PHPackages                             mcordingley/laravel-sapient - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [API Development](/categories/api)
4. /
5. mcordingley/laravel-sapient

AbandonedArchivedLibrary[API Development](/categories/api)

mcordingley/laravel-sapient
===========================

Sapient Integration for Laravel

1.2.0(6y ago)13592MITPHP

Since Jun 25Pushed 6y ago1 watchersCompare

[ Source](https://github.com/mcordingley/LaravelSapient)[ Packagist](https://packagist.org/packages/mcordingley/laravel-sapient)[ RSS](/packages/mcordingley-laravel-sapient/feed)WikiDiscussions master Synced 2w ago

READMEChangelog (8)Dependencies (11)Versions (9)Used By (0)

Laravel Sapient
===============

[](#laravel-sapient)

[Sapient](https://github.com/paragonie/sapient)-compatible bindings for Laravel.

Installation
------------

[](#installation)

Install via composer with `composer require mcordingley/laravel-sapient` and then add `MCordingley\LaravelSapient\SapientServiceProvider::class` to your `app.php` configuration file. Then, publish the configuration file with `php artisan vendor:publish`. After publishing the configuration, you'll need to generate keys for the functions that you intend to use.

Generating Keys
---------------

[](#generating-keys)

For sealing responses and unsealing requests, run `php artisan sapient:generate:seal:pair`. Signing and verifying with a shared key needs `php artisan sapient:generate:shared:authentication`. `php artisan sapient:generate:shared:encryption`generates a shared key for encryption and decryption. Finally, `php artisan sapient:generate:sign:pair` will create keys for signing responses and verifying requests.

Using the Middleware
--------------------

[](#using-the-middleware)

This library exposes middleware to perform its various functions, but does not prescribe where to use them. You will need to place them where they best make sense in the scope of your own project. There are a few restrictions on where the middlware can meaningfully be placed.

`SharedVerifyRequest` and `VerifyRequest` should be run as early as possible, before anything that depends on the incoming request processes. If the request does not contain a Message Authentication Code (MAC) in its headers or contains an invalid one, these will abort the request.

`SharedDecryptRequest` and `UnsealRequest` should be run after the middleware that verify MACs, but before anything that depends on the content of the request body.

`SharedEncryptResponse` and `SealResponse`should be run as the last middleware that modify the request body, as these lock the body contents.

`SharedAuthenticateResponse` and `SignResponse` should only run after the response body is done being modified. This includes any middleware here that performs encryption. Otherwise, their signatures will be invalid. They will each add a header to the response containing a MAC for the response body.

Middleware With Additional Requirements
---------------------------------------

[](#middleware-with-additional-requirements)

`VerifyRequest` and `SealResponse` depend on the public keys of the client making the request. Since which key is needed and where the keys are stored can vary, these middleware cannot directly resolve the keys that they need from Laravel's container. You will have to provide the logic to return the appropriate public keys.

Create an implementation of `MCordingley\LaravelSapient\KeyResolver\Resolver` that resolves the Base64UrlSafe-encoded public key needed and register it into Laravel's container with contextual binding. In one of your service providers, this may look like:

```
$this->app->when(MCordingley\LaravelSapient\Middleware\VerifyRequest::class)
    ->needs(MCordingley\LaravelSapient\KeyResolver\Resolver::class)
    ->give(Your\Implementation::class);

```

`UserResolver` is provided to cover the common case where keys are stored directly on the incoming request's `User`object. Simply provide it with the property name where the key is stored and register it into Laravel's container. For example:

```
$this->app->when(MCordingley\LaravelSapient\Middleware\SealResponse::class)
    ->needs(MCordingley\LaravelSapient\KeyResolver\Resolver::class)
    ->give(function () {
        return new MCordingley\LaravelSapient\KeyResolver\UserResolver('sealing_public_key');
    });

```

`StaticResolver` is also provided. It will resolve whatever key is passed into its constructor. It exists primarily for testing purposes, but may be of use in niche circumstances or if you want to place key-resolution logic directly into your service provider.

Using Your Stored Keys With Sapient
-----------------------------------

[](#using-your-stored-keys-with-sapient)

If your project is also using Sapient for creating requests to other servers and processing their responses, you can and should use your generated keys with it. Simply use Laravel's container to resolve Sapient's cryptography key objects. They will be loaded with your keys from your configuration.

###  Health Score

32

—

LowBetter than 69% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity17

Limited adoption so far

Community12

Small or concentrated contributor base

Maturity68

Established project with proven stability

 Bus Factor1

Top contributor holds 91.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~125 days

Recently: every ~217 days

Total

8

Last Release

2418d ago

Major Versions

v0.9.2 → v1.0.02017-06-29

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/1084253?v=4)[Michael Cordingley](/maintainers/mcordingley)[@mcordingley](https://github.com/mcordingley)

---

Top Contributors

[![mcordingley](https://avatars.githubusercontent.com/u/1084253?v=4)](https://github.com/mcordingley "mcordingley (65 commits)")[![AlexECP](https://avatars.githubusercontent.com/u/4592827?v=4)](https://github.com/AlexECP "AlexECP (4 commits)")[![apreiml](https://avatars.githubusercontent.com/u/350183?v=4)](https://github.com/apreiml "apreiml (2 commits)")

---

Tags

cryptographylaravel-packagephp

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/mcordingley-laravel-sapient/health.svg)

```
[![Health](https://phpackages.com/badges/mcordingley-laravel-sapient/health.svg)](https://phpackages.com/packages/mcordingley-laravel-sapient)
```

###  Alternatives

[larastan/larastan

Larastan - Discover bugs in your code without running it. A phpstan/phpstan extension for Laravel

6.4k51.0M7.8k](/packages/larastan-larastan)[spatie/laravel-export

Create a static site bundle from a Laravel app

673139.5k6](/packages/spatie-laravel-export)[laravel/passport

Laravel Passport provides OAuth2 server support to Laravel.

3.4k89.4M579](/packages/laravel-passport)[psalm/plugin-laravel

Psalm plugin for Laravel

3345.1M337](/packages/psalm-plugin-laravel)[laravel/mcp

Rapidly build MCP servers for your Laravel applications.

77018.2M127](/packages/laravel-mcp)[laravel/ai

The official AI SDK for Laravel.

1.0k2.1M169](/packages/laravel-ai)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
