PHPackages usman-ahmed/laravel-response-encryption - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. usman-ahmed/laravel-response-encryption ActiveLibrary[Security](/categories/security) usman-ahmed/laravel-response-encryption ======================================= Encrypt Laravel API JSON responses automatically using Laravel's Crypt system. 1.0.0(1y ago)111MITPHPPHP ^8.1 Since May 10Pushed 1y ago1 watchersCompare [ Source](https://github.com/USmanFathy/LaravelResponseEncryption)[ Packagist](https://packagist.org/packages/usman-ahmed/laravel-response-encryption)[ RSS](/packages/usman-ahmed-laravel-response-encryption/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (1)Versions (2)Used By (0) LaravelResponseEncryption ========================= [](#laravelresponseencryption) LaravelResponseEncryption is a Laravel package that **automatically encrypts all API responses** using Laravel's built-in encryption system. It's perfect when you want to ensure sensitive data is securely transferred between your backend and frontend — with optional client-side decryption. --- Features -------- [](#features) - 🔒 Encrypts all JSON API responses automatically - 🛠 Easily exclude specific routes from encryption - ⚡ Lightweight and fast (middleware-based) - 🔄 Optional frontend decryption helper - ⚙️ Fully configurable (enabled, content types, exceptions) - 🛡️ Built on Laravel’s native `Crypt` system (AES-256-CBC) --- Installation ------------ [](#installation) Install the package via Composer: ``` composer require usman-ahmed/laravel-response-encryption ``` Then publish the config file: ``` php artisan vendor:publish --provider="UsmanAhmed\LaravelResponseEncryption\ResponseEncryptionServiceProvider" --tag=response-encryption-config --force ``` --- Service Provider (Optional Manual Registration) ----------------------------------------------- [](#service-provider-optional-manual-registration) register the service provider manually in your: ``` 'providers' => [ // Other Service Providers \UsmanAhmed\LaravelResponseEncryption\ResponseEncryptionServiceProvider::class, ], ``` --- How It Works ------------ [](#how-it-works) Once the package is installed and enabled, it will automatically **encrypt all responses** (e.g., from APIs) that have `application/json` as their content type. The encryption uses Laravel's `Crypt::encrypt()` behind the scenes. --- Excluding Routes from Encryption -------------------------------- [](#excluding-routes-from-encryption) You can **exclude specific routes** from being encrypted using one of the following methods: ### 1. Use `withoutMiddleware` in Route Definition [](#1-use-withoutmiddleware-in-route-definition) ``` use \UsmanAhmed\LaravelResponseEncryption\Http\Middleware\EncryptResponses; Route::get('/api/unencrypted', function () { return response()->json(['status' => 'ok']); })->withoutMiddleware([EncryptResponses::class]); ``` --- ### 2. Define Exclusions in Config File [](#2-define-exclusions-in-config-file) Open `config/response-encryption.php` and add the paths you want to exclude: ``` 'except' => [ 'api/v1/public/*', 'health', 'ping', 'countries/list', ...(env('APP_ENV') === 'local' ? ['_debugbar/*'] : []), ], ``` --- ### 3. Exclude Routes Programmatically in `AppServiceProvider` [](#3-exclude-routes-programmatically-in-appserviceprovider) ``` use UsmanAhmed\LaravelResponseEncryption\Facades\ResponseEncryption; public function boot() { ResponseEncryption::excludeRoutes([ 'api/legacy/v' . config('app.api_version'), ]); } ``` --- Optional: Client-Side Decryption -------------------------------- [](#optional-client-side-decryption) The encrypted response is a base64-encoded encrypted string. You can decrypt it on the frontend using the same key and cipher as Laravel (`AES-256-CBC`). > ⚠️ **Note:** You are responsible for managing and protecting the encryption key on the client side. --- Config Options (`config/response-encryption.php`) ------------------------------------------------- [](#config-options-configresponse-encryptionphp) ``` return [ 'enabled' => env('RESPONSE_ENCRYPTION_ENABLED', true), 'content_types' => [ 'application/json', ], 'except' => [ 'api/v1/public/*', 'health', 'ping', 'countries/list', ], ]; ``` You can also disable the whole package by setting in `.env`: ``` RESPONSE_ENCRYPTION_ENABLED=false ``` --- License ------- [](#license) MIT License --- Author ------ [](#author) **UsmanAhmed** GitHub: --- Contributing ------------ [](#contributing) Pull requests are welcome. Please follow Laravel’s coding standards. ### Health Score 28 — LowBetter than 54% of packages Maintenance50 Moderate activity, may be stable Popularity4 Limited adoption so far Community8 Small or concentrated contributor base Maturity45 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 367d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/8d5165be4d702fa8511fece921411fd68cd8d7cf80d492270f2cfe0e4e109c31?d=identicon)[USmanFathy](/maintainers/USmanFathy) --- Top Contributors [![USmanFathy](https://avatars.githubusercontent.com/u/91374170?v=4)](https://github.com/USmanFathy "USmanFathy (1 commits)") ### Embed Badge ![Health badge](/badges/usman-ahmed-laravel-response-encryption/health.svg) ``` [![Health](https://phpackages.com/badges/usman-ahmed-laravel-response-encryption/health.svg)](https://phpackages.com/packages/usman-ahmed-laravel-response-encryption) ``` ### Alternatives [soved/laravel-gdpr GDPR compliance with ease 299127.5k2](/packages/soved-laravel-gdpr)[masterro/laravel-xss-filter Filter user input for XSS but don't touch other html 41254.5k](/packages/masterro-laravel-xss-filter)[enlightn/laravel-security-checker A Laravel package to scan your dependencies for known security vulnerabilities. 51173.4k](/packages/enlightn-laravel-security-checker)[nickurt/laravel-pwned-passwords PwnedPasswords for Laravel 11.x/12.x/13.x 187.5k](/packages/nickurt-laravel-pwned-passwords)[dgtlss/owaspadvisor A Laravel package to help developers implement OWASP Top 10 security guidelines 327.1k](/packages/dgtlss-owaspadvisor) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)