PHPackages involix/laravel-database-encryption - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Database & ORM](/categories/database) 4. / 5. involix/laravel-database-encryption ActiveLibrary[Database & ORM](/categories/database) involix/laravel-database-encryption =================================== A package for automatically encrypting and decrypting Eloquent attributes in Laravel 5.5+, based on configuration settings. 0.1.2(8y ago)02MITPHPPHP >=7.1.0 Since Dec 14Pushed 8y ago1 watchersCompare [ Source](https://github.com/involix/laravel-database-encryption)[ Packagist](https://packagist.org/packages/involix/laravel-database-encryption)[ Docs](https://github.com/austinheap/laravel-database-encryption)[ RSS](/packages/involix-laravel-database-encryption/feed)WikiDiscussions master Synced 2mo ago READMEChangelog (1)Dependencies (6)Versions (3)Used By (0) Laravel 5.5+ Database Encryption Package ======================================== [](#laravel-55-database-encryption-package) [![laravel-database-encryption banner from the documentation](docs/img/banner-1544x500.png?raw=true)](docs/img/banner-1544x500.png?raw=true) [![License](https://camo.githubusercontent.com/efd2ee0c2fc1b92e3c0f92203d76bf5206e5f6ff0127c0b4924b152961ac86cf/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f61757374696e686561702f6c61726176656c2d64617461626173652d656e6372797074696f6e2e737667)](https://github.com/austinheap/laravel-database-encryption/blob/master/LICENSE.md)[![Current Release](https://camo.githubusercontent.com/43ebdeefd6ec2e479ba7f00e1401537972a3aa89a465cd5a1586ed07b50bf803/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f72656c656173652f61757374696e686561702f6c61726176656c2d64617461626173652d656e6372797074696f6e2e737667)](https://github.com/austinheap/laravel-database-encryption/releases)[![Total Downloads](https://camo.githubusercontent.com/bc3dae2d8a5d4748bf29e894ff630533cae7b911173447b2caee4230e3e18863/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f61757374696e686561702f6c61726176656c2d64617461626173652d656e6372797074696f6e2e737667)](https://packagist.org/packages/austinheap/laravel-database-encryption)[![Build Status](https://camo.githubusercontent.com/dd0391e36b9211ccd7a1f1d761abd01bdcb590c87934afa8c0f708da237b613e/68747470733a2f2f7472617669732d63692e6f72672f61757374696e686561702f6c61726176656c2d64617461626173652d656e6372797074696f6e2e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/austinheap/laravel-database-encryption)[![Dependency Status](https://camo.githubusercontent.com/a5514e8f7307d67dfe902680681c60469afcf2e018e9c53a0ce09d6eec5e9f9a/68747470733a2f2f67656d6e617369756d2e636f6d2f6261646765732f6769746875622e636f6d2f61757374696e686561702f6c61726176656c2d64617461626173652d656e6372797074696f6e2e737667)](https://gemnasium.com/github.com/austinheap/laravel-database-encryption)[![Scrutinizer CI](https://camo.githubusercontent.com/4e0a88932d5d1e42eb667f4dad718bc93e2d53e38a6b87149a7638f9607ba73a/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f61757374696e686561702f6c61726176656c2d64617461626173652d656e6372797074696f6e2f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/austinheap/laravel-database-encryption/)[![StyleCI](https://camo.githubusercontent.com/a3fa0e99d7202e3d7576701007abf0dded4b7cba612d9e0b2d7bfa5fd334398c/68747470733a2f2f7374796c6563692e696f2f7265706f732f3131333932393536392f736869656c643f6272616e63683d6d6173746572)](https://styleci.io/repos/113929569)[![Maintainability](https://camo.githubusercontent.com/41b2f311979d5c4ad1ea3069c0d7c90dd2e44b94b7b3a6d43b823849194b2a4e/68747470733a2f2f6170692e636f6465636c696d6174652e636f6d2f76312f6261646765732f61363364656461393933383338353263373339622f6d61696e7461696e6162696c697479)](https://codeclimate.com/github/austinheap/laravel-database-encryption/maintainability)[![Test Coverage](https://camo.githubusercontent.com/7312d2c955e9a5e93189390c14bf51ccbd5683c2b2f7b1360ed25f71a019681b/68747470733a2f2f6170692e636f6465636c696d6174652e636f6d2f76312f6261646765732f61363364656461393933383338353263373339622f746573745f636f766572616765)](https://codeclimate.com/github/austinheap/laravel-database-encryption/test_coverage) A package for automatically encrypting and decrypting Eloquent attributes in Laravel 5.5+, based on configuration