PHPackages langleyfoxall/laravel-redacted-model - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. langleyfoxall/laravel-redacted-model ActiveLibrary[Security](/categories/security) langleyfoxall/laravel-redacted-model ==================================== Laravel Redacted Model allows you to easily dynamically omit and redact fields from Laravel Models 1.2.0(7y ago)7211LGPL-3.0-onlyPHPPHP ^7.0.0 Since Feb 19Pushed 7y ago1 watchersCompare [ Source](https://github.com/langleyfoxall/laravel-redacted-model)[ Packagist](https://packagist.org/packages/langleyfoxall/laravel-redacted-model)[ RSS](/packages/langleyfoxall-laravel-redacted-model/feed)WikiDiscussions master Synced today READMEChangelog (3)Dependencies (2)Versions (4)Used By (0) Laravel Redacted Model ====================== [](#laravel-redacted-model) [![Packagist](https://camo.githubusercontent.com/21620674816703cb9ba0b6a82e649ca873987aeda85eb5f9c9b7404637af25d4/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6c616e676c6579666f78616c6c2f6c61726176656c2d72656461637465642d6d6f64656c2e737667)](https://packagist.org/packages/langleyfoxall/laravel-redacted-model/stats) Laravel Redacted Model makes it easier to hide or modify fields on a model based on given conditions in order to reduce data leakage in Laravel applications. Installation ------------ [](#installation) Laravel Redacted Model can be installed using composer. Run the following command in your project. ``` composer require langleyfoxall/laravel-redacted-model ``` If you have never used the Composer dependency manager before, head to the [Composer website](https://getcomposer.org/) for more information on how to get started. Usage ===== [](#usage) To redact fields simply extend `RedactedModel` in your model and set the `redacted` variable to an array of the fields you want to protect. By default when accesed these fields will return `[Hidden Data]`. ``` class SensitiveModel extends RedactedModel { protected $redacted = ['name']; } ``` ### Conditionally redacting data [](#conditionally-redacting-data) To conditionally redact fields override `shouldRedactField` on your model. The name of the field will be passed into this method. This will return true by default until you override it. *Note: Only fields specified in `$redacted` will be redacted regardless of what's returned from this method.* ``` class SensitiveModel extends RedactedModel { protected $redacted = ['name']; public function shouldRedactField($key) { return !\Auth::user()->canSeeSensitiveFields(); } } ``` ### Changing the default redacted string [](#changing-the-default-redacted-string) To change the message returned you can set the `redactedString` on your model. This will then be returned instead of `[Hidden Data]`. ``` class SensitiveModel extends RedactedModel { protected $redacted = ['name']; protected $redactedString = '[Top Secret]'; } ``` ### Hiding fields instead of redacting them [](#hiding-fields-instead-of-redacting-them) If you want to completely omit the field instead of redacting it you can set the `redact` variable on your model to false. *Note: If `redactKeys` is set to true, when the model is serialised the keys of redacted fields will also be omitted.* ``` class SensitiveModel extends RedactedModel { protected $redacted = ['name']; protected $redact = false; } ``` By default the array key of fields that return `null` and are in the redacted fields list will too be omitted in case the field name is Sensitive. To disable this set `$redactKeys` to false on your model. ``` class SensitiveModel extends RedactedModel { protected $redacted = ['name']; protected $redactKeys = false; } ``` ### Redacted value accessors [](#redacted-value-accessors) Accesors can be used to define the value of specific fields if they're redacted. Redacted value accessors are defined the same way as [Laravel Accessors](https://laravel.com/docs/5.7/eloquent-mutators#accessors-and-mutators) but ending in `RedactedValue` instead of `Accessor`. The original value is passed into the method, this allows you to abstract the value instead of omitting or redacting it. For example if instead of returning the name from the model you want to only return the first and last letter: ``` class SensitiveModel extends RedactedModel { protected $redacted = ['name']; public function getNameRedactedValue($value) { return subStr($value, 0, 1).'***'.subStr($value, -1 ,1); } } ... $instanceOfRedactedModel->name // Returns K***y instead of Kathryn Janeway ``` ### Overriding the default redacted value [](#overriding-the-default-redacted-value) By default redacted values will be returned as `[Hidden Value]` or `null` depending on the value of `$redacted`. You can bypass this by overriding `defaultRedactedValue` on the model. This is useful if you want to derive the redacted value from the original value, as the field name and original value are passed into it. For example if you want to replace all characters with stars: ``` class SensitiveModel extends RedactedModel { protected $redacted = ['name']; public function defaultRedactedValue($key, $value) { return str_repeat("*", strlen($value)); } } ... $instanceOfRedactedModel->name // Returns ********** instead of Section 31 ``` ### Enabling and disabling protection [](#enabling-and-disabling-protection) If you want to temporarily disable field redaction or omission you can call `disableProtection()` on the model to disable protection and `enableProtection()` to re-enable it. This has to be used on a per-instance basis. ``` class SensitiveModel extends RedactedModel { protected $redacted = ['name']; } ... $instanceOfRedactedModel->name // Returns [Hidden Data] $instanceOfRedactedModel->disableProtection(); $instanceOfRedactedModel->name // Returns Reginald Barclay ``` Changing the redacted fields ============================ [](#changing-the-redacted-fields) If you want to change or add to the redacted fields of a model after it has been instantiated you can call the `setRedacted` method on the model. If you call it with an array as the parameter the `redacted` variable will be overridden but anything else will be appended to the existing array. ### Health Score 28 — LowBetter than 54% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity16 Limited adoption so far Community7 Small or concentrated contributor base Maturity57 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~2 days Total 3 Last Release 2635d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/244b9a2f91a7a41cb432c5ed8024f23d29630b250b8a217a6410306236ff5914?d=identicon)[NilesB](/maintainers/NilesB) --- Top Contributors [![NilesB](https://avatars.githubusercontent.com/u/7305403?v=4)](https://github.com/NilesB "NilesB (16 commits)") --- Tags hiddenhidelaravelmodelmodelsobfuscatephpredactsecuritylaravelsecuritymodelhiddenhidecensorredactredacted ### Embed Badge ![Health badge](/badges/langleyfoxall-laravel-redacted-model/health.svg) ``` [![Health](https://phpackages.com/badges/langleyfoxall-laravel-redacted-model/health.svg)](https://phpackages.com/packages/langleyfoxall-laravel-redacted-model) ``` ### Alternatives [tzsk/otp A secure, database-free One-Time Password (OTP) generator and verifier for PHP and Laravel. 241641.4k1](/packages/tzsk-otp)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden)[ercsctt/laravel-file-encryption Secure file encryption and decryption for Laravel applications 642.6k](/packages/ercsctt-laravel-file-encryption) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)