PHPackages smknstd/laravel-kms-encryption - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. smknstd/laravel-kms-encryption ActiveLibrary[Security](/categories/security) smknstd/laravel-kms-encryption ============================== Replace Laravel's built-in encryption with an encryption based on AWS KMS 562[1 issues](https://github.com/smknstd/laravel-kms-encryption/issues)PHP Since Sep 11Pushed 4y ago2 watchersCompare [ Source](https://github.com/smknstd/laravel-kms-encryption)[ Packagist](https://packagist.org/packages/smknstd/laravel-kms-encryption)[ RSS](/packages/smknstd-laravel-kms-encryption/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) Laravel Kms Encryption ====================== [](#laravel-kms-encryption) [![Latest Version on Packagist](https://camo.githubusercontent.com/aa97f0b74492895e7ba999dc694f9ccdc12811a8dcb4ad83a6805588895a166c/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f736d6b6e7374642f6c61726176656c2d6b6d732d656e6372797074696f6e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/smknstd/laravel-kms-encryption)[![GitHub Tests Action Status](https://camo.githubusercontent.com/1a217328a3982ef54d3cab0cf3ae1223de3f9dee3b1a35712e8bf98f69182042/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f736d6b6e7374642f6c61726176656c2d6b6d732d656e6372797074696f6e2f72756e2d74657374733f6c6162656c3d7465737473)](https://github.com/smknstd/laravel-kms-encryption/actions?query=workflow%3Arun-tests+branch%3Amain)[![GitHub Code Style Action Status](https://camo.githubusercontent.com/097e65d81414add6b91a36e23f58595dfdf94e528be75cbfd4503bcac1ba7e7c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f736d6b6e7374642f6c61726176656c2d6b6d732d656e6372797074696f6e2f436865636b253230262532306669782532307374796c696e673f6c6162656c3d636f64652532307374796c65)](https://github.com/smknstd/laravel-kms-encryption/actions?query=workflow%3A%22Check+%26+fix+styling%22+branch%3Amain)[![Total Downloads](https://camo.githubusercontent.com/4f3711e4b900d30f3776216da8b9bd5cb24e0dbdaffb50fe2803da343db7769f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f736d6b6e7374642f6c61726176656c2d6b6d732d656e6372797074696f6e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/smknstd/laravel-kms-encryption) Introduction ------------ [](#introduction) This package replaces Laravel's built-in encryption with an encryption based on AWS KMS. Two major features provided by kms are: - ability to automatically [rotate key](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) (annually) without deleting the previous ones - you don’t have access to the actual key, which means you can’t leak it *This package has been based on this [blogpost](https://blog.deleu.dev/swapping-laravel-encryption-with-aws-kms/)* Installation ------------ [](#installation) This package requires Laravel 8.x or higher. You can install the package via composer: ``` composer require smknstd/laravel-kms-encryption ``` Next you should publish the config file, and setup your values : ``` php artisan vendor:publish --provider="Smknstd\LaravelKmsEncryption\LaravelKmsEncryptionServiceProvider" ``` If you want to use IAM Roles that are already setup, aws sdk will automatically use them by default. Otherwise, you should setup credentials to the proper aws user [allowed](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-users) to "use" the given kms key, by adding a kms section in your `config/services.php` file : ``` 'kms' => [ 'key' => env('AWS_ACCESS_KEY_ID'), 'secret' => env('AWS_SECRET_ACCESS_KEY'), 'region' => env('AWS_REGION'), ], ``` Now everytime you'll [encrypt](https://laravel.com/docs/8.x/encryption) something it will use the provided kms key. It includes all fields using eloquent's [encrypted casting](https://laravel.com/docs/8.x/eloquent-mutators#encrypted-casting). If you have previously encrypted data, be aware that you won't be able to decrypt it. ### Cookies encryption [](#cookies-encryption) If you use laravel's middleware `EncryptCookies`, it can't work with kms. To let the middleware continue working with laravel's encrypter you need to edit `App\Http\kernel.php`. Just replace the existing middleware with : ``` protected $middlewareGroups = [ 'web' => [ \Smknstd\LaravelKmsEncryption\Middleware\EncryptCookies::class, ... ] ] ``` Testing ------- [](#testing) ``` composer test ``` Contributing ------------ [](#contributing) Please see [CONTRIBUTING](.github/CONTRIBUTING.md) for details. Security Vulnerabilities ------------------------ [](#security-vulnerabilities) Please review [our security policy](../../security/policy) on how to report security vulnerabilities. Credits ------- [](#credits) - [Arnaud Becher](https://github.com/smknstd) - [Marco Aurélio Deleu](https://github.com/deleugpn) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 17 — LowBetter than 6% of packages Maintenance16 Infrequent updates — may be unmaintained Popularity10 Limited adoption so far Community9 Small or concentrated contributor base Maturity28 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/57a23698a2f14ce541145eefbf145e7405ad45ae0066d6b1ded837487b3314f7?d=identicon)[smknstd](/maintainers/smknstd) --- Top Contributors [![smknstd](https://avatars.githubusercontent.com/u/2412608?v=4)](https://github.com/smknstd "smknstd (16 commits)") --- Tags awsencryptionkmslaravellaravel-package ### Embed Badge ![Health badge](/badges/smknstd-laravel-kms-encryption/health.svg) ``` [![Health](https://phpackages.com/badges/smknstd-laravel-kms-encryption/health.svg)](https://phpackages.com/packages/smknstd-laravel-kms-encryption) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M212](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M112](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)