settings. --------------------------------------------------------------------------------------------------------------------------- [](#a-package-for-automatically-encrypting-and-decrypting-eloquent-attributes-in-laravel-55-based-on-configuration-settings) The purpose of this project is to create a set-it-and-forget-it package that can be installed without much effort to encrypt and decrypt Eloquent model attributes stored in your database tables, transparently. It is therefore highly opinionated but built for configuration. When enabled, it automagically begins encrypting data as it is stored in the model attributes and decrypting data as it is recalled from the model attributes. All data that is encrypted is prefixed with a header so that encrypted data can be easily identified, encryption keys rotated, and (optionally) versioning of the encrypted data format itself. This supports columns that store either encrypted or non-encrypted data to make migration easier. Data can be read from columns correctly regardless of whether it is encrypted or not but will be automatically encrypted when it is saved back into those columns. Standard Laravel Eloquent features like attribute casting will continue to work as normal, even if the underlying values stored in the database are encrypted by this package. There is [documentation for `laravel-database-encryption` online](https://austinheap.github.io/laravel-database-encryption/), the source of which is in the [`docs/`](https://github.com/austinheap/laravel-database-encryption/tree/master/docs)directory. The most logical place to start are the [docs for the `HasEncryptedAttributes` trait](https://austinheap.github.io/laravel-database-encryption/classes/AustinHeap.Database.Encryption.Traits.HasEncryptedAttributes.html). Table of Contents ----------------- [](#table-of-contents) - [Summary](#a-package-for-automatically-encrypting-and-decrypting-eloquent-attributes-in-laravel-55-based-on-configuration-settings) - [Requirements](#requirements) - [Schemas](#schemas) - [Installation](#installation) - [Step 1: Composer](#step-1-composer) - [Step 2: Enable the package (Optional)](#step-2-enable-the-package-optional) - [Step 3: Configure the package](#step-3-configure-the-package) - [Usage](#usage) - [Keys and IVs](#keys-and-ivs) - [Unit Tests](#unit-tests) - [Overrides](#overrides) - [FAQ](#faq) - [Can I manually encrypt or decrypt arbitrary data?](#can-i-manually-encrypt-or-decrypt-arbitrary-data) - [Can I search encrypted data?](#can-i-search-encrypted-data) - [Can I encrypt all my `User` model data?](#can-i-encrypt-all-my-user-model-data) - [Is this package compatible with elocryptfive out-of-the-box?](#is-this-package-compatible-with-elocryptfive-out-of-the-box) - [Implementations](#implementations) - [Credits](#credits) - [Contributing](#contributing) - [License](#license) Requirements ------------ [](#requirements) - Laravel 5.5.\* - PHP >= 7.1.0 - PHP [OpenSSL extension](http://php.net/manual/en/book.openssl.php) Schemas ------- [](#schemas) Encrypted values are usually longer than plain text values, sometimes much longer. You may find that the column widths in your database tables need to be altered to store the encrypted values generated by this package. If you are encrypting long strings such as JSON blobs then the encrypted values may be longer than a `VARCHAR` field can support, and you will need to alter your column types to `TEXT` or `LONGTEXT`. The FAQ contains [migration instructions if you are moving from elocryptfive](#is-this-package-compatible-with-elocryptfive-out-of-the-box). Installation ------------ [](#installation) ### Step 1: Composer [](#step-1-composer) Via Composer command line: ``` $ composer require austinheap/laravel-database-encryption ``` Or add the package to your `composer.json`: ``` { "require": { "austinheap/laravel-database-encryption": "0.1.0" } } ``` ### Step 2: Enable the package (Optional) [](#step-2-enable-the-package-optional) This package implements Laravel 5.5's auto-discovery feature. After you install it the package provider and facade are added automatically. If you would like to declare the provider and/or alias explicitly, you may do so by first adding the service provider to your `config/app.php` file: ``` 'providers' => [ // AustinHeap\Database\Encryption\EncryptionServiceProvider::class, ]; ``` And then add the alias to your `config/app.php` file: ``` 'aliases' => [ // 'DatabaseEncryption' => AustinHeap\Database\EncryptionFacade::class, ]; ``` ### Step 