PHPackages                             vkn999/eloquentencryption - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Database &amp; ORM](/categories/database)
4. /
5. vkn999/eloquentencryption

ActiveLibrary[Database &amp; ORM](/categories/database)

vkn999/eloquentencryption
=========================

Allow Eloquent attributes to be encrypted and decrypted using a RSA 4096-bit private keys.

v4.0(4y ago)03MITPHPPHP ^8.0|^8.1

Since Oct 25Pushed 4y agoCompare

[ Source](https://github.com/vkn999/EloquentEncryption)[ Packagist](https://packagist.org/packages/vkn999/eloquentencryption)[ Docs](https://github.com/vkn999/eloquentencryption)[ RSS](/packages/vkn999-eloquentencryption/feed)WikiDiscussions master Synced today

READMEChangelog (1)Dependencies (5)Versions (18)Used By (0)

Eloquent Encryption
===================

[](#eloquent-encryption)

This package enables an additional layer of security when handling sensitive data. Allowing key fields of your eloquent models in the database to be encrypted at rest.

[![Latest Version on Packagist](https://camo.githubusercontent.com/f110906532879b16a5ac9ae7d6e65be33a929c333968afeefe06b8e23634bf50/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f766b6e3939392f656c6f7175656e74656e6372797074696f6e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/vkn999/eloquentencryption)[![Build Status](https://camo.githubusercontent.com/5b668a4e3d6ef70a0bfd4fcc5106413a92b13d22e87ef82eae3862dd472c174b/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f766b6e3939392f656c6f7175656e74656e6372797074696f6e2f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.org/vkn999/eloquentencryption)[![Quality Score](https://camo.githubusercontent.com/567d670c1a6532a8bafeb692419c43730e29db79291fd18b03b772057bb1069a/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f766b6e3939392f656c6f7175656e74656e6372797074696f6e2e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/vkn999/eloquentencryption)[![Total Downloads](https://camo.githubusercontent.com/f4f09ddbd2dfa7d3878c8ab44ecf4be3ed5deea322cdd3721944cfb3b0623e0e/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f766b6e3939392f656c6f7175656e74656e6372797074696f6e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/vkn999/eloquentencryption)

Introduction
------------

[](#introduction)

This open source package fulfils the need of encrypting selected model data in your database whilst allowing your app:key to be rotated. When needing to store private details this package allows for greater security than the default Laravel encrypter. It uses default 4096-bit RSA keys to encrypt your data securely and Laravel model casting to dynamically encrypt and decrypt key fields.

Usually, you would use [Laravel's Encrypter](https://laravel.com/docs/8.x/encryption) to encrypt the data, but this has the limitation of using the `app:key` as the private secret. As the app key also secures session/cookie data, it is [advised that you rotate this every so often](https://tighten.co/blog/app-key-and-you/) - if you're storing encrypted data using this method you have to decrypt it all first and re-encrypt whenever this is done. Therefore this package improves on this by creating a separate and stronger encryption process allowing you to rotate the app:key. This allows for a level of security of sensitive model data within your Laravel application and your database.

If you don't want to use RSA keys, then I have another package [Eloquent AES](https://github.com/RichardStyles/eloquent-aes) which uses a separate key `eloquent_key` to encrypt using AES-256-CBC.

Installation
------------

[](#installation)

This package requires Laravel 9.x or higher. php: "^8.0|^8.1"

You can install the package via composer:

```
composer require vkn999/eloquentencryption
```

You do not need to register the ServiceProvider as this package uses Laravel Package auto discovery. The Migration blueprint helpers are added using macros, so do not affect the schema files.

The configuration can be published using this command, if you need to change the RSA key size, storage path and key file names.

```
php artisan vendor:publish --provider="RichardStyles\EloquentEncryption\EloquentEncryptionServiceProvider" --tag="config"
```

In order to encrypt and decrypt data you need to generate RSA keys for this package. By default, this will create 4096-bit RSA keys to your `storage/` directory. **Do not add these to version control** and backup accordingly.

```
php artisan encrypt:generate
```

### ⚠️ **If you re-run this command, you will lose access to any encrypted data** ⚠️

[](#️--if-you-re-run-this-command-you-will-lose-access-to-any-encrypted-data-️)

There is also a helper function to define your encrypted fields in your migrations. There is nothing special needed for this to function, simply declare a `encrypted` column type in your migration files. This just creates a `binary`/`blob` column to hold the encrypted data. Using this helper indicates that the field is encrypted when looking through your migrations.

```
Schema::create('sales_notes', function (Blueprint $table) {
    $table->increments('id');
    $table->encrypted('private_data');
    $table->encrypted('optional_private_data')->nullable();
    $table->timestamps();
});
```

You can use any additional blueprint helpers, such as `->nullable()` if there is no initial data to encrypt. It is advised that `->index()` shouldn't normally be placed on these binary fields as you should not be querying against these, given they are encrypted.

Usage 3.x
---------

[](#usage-3x)

As of version 3.x, the requirement for laravel is 8.14. This release added the `Model::encryptUsing()` static function to the base Eloquent Model. This allows the built in process for encrypted casting to use any `Illuminate\Contracts\Encryption\Encrypter` class.

**Please test with any existing keys and data before upgrading**Otherwise your data may not be decrypted as expected. If you are on 2.x you should not see any issues as this version follows the Encrypter Contract required by the encryptUsing static function.

In your AppServiceProvider

```
EncryptedCast::encryptUsing(new \RichardStyles\EloquentEncryption\EloquentEncryption);
```

Then on your models, use the built in encrypted casts as needed.

```
class EncryptedCast extends Model
{
    public $casts = [
        'secret' => 'encrypted',
        'secret_array' => 'encrypted:array',
        'secret_json' => 'encrypted:json',
        'secret_object' => 'encrypted:object',
        'secret_collection' => 'encrypted:collection',
    ];
}
```

This was made possible by a [PR](https://github.com/laravel/framework/pull/35080) to Laravel by [@hivokas](https://github.com/hivokas).

Usage 2.x
---------

[](#usage-2x)

This package leverages Laravel's own [custom casting](https://laravel.com/docs/8.x/eloquent-mutators#custom-casts) to encode/decode values.

```
