PHPackages                             isapp/statamic-sensitive-form-fields - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. isapp/statamic-sensitive-form-fields

ActiveStatamic-addon[Security](/categories/security)

isapp/statamic-sensitive-form-fields
====================================

Encrypt selected form submission fields at rest. Decrypt on read for authorized users only.

1.1.0(4mo ago)05proprietaryPHPPHP ^8.2CI passing

Since Feb 17Pushed 4mo agoCompare

[ Source](https://github.com/isap-ou/statamic-sensitive-form-fields)[ Packagist](https://packagist.org/packages/isapp/statamic-sensitive-form-fields)[ Docs](https://github.com/isapp/statamic-sensitive-form-fields)[ RSS](/packages/isapp-statamic-sensitive-form-fields/feed)WikiDiscussions main Synced today

READMEChangelog (2)Dependencies (5)Versions (6)Used By (0)

Sensitive Form Fields
=====================

[](#sensitive-form-fields)

Encrypt selected form submission fields before they are written to disk or database. Personal data — emails, phone numbers, messages — stays encrypted at rest and is decrypted at runtime only for authorized users.

---

Free vs Pro
-----------

[](#free-vs-pro)

FeatureFreeProAES-256-CBC encryption at rest✓✓Per-field "Sensitive" toggle in blueprint editor✓✓Works with Stache and Eloquent Driver✓✓Double-encryption guard✓✓Global enable/disable toggle✓✓All CP users see decrypted values✓—Role-based access control—✓Masked values for unauthorized users—✓Configurable mask string (default: `••••••`)—✓Re-key on APP\_KEY rotation—✓---

Requirements
------------

[](#requirements)

- PHP 8.2+
- Statamic 6+

Installation
------------

[](#installation)

```
composer require isapp/statamic-sensitive-form-fields
```

---

Before You Start: APP\_KEY
--------------------------

[](#before-you-start-app_key)

This addon encrypts data using Laravel's `Crypt`, which relies entirely on your application's `APP_KEY`.

**If `APP_KEY` changes, all previously encrypted submission data becomes permanently unreadable.**

There is no recovery path without the original key. Before enabling this addon on a production site:

- Confirm your `APP_KEY` is backed up securely (password manager, secrets vault)
- Never commit `.env` to version control
- If you ever need to rotate `APP_KEY`, use `sensitive-fields:rekey` (Pro) to re-encrypt submissions under the new key before traffic hits the rotated key (see [Re-key after APP\_KEY rotation](#3-pro-re-key-after-appkey-rotation))

> A lost or rotated `APP_KEY` = unrecoverable submission data. The addon logs a warning and returns raw ciphertext on decryption failure, but cannot recover data without the original key.

---

Usage
-----

[](#usage)

### 1. Mark fields as sensitive

[](#1-mark-fields-as-sensitive)

Open any form blueprint in the Control Panel. On text or textarea fields, enable **"Sensitive (encrypted at rest)"**.

From this point on, new submissions will have those field values encrypted before storage.

### 2. \[Pro\] Assign the permission

[](#2-pro-assign-the-permission)

Go to **CP → Users → Roles** and grant a permission to roles that should see plain text. Super admins always see decrypted values regardless of role.

Two permission levels are available:

- **View Decrypted Sensitive Fields** (global) — grants access to decrypted values across **all** forms. Use this for administrator roles.
- **View Decrypted Sensitive Fields** per-form — grants access to decrypted values in **one specific form** only. Each form gets its own entry in the Roles editor. Use this to give role-specific access (e.g. HR reads the job-application form but not the contact form).

Users without a matching permission see `••••••` instead of the actual value.

### 3. \[Pro\] Re-key after APP\_KEY rotation

[](#3-pro-re-key-after-app_key-rotation)

The command re-encrypts existing submissions using the **current** `APP_KEY`, so the new key must already be in place before you run it:

1. Back up the old `APP_KEY` value.
2. Set the **new** `APP_KEY` in your `.env` (and clear config cache if necessary).
3. Run the rekey command. When invoked without `--old-key`, it will prompt for the key interactively (input is hidden):

```
php artisan sensitive-fields:rekey
```

For non-interactive environments (CI/CD), pass the key via the option — but be aware it will appear in shell history and process listings:

```
php artisan sensitive-fields:rekey --old-key="base64:YOUR_OLD_APP_KEY"
```

Options:

- `--old-key` — the previous `APP_KEY` value (optional; prompted if omitted)
- `--form=` — limit to a single form
- `--dry-run` — preview without writing

> If the command reports errors for some submissions, those values could not be decrypted with the provided key and are left unchanged.