3: Configure the package [](#step-3-configure-the-package) Publish the package config file: ``` $ php artisan vendor:publish --provider="AustinHeap\Database\Encryption\EncryptionServiceProvider" ``` You may now enable automagic encryption and decryption of Eloquent models by editing the `config/database-encryption.php` file: ``` return [ 'enabled' => env('DB_ENCRYPTION_ENABLED', true), ]; ``` Or simply setting the the `DB_ENCRYPTION_ENABLED` environment variable to true, via the Laravel `.env` file or hosting environment. ``` DB_ENCRYPTION_ENABLED=true ``` Usage ----- [](#usage) Use the `HasEncryptedAttributes` trait in any Eloquent model that you wish to apply encryption to and define a `protected $encrypted` array containing a list of the attributes to encrypt. For example: ``` use AustinHeap\Database\Encryption\Traits\HasEncryptedAttributes; class User extends Eloquent { use HasEncryptedAttributes; /** * The attributes that should be encrypted on save. * * @var array */ protected $encrypted = [ 'address_line_1', 'first_name', 'last_name', 'postcode' ]; } ``` You can combine `$casts` and `$encrypted` to store encrypted arrays. An array will first be converted to JSON and then encrypted. For example: ``` use AustinHeap\Database\Encryption\Traits\HasEncryptedAttributes; class User extends Eloquent { use HasEncryptedAttributes; protected $casts = ['extended_data' => 'array']; protected $encrypted = ['extended_data']; } ``` By including the `HasEncryptedAttributes` trait, the `setAttribute()` and `getAttributeFromArray()`methods provided by Eloquent are overridden to include an additional step. This additional step simply checks whether the attribute being accessed via setter/getter is included in the `$encrypted`array on the model, and then encrypts or decrypts it accordingly. Keys and IVs ------------ [](#keys-and-ivs) The key and encryption algorithm used is the default Laravel `Encrypter` service, and configured in your `config/app.php`: ``` 'key' => env('APP_KEY', 'SomeRandomString'), 'cipher' => 'AES-256-CBC', ``` If you're using `AES-256-CBC` as the cipher for encrypting data, use the built in command to generate your application key if you haven't already with `php artisan key:generate`. If you are encrypting longer data, you may want to consider the `AES-256-CBC-HMAC-SHA1` cipher. The IV for encryption is randomly generated and cannot be set. Unit Tests ---------- [](#unit-tests) This package has aggressive unit tests built with the wonderful [orchestral/testbench](https://github.com/orchestral/testbench)package which is built on top of PHPUnit. A MySQL server required for execution of unit tests. There are [code coverage reports for `laravel-database-encryption`](https://austinheap.github.io/laravel-database-encryption/coverage/)available online. Overrides --------- [](#overrides) The following Laravel 5.5 methods from Eloquent are affected by this trait. - `constructor()` -- calls `fill()`. - `fill()` -- calls `setAttribute()` which has been extended to encrypt the data. - `hydrate()` -- TBD. - `create()` -- calls `constructor()` and hence `fill()`. - `firstOrCreate()` -- calls `constructor()`. - `firstOrNew()` -- calls `constructor()`. - `updateOrCreate()` -- calls `fill()`. - `update()` -- calls `fill()`. - `toArray()` -- calls `attributesToArray()`. - `jsonSerialize()` -- calls `toArray()`. - `toJson()` -- calls `toArray()`. - `attributesToArray()` -- calls `getArrayableAttributes()`. - `getAttribute()` -- calls `getAttributeValue()`. - `getAttributeValue()` -- calls `getAttributeFromArray()`. - `getAttributeFromArray()` -- calls `getArrayableAttributes()`. - `getArrayableAttributes()` -- extended to decrypt data. - `setAttribute()` -- extended to encrypt data. - `getAttributes()` -- extended to decrypt data. - `castAttribute()` -- extended to cast encrypted data. - `isDirty()` -- extended to recognize encrypted data. FAQ --- [](#faq) ### Can I manually encrypt or decrypt arbitrary data? [](#can-i-manually-encrypt-or-decrypt-arbitrary-data) Yes! You can manually encrypt or decrypt data using the `encryptedAttribute()` and `decryptedAttribute()`functions. For example: ``` $user = new User(); $encryptedEmail = $user->encryptedAttribute(Input::get('email')); ``` ### Can I search encrypted data? [](#can-i-search-encrypted-data) No! You will not be able to search on attributes