PHPackages                             richardstyles/eloquent-aes - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. richardstyles/eloquent-aes

ActiveLibrary[Security](/categories/security)

richardstyles/eloquent-aes
==========================

A Laravel Eloquent package to allow for model attribute encryption, using a seperate key

v3.0.0(2mo ago)3437.0k↓28.6%19[1 PRs](https://github.com/RichardStyles/eloquent-aes/pulls)MITPHPPHP ^8.2|^8.3|^8.4|^8.5CI passing

Since Oct 28Pushed 2mo ago3 watchersCompare

[ Source](https://github.com/RichardStyles/eloquent-aes)[ Packagist](https://packagist.org/packages/richardstyles/eloquent-aes)[ RSS](/packages/richardstyles-eloquent-aes/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (9)Dependencies (6)Versions (15)Used By (0)

Eloquent AES
============

[](#eloquent-aes)

This package enables an additional layer of security when handling sensitive data. Allowing key fields of your eloquent models in the database to be encrypted at rest using AES-256-CBC.

[![Latest Version on Packagist](https://camo.githubusercontent.com/5a34f391106543c5d5981603248e67c1cf86cd5f0c88e6bbb02948c1f9d024b7/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f726963686172647374796c65732f656c6f7175656e742d6165732e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/richardstyles/eloquent-aes)[![Quality Score](https://camo.githubusercontent.com/fdefa16a39ae80f3e411a662f390e82f243ed476d15e3ef82d9717b1e6e552d4/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f726963686172647374796c65732f656c6f7175656e742d6165732e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/richardstyles/eloquent-aes)[![Total Downloads](https://camo.githubusercontent.com/d3975c390bad9412955783f8e255a2568b286b8733f1bdcd12c56aad2c1c40e8/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f726963686172647374796c65732f656c6f7175656e742d6165732e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/richardstyles/eloquent-aes)

Introduction
------------

[](#introduction)

This package allows for your Eloquent Encryption to be encrypted using a different AES-256-CBC key. This allows for your regular app:key to be [rotated](https://tighten.com/blog/app-key-and-you/). If you're looking for 4096-RSA encruption then this package [RichardStyles/EloquentEncryption](https://github.com/RichardStyles/EloquentEncryption)

Installation
------------

[](#installation)

This package requires Laravel 12.x or higher.

You can install the package via composer:

```
composer require richardstyles/eloquent-aes
```

If you wish to change the key cipher then you will need to publish the config.

```
php artisan vendor:publish --provider="RichardStyles\EloquentAES\EloquentAESServiceProvider" --tag="config"
```

To create an Eloquent encryption key, just as you would an app key. This will automatically add to the bottom of your `.env` file.

```
php artisan key:eloquent
```

### ⚠️ Please don't forget to back up your eloquent key

[](#️-please-dont-forget-to-back-up-your-eloquent-key)

If you re-run this command, you will lose access to any encrypted data!

Graceful Key Rotation
---------------------

[](#graceful-key-rotation)

Laravel 11+ introduced graceful encryption key rotation, and this package extends that feature! When rotating your encryption key, you can specify your previous keys to maintain access to data encrypted with old keys.

### Setting Up Previous Keys

[](#setting-up-previous-keys)

Add your previous encryption keys to your `.env` file as a comma-separated list:

```
ELOQUENT_KEY="base64:J63qRTDLub5NuZvP+kb8YIorGS6qFYHKVo6u7179stY="
ELOQUENT_PREVIOUS_KEYS="base64:2nLsGFGzyoae2ax3EF2Lyq/hH6QghBGLIq5uL+Gp8/w=,base64:oldkey123..."
```

### How It Works

[](#how-it-works)

- **Encryption**: Always uses the current `ELOQUENT_KEY`
- **Decryption**: Tries the current key first, then falls back to previous keys in order
- **No Downtime**: Users can access data encrypted with any key during rotation

This allows you to rotate your encryption keys without disrupting your users or losing access to encrypted data!

Usage
-----

[](#usage)

This package leverages Laravel's own [custom casting](https://laravel.com/docs/12.x/eloquent-mutators#custom-casts) to encode/decode values.

```