### 4. \[Pro\] Configure addon settings

[](#4-pro-configure-addon-settings)

Go to **CP → Tools → Addons → Sensitive Form Fields → Settings**:

- **Enabled** — toggle encryption on/off globally
- **Mask String** — text shown to users without the permission (default: `••••••`)

---

How It Works
------------

[](#how-it-works)

1. On form submission, a `SubmissionSaving` listener encrypts sensitive field values before they are written to storage. Encrypted values are prefixed with `enc:v1:`.
2. On read, a repository decorator processes each sensitive value:
    - **Free tier** — decrypts and returns plain text for all CP users
    - **Pro, authorized** — decrypts and returns plain text
    - **Pro, unauthorized** — returns the configured mask string
3. Values already prefixed with `enc:v1:` are never double-encrypted.
4. If decryption fails (e.g. after `APP_KEY` rotation), the raw ciphertext is returned, a warning is logged, and an error toast is shown in the CP (once per form per hour to avoid notification spam).

---

Limitations
-----------

[](#limitations)

- **Search and filtering** — encrypted values are opaque; filtering or searching on sensitive fields will not work
- **APP\_KEY rotation** — changing `APP_KEY` breaks existing encrypted data; set the new key first, then use `sensitive-fields:rekey --old-key=` (Pro) to re-encrypt (see [Re-key after APP\_KEY rotation](#3-pro-re-key-after-appkey-rotation))
- **Complex field types** — only string-based fields are encrypted; arrays, grids, and replicator fields are skipped
- **Export** — CSV and JSON exports contain decrypted or masked values based on the exporting user's permission (Pro)
- **API** — REST and GraphQL responses respect the same permission rules (Pro)

---

Changelog
---------

[](#changelog)

Release notes are published via [GitHub Releases](https://github.com/isapp/statamic-sensitive-form-fields/releases).

Version tags follow Semantic Versioning without a `v` prefix (e.g. `1.0.0`).

###  Health Score

36

—

LowBetter than 79% of packages

Maintenance75

Regular maintenance activity

Popularity4

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity51

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

136d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/9bfb1eae1e3e43813da6740e5eaa39307a95db7561c2d27e7e8aa24233cdcbeb?d=identicon)[andrii-trush](/maintainers/andrii-trush)

---

Top Contributors

[![andrii-trush](https://avatars.githubusercontent.com/u/14265776?v=4)](https://github.com/andrii-trush "andrii-trush (32 commits)")

---

Tags

securityencryptionformaddonstatamicsensitive

###  Code Quality

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/isapp-statamic-sensitive-form-fields/health.svg)

```
[![Health](https://phpackages.com/badges/isapp-statamic-sensitive-form-fields/health.svg)](https://phpackages.com/packages/isapp-statamic-sensitive-form-fields)
```

###  Alternatives

[phpseclib/phpseclib

PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc.

5.6k465.6M1.5k](/packages/phpseclib-phpseclib)[defuse/php-encryption

Secure PHP Encryption Library

3.9k175.2M254](/packages/defuse-php-encryption)[ass/xmlsecurity

The XmlSecurity library is written in PHP for working with XML Encryption and Signatures

955.7M35](/packages/ass-xmlsecurity)[nzo/url-encryptor-bundle

The NzoUrlEncryptorBundle is a Symfony Bundle used to Encrypt and Decrypt data and variables in the Web application or passed through URL

971.1M2](/packages/nzo-url-encryptor-bundle)[tilleuls/url-signer-bundle

Create and validate signed URLs with a limited lifetime in Symfony

81369.3k](/packages/tilleuls-url-signer-bundle)[marcorieser/statamic-livewire

A Laravel Livewire integration for Statamic.

23111.5k15](/packages/marcorieser-statamic-livewire)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