which are encrypted by this package because...it is encrypted. Comparing encrypted values would require a fixed IV, which introduces security issues. If you need to search on data then either: - Leave it unencrypted, or - Hash the data and search on the hash instead of the encrypted value using a well known hash algorithm such as `SHA256`. You could store both a hashed and an encrypted value, using the hashed value for searching and retrieve the encrypted value as needed. ### Can I encrypt all my `User` model data? [](#can-i-encrypt-all-my-user-model-data) No! The same issue with searching also applies to authentication because authentication requires search. ### Is this package compatible with [elocryptfive](https://github.com/delatbabel/elocryptfive) out-of-the-box? [](#is-this-package-compatible-with-elocryptfive-out-of-the-box) No! While it *is* a (more modern) replacement, it is not compatible directly out of the box. To migrate to this package from elocryptfive, you must: 1. Decrypt all the data in your database encrypted by elocryptfive. 2. Remove any calls to elocryptfive from your models/code. 3. Remove elocryptfive from your `composer.json` and run `composer update`. 4. At this point you should have no encrypted data in your database and all calls/references, but make sure elocryptfive is completely purged. 5. Follow the installation instructions above. 6. ??? 7. Profit! A pull request for automated migrations is more than welcome but is currently out of the scope of this project's goals. Implementations --------------- [](#implementations) The following decently-trafficed sites use this package in production: - [securitytext.org - `security.txt` document registry and whois server](https://securitytext.org/) Credits ------- [](#credits) This is a fork of [delatbabel/elocryptfive](https://github.com/delatbabel/elocryptfive), which was a fork of [dtisgodsson/elocrypt](https://github.com/dtisgodsson/elocrypt), which was based on earlier work. - [delatbabel/elocryptfive Contributors](https://github.com/delatbabel/elocryptfive/graphs/contributors) - [dtisgodsson/elocrypt Contributors](https://github.com/dtisgodsson/elocrypt/graphs/contributors) Contributing ------------ [](#contributing) [Pull requests](https://github.com/austinheap/laravel-database-encryption/pulls) welcome! Please see [the contributing guide](CONTRIBUTING.md) for more information. License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 22 — LowBetter than 23% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity2 Limited adoption so far Community10 Small or concentrated contributor base Maturity49 Maturing project, gaining track record Bus Factor1 Top contributor holds 50% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~63 days Total 3 Last Release 2942d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/75191f939aee64e753855a3601c2180ba3d8242fe06139929e1a431c67fd2cda?d=identicon)[eugenecooper](/maintainers/eugenecooper) --- Top Contributors [![eugenecooper](https://avatars.githubusercontent.com/u/8261869?v=4)](https://github.com/eugenecooper "eugenecooper (9 commits)")[![austinheap](https://avatars.githubusercontent.com/u/80980?v=4)](https://github.com/austinheap "austinheap (8 commits)")[![funkjedi](https://avatars.githubusercontent.com/u/9314?v=4)](https://github.com/funkjedi "funkjedi (1 commits)") --- Tags laravelencryptionaesdatabasemodeleloquentencryptdecryptdbl5laravel5attributedatabase encryptiondecryptionlaravel-encryptioneloquent encryptioneloquent aeselocryptlaravel5 encryptionlaravel5 aeslaravel55laravel55 encryptionmodel encryptionattribute encryptionelocryptfive ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/involix-laravel-database-encryption/health.svg) ``` [![Health](https://phpackages.com/badges/involix-laravel-database-encryption/health.svg)](https://phpackages.com/packages/involix-laravel-database-encryption) ``` ### Alternatives [delatbabel/elocryptfive Automatically encrypt and decrypt Eloquent attributes with ease. 8493.0k](/packages/delatbabel-elocryptfive)[betterapp/laravel-db-encrypter Provides database model attribute encryption/decryption 365614.7k8](/packages/betterapp-laravel-db-encrypter)[dolphiq/laravel-aescrypt AES encrypt and decrypt Eloquent attributes inspired by elocryptfive 171.7k](/packages/dolphiq-laravel-aescrypt) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)