PHPackages richardstyles/eloquentencryption - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Database & ORM](/categories/database) 4. / 5. richardstyles/eloquentencryption ActiveLibrary[Database & ORM](/categories/database) richardstyles/eloquentencryption ================================ Allow Eloquent attributes to be encrypted and decrypted using a RSA 4096-bit private keys. v4.0.0(2mo ago)10714.4k↓31.6%18[2 PRs](https://github.com/RichardStyles/EloquentEncryption/pulls)MITPHPPHP ^8.2|^8.3|^8.4|^8.5CI passing Since Oct 25Pushed 1mo ago4 watchersCompare [ Source](https://github.com/RichardStyles/EloquentEncryption)[ Packagist](https://packagist.org/packages/richardstyles/eloquentencryption)[ Docs](https://github.com/richardstyles/eloquentencryption)[ RSS](/packages/richardstyles-eloquentencryption/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (8)Versions (23)Used By (0) Eloquent Encryption =================== [](#eloquent-encryption) This package enables an additional layer of security when handling sensitive data. Allowing key fields of your eloquent models in the database to be encrypted at rest. [![Latest Version on Packagist](https://camo.githubusercontent.com/8cc6950f78baaa1618fcca3dd1378b10bbb941efa5505a30c5e16457157a7067/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f726963686172647374796c65732f656c6f7175656e74656e6372797074696f6e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/richardstyles/eloquentencryption)[![Build Status](https://camo.githubusercontent.com/d7ced47224e20551ef157af669a1166160ad701ac884454252809d3e7c2b8469/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f726963686172647374796c65732f656c6f7175656e74656e6372797074696f6e2f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.org/richardstyles/eloquentencryption)[![Quality Score](https://camo.githubusercontent.com/4a7d4ec0dbe8451f0d91f6237fee3caa783ecb479cb5eee973e7ae8728bcc2aa/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f726963686172647374796c65732f656c6f7175656e74656e6372797074696f6e2e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/richardstyles/eloquentencryption)[![Total Downloads](https://camo.githubusercontent.com/09632940bd42f1f9e22129b71309a2c91a9336d90cc396824ae929332fa33bfd/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f726963686172647374796c65732f656c6f7175656e74656e6372797074696f6e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/richardstyles/eloquentencryption) > **🎉 Version 4.x is now available!** > > **Requirements:** Laravel 12-13 | PHP 8.2+ | phpseclib v3 > > **⚠️ Breaking Change:** This version requires Laravel 12+ and PHP 8.2+. For older versions, use [v3.x](https://github.com/RichardStyles/EloquentEncryption/tree/3.x). > > [See upgrade guide](#upgrading) for migration instructions. Introduction ------------ [](#introduction) This open source package fulfils the need of encrypting selected model data in your database whilst allowing your app:key to be rotated. When needing to store private details this package allows for greater security than the default Laravel encrypter. The package supports two encryption methods: - **RSA Encryption**: Uses 4096-bit asymmetric keys providing robust security for encrypting sensitive data fields with public-key cryptography. - **X25519 Encryption**: Leverages modern Curve25519 elliptic curve cryptography for faster performance while maintaining strong security guarantees. Both methods use Laravel model casting to dynamically encrypt and decrypt key fields. Usually, you would use [Laravel's Encrypter](https://laravel.com/docs/12.x/encryption) to encrypt the data, but this has the limitation of using the `app:key` as the private secret. As the app key also secures session/cookie data, it is [advised that you rotate this every so often](https://tighten.co/blog/app-key-and-you/) - if you're storing encrypted data using this method you have to decrypt it all first and re-encrypt whenever this is done. Therefore this package improves on this by creating a separate and stronger encryption process allowing you to rotate the app:key. This allows for a level of security of sensitive model data within your Laravel application and your database. If you don't want to use RSA keys, then I have another package [Eloquent AES](https://github.com/RichardStyles/eloquent-aes) which uses a separate key `eloquent_key` to encrypt using AES-256-CBC. Requirements ------------ [](#requirements) ### Version 4.x (Current) [](#version-4x-current) RequirementVersion**PHP**8.2, 8.3, 8.4, or 8.5**Laravel**12.x or 13.x**phpseclib**v3.0+### Older Laravel/PHP Versions? [](#older-laravelphp-versions) If you're using an older version of Laravel or PHP, use version 3.x instead: ``` composer require richardstyles/eloquentencryption:^3.0 ``` **Version 3.x supports:** - Laravel 8.x, 9.x, 10.x, 11.x - PHP 8.0, 8.1, 8.2, 8.3 Installation ------------ [](#installation) Install the package via composer: ``` composer require richardstyles/eloquentencryption ``` You do not need to register the ServiceProvider as this package uses Laravel Package auto discovery. The Migration blueprint helpers are added using macros, so do not affect the schema files. The configuration can be published using this command, if you need to change the RSA key size, storage path and key file names. ``` php artisan vendor:publish --provider="RichardStyles\EloquentEncryption\EloquentEncryptionServiceProvider" --tag="config" ``` In order to encrypt and decrypt data you need to generate RSA keys for this package. By default, this will create 4096-bit RSA keys to your `storage/` directory. **Do not add these to version control** and backup accordingly. ``` php artisan encrypt:generate ``` ### ⚠️ **If you re-run this command, you will lose access to any encrypted data** ⚠️ [](#️--if-you-re-run-this-command-you-will-lose-access-to-any-encrypted-data-️) Quick Start Checklist --------------------- [](#quick-start-checklist) After installation, follow these steps to get started: 1. ✅ **Generate RSA Keys**: Run `php artisan encrypt:generate` 2. ✅ **Configure Model Encryption**: Add `Model::encryptUsing(new EloquentEncryption())` to `AppServiceProvider::boot()` (see [Usage](#usage)) 3. ✅ **Add Encrypted Columns**: Use the `$table->encrypted('field_name')` helper in migrations 4. ✅ **Cast Model Attributes**: Add `'field_name' => 'encrypted'` to your model's `$casts` array 5. ✅ **Backup Your Keys**: Ensure RSA keys in `storage/` are backed up securely and excluded from version control --- Migration Helpers ----------------- [](#migration-helpers) There is a helper function to define your encrypted fields in your migrations. There is nothing special needed for this to function, simply declare a `encrypted` column type in your migration files. This just creates a `binary`/`blob` column to hold the encrypted data. Using this helper indicates that the field is encrypted when looking through your migrations. ``` Schema::create('sales_notes', function (Blueprint $table) { $table->increments('id'); $table->encrypted('private_data'); $table->encrypted('optional_private_data')->nullable(); $table->timestamps(); }); ``` You can use any additional blueprint helpers, such as `->nullable()` if there is no initial data to encrypt. It is advised that `->index()` shouldn't normally be placed on these binary fields as you should not be querying against these, given they are encrypted. Usage ----- [](#usage) ### Step 1: Configure the Encrypter (Required) [](#step-1-configure-the-encrypter-required) Laravel provides the `Model::encryptUsing()` static method on the base Eloquent Model. This allows the built-in encrypted casting to use any `Illuminate\Contracts\Encryption\Encrypter` implementation - including this package's RSA encryption. Add the following to your `App\Providers\AppServiceProvider.php` in the `boot()` method: ```