMS
Fund package maintenance!
smknstd
Requires
- php: ^8.0
- aws/aws-sdk-php: ^3.191
- illuminate/contracts: ^8.37
- spatie/laravel-package-tools: ^1.4.3
Requires (Dev)
- brianium/paratest: ^6.2
- nunomaduro/collision: ^5.3
- orchestra/testbench: ^6.15
- phpunit/phpunit: ^9.3
- spatie/laravel-ray: ^1.23
- vimeo/psalm: ^4.8
This package is auto-updated.
Last update: 2024-11-11 18:49:55 UTC
README
Introduction
This package replaces Laravel's built-in encryption with an encryption based on AWS KMS.
Two major features provided by kms are:
- ability to automatically rotate key (annually) without deleting the previous ones
- you don’t have access to the actual key, which means you can’t leak it
This package has been based on this blogpost
Installation
This package requires Laravel 8.x or higher.
You can install the package via composer:
composer require smknstd/laravel-kms-encryption
Next you should publish the config file, and setup your values :
php artisan vendor:publish --provider="Smknstd\LaravelKmsEncryption\LaravelKmsEncryptionServiceProvider"
If you want to use IAM Roles that are already setup, aws sdk will automatically use them by default. Otherwise, you should setup credentials to the proper aws user allowed to "use" the given kms key, by adding a kms section in your config/services.php
file :
'kms' => [
'key' => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'region' => env('AWS_REGION'),
],
Now everytime you'll encrypt something it will use the provided kms key. It includes all fields using eloquent's encrypted casting. If you have previously encrypted data, be aware that you won't be able to decrypt it.
Cookies encryption
If you use laravel's middleware EncryptCookies
, it can't work with kms. To let the middleware continue working with laravel's encrypter you need to edit App\Http\kernel.php
. Just replace the existing middleware with :
protected $middlewareGroups = [
'web' => [
\Smknstd\LaravelKmsEncryption\Middleware\EncryptCookies::class,
...
]
]
Testing
composer test
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.