PHPackages intersective/lapis - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. intersective/lapis ActiveCakephp-plugin[Security](/categories/security) intersective/lapis ================== CakePHP plugin providing highly secured user-level multi-tiered public-key database encryption. 037[3 issues](https://github.com/intersective/lapis/issues)PHP Since Apr 18Pushed 9y ago5 watchersCompare [ Source](https://github.com/intersective/lapis)[ Packagist](https://packagist.org/packages/intersective/lapis)[ RSS](/packages/intersective-lapis/feed)WikiDiscussions master Synced 2mo ago READMEChangelogDependenciesVersions (1)Used By (0) Lapis ===== [](#lapis) [![Build Status](https://camo.githubusercontent.com/e4884ba01329978fbe8e85f2d1e60bb2f2c6b099d32d3b7da5bf49324322ef1b/68747470733a2f2f7472617669732d63692e6f72672f696e746572736563746976652f6c617069732e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/intersective/lapis)[![License](https://camo.githubusercontent.com/942e017bf0672002dd32a857c95d66f28c5900ab541838c6c664442516309c8a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e7376673f7374796c653d666c61742d737175617265)](LICENSE) CakePHP 2.x plugin providing highly-secured public-key encryption to database I/O. **This is a work-in-progress**. The implementation, documentation and sample code are not only incomplete, they may also change without notice. 3.x plugin will follow soon. Lapis is named after [Kue lapis](https://en.wikipedia.org/wiki/Kue_lapis), a layered cake from Southeast Asia. Similar to the cake, Lapis plugin incorporates a multi-layered encryption scheme to keep your data safe. Motivation ---------- [](#motivation) *TODO: why Lapis* Set up ------ [](#set-up) 1. Install Lapis plugin to your local CakePHP app. 2. Create the necessary tables by running: ``` Console/cake schema create --plugin Lapis ``` 3. Generate the root key pair(s) by following the guided key generator. You would need at least 1 root key pair to use Lapis. ``` Console/cake Lapis.keys generate # follow the guided prompts ``` It is highly recommended to not store private keys unencrypted at the database. If you provide a password to the private key, take note that the password is not stored anywhere in the system. You would have to store the password safely and separately outside of the system. Sample model ------------ [](#sample-model) 1. To prepare a model for Lapis secured document, add a text field named `document` to the associated table. ``` ALTER TABLE `table_name` ADD `document` TEXT NULL DEFAULT NULL; ``` On top of `document` field, you are free to still include other conventional fields such as `id`, `created`, or custom fields such as `title`, etc. Take note that data in conventional fields will not be encrypted, but being native, they would continue to enjoy database-level privilege such as indexing, etc. 2. Update your Model to include `Lapis.SecDoc` behavior and define document schema. Lapis supports the following JSON data types: `string`, `number`, or `boolean`. If you prefer to not enforce data type, you can either specify a document field as `inherit` or use a non-associated array. For illustration, a Book model with Lapis secured document. ``` class Book extends AppModel { public $name = 'Book'; public $actsAs = array('Lapis.SecDoc'); /** * Either number, string or boolean */ public $documentSchema = array( 'author' => 'string', 'pages' => 'number', 'available' => 'boolean' ); // or if you prefer to not enforce JSON data types, you can list the schema as such // public $documentSchema = array('author', 'pages', 'available'); } ``` 3. To save to a secured document model, you would specify the *lowest key(s)* you would want to provide access privilege to. Lapis would sign the document for all the specified public keys and their respective ancestors all the way to root key(s). ``` $data = array( // Conventional database fields 'title' => 'Book Title', // Secured document 'author' => 'John Doe', 'pages' => 488, 'available' => true ); $this->Book->saveFor = 2; $this->Book->saveFor = array(2, 5); // for multiple lowest keys $this->Book->create(); $this->Book->save($data); ``` Assuming the key hierarchy is as illustrated: ``` /* * 1 (root) => 2 => 9 * 3 (root) => 4 => 5 **/ $this->Book->saveFor = 2; // would provide access to keys with IDs: 2 and 1 (its ancestors), but not 3 (even though it is a root key) $this->Book->saveFor = array(2, 5); // would provide access to keys with IDs: 2, 1; and 5, 4, 3. ``` 4. To query a secured document model, you would have to provide either the unencrypted private key that has privileged access to the document, or the password to the encrypted private key that has privileged access to the document. ``` // Specifying unencrypted private key in PEM encoded format, including header and footer. $this->Book->requestAs = array('id' => 2, 'unencrypted_key' => 'PEM_ENCODED_UNENCRYPTED_PRIVATE_KEY'; // or, the password to an encrypted private key in `keys` table $this->Book->requestAs = array('id' => 23, 'password' => 'PASSWORD_TO_DECRYPT_PVT_KEY'); // if private key is stored unencrypted in database (not recommended), id is all that is required. $this->Book->requestAs = array('id' => 23); $this->Book->find('first', array( 'conditons' => array('Book.id' => 2) )); // If the supplied private key has privileged access to the document, unencrypted document fields would be returned normally just like a normal database fields. // Otherwise, only database fields would be returned encrypted. ``` Notes ----- [](#notes) 1. It is highly recommended to not store private keys unencrypted at the database. ### Health Score 21 — LowBetter than 19% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity7 Limited adoption so far Community9 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/ca43d6660f6aa87d6a5fa860d8038767fc958cd01aa2a7af068409501b4399f7?d=identicon)[uzyn](/maintainers/uzyn) --- Top Contributors [![uzyn](https://avatars.githubusercontent.com/u/280505?v=4)](https://github.com/uzyn "uzyn (63 commits)") --- Tags cakecakephplapislapis-pluginsecurity ### Embed Badge ![Health badge](/badges/intersective-lapis/health.svg) ``` [![Health](https://phpackages.com/badges/intersective-lapis/health.svg)](https://phpackages.com/packages/intersective-lapis) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)