PHPackages                             dwgebler/encrypted-fields-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. dwgebler/encrypted-fields-bundle

ActiveSymfony-bundle[Security](/categories/security)

dwgebler/encrypted-fields-bundle
================================

Symfony bundle adding support to automatically encrypt fields of Doctrine entities

2.0.0(1mo ago)64041MITPHPPHP ^8.2

Since Nov 17Pushed 1mo ago1 watchersCompare

[ Source](https://github.com/dwgebler/encrypted-fields-bundle)[ Packagist](https://packagist.org/packages/dwgebler/encrypted-fields-bundle)[ RSS](/packages/dwgebler-encrypted-fields-bundle/feed)WikiDiscussions master Synced yesterday

READMEChangelog (5)Dependencies (22)Versions (6)Used By (0)

Encrypted Fields Bundle
=======================

[](#encrypted-fields-bundle)

Version 2.0
-----------

[](#version-20)

Version 2.0 fixes a silent data-loss bug in `preUpdate` that affected 1.x, skips unnecessary re-encryption of unchanged values, fixes key rotation for `useMasterKey` and custom-`key:` fields, and supports UUID and composite primary keys.

If upgrading from 1.x, see [UPGRADE-2.0.md](UPGRADE-2.0.md).

This bundle provides a way to encrypt and decrypt fields in your Doctrine entities with a simple attribute.

You provide a single master key in your configuration and the bundle will generate a unique key for each row in any table containing encrypted fields.

These encryption keys are stored in a separate table and are encrypted with the master key.

Installation
------------

[](#installation)

Note: This package requires the OpenSSL extension.

Configure the Flex recipe repository:

This step is optional, however without it, you will need to create the configuration file detailed in the Configuration section manually, before installing the package.

In your project's `composer.json`, add the following entry, or if you already have a `symfony.extra.endpoint` entry, add the URL to the list.

```
    "extra": {
        "symfony": {
          "endpoint": [
               "https://api.github.com/repos/dwgebler/flex-recipes/contents/index.json",
               "flex://defaults"
            ]
        }
    }
```

Install the package:

```
composer require dwgebler/encrypted-fields-bundle
```

You will need to generate a migration to add the `encryption_key` table to your database:

```
php bin/console make:migration
```

Usage
-----

[](#usage)

### Configuration

[](#configuration)

Add the following configuration to your `config/packages/gebler_encrypted_fields.yaml`:

```
encrypted_fields:
  master_key: '%env(trim:file:ENCRYPTED_FIELDS_KEY)%' # or other value of your choice
  cipher: 'aes-256-gcm' # this is optional, default is 'aes-256-gcm'
```

The master key should be encoded as hexadecimal and the appropriate length for the algorithm you've chosen.

For the default algorithm, the key length is 256 bits (32 bytes).

If you are using the default algorithm, a master key file can be generated with the following command:

```
php -r "file_put_contents('master.key', bin2hex(random_bytes(32)));"
```

### Entity

[](#entity)

Add the `Gebler\EncryptedFieldsBundle\Attribute\EncryptedField` attribute to the fields you want to encrypt:

You can also selectively encrypt fields of arrays by using the `elements` option of the attribute.

```
use Gebler\EncryptedFieldsBundle\Attribute\EncryptedField;

class Foo
{
    #[EncryptedField]
    private string $bar;

    #[EncryptedField(elements: ['baz'])]
    private array $qux;

    // Use the `useMasterKey` option to encrypt with the master key instead of a field-specific key
    #[EncryptedField(useMasterKey: true)]
    private string $quux;

    // Use the `key` option to specify a custom key
    #[EncryptedField(key: 'some_custom_key_just_for_this_property')]
    private string $corge;
}
```

### Encryption

[](#encryption)

When you persist or update an entity with encrypted fields, the bundle will automatically encrypt the fields before inserting or updating the row in the database.

### Decryption

[](#decryption)

When you retrieve an entity with encrypted fields, the bundle will automatically decrypt the fields before returning the entity.

### Key Rotation

[](#key-rotation)

If you need to rotate the master key, you can do so by running the following command:

```
php bin/console gebler:encryption:rotate-key --generate-new-key
```

This will generate a new master key and re-encrypt all the data in the database with new keys. The new key will be output to the console at the end of the process.

If you need to apply a known decryption key (for example, you've taken a database backup from a different environment), you can do so by running the following command:

```
php bin/console gebler:encryption:rotate-key --database-key=
```

Where `` is the hexadecimal representation of the key you want to apply. Or, to use a key in a file:

```
php bin/console gebler:encryption:rotate-key --database-key-file=/path/todatabase.key
```

These commands will decrypt all the data in the database with the database key supplied and re-encrypt with the configured application master key.

You can combine the two options above with `--generate-new-key` to generate a new master key also:

```
php bin/console gebler:encryption:rotate-key --generate-new-key --database-key=
```

###  Health Score

47

—

FairBetter than 93% of packages

Maintenance93

Actively maintained with recent releases

Popularity19

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity55

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 97.3% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~139 days

Total

5

Last Release

36d ago

Major Versions

1.2.2 → 2.0.02026-05-28

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/646585?v=4)[dwgebler](/maintainers/dwgebler)[@dwgebler](https://github.com/dwgebler)

---

Top Contributors

[![dwgebler](https://avatars.githubusercontent.com/u/646585?v=4)](https://github.com/dwgebler "dwgebler (36 commits)")[![GromNaN](https://avatars.githubusercontent.com/u/400034?v=4)](https://github.com/GromNaN "GromNaN (1 commits)")

###  Code Quality

TestsPHPUnit

Static AnalysisPsalm

Type Coverage Yes

### Embed Badge

![Health badge](/badges/dwgebler-encrypted-fields-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/dwgebler-encrypted-fields-bundle/health.svg)](https://phpackages.com/packages/dwgebler-encrypted-fields-bundle)
```

###  Alternatives

[open-dxp/opendxp

Content &amp; Product Management Framework (CMS/PIM)

9421.6k61](/packages/open-dxp-opendxp)[2lenet/crudit-bundle

The easy like Crud'it Bundle.

1616.4k14](/packages/2lenet-crudit-bundle)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
