{"id":15188308,"url":"https://github.com/austinheap/laravel-database-encryption","last_synced_at":"2025-10-02T03:30:35.551Z","repository":{"id":62489624,"uuid":"113929569","full_name":"austinheap/laravel-database-encryption","owner":"austinheap","description":"A package for automatically encrypting and decrypting Eloquent attributes in Laravel 5.5+, based on configuration settings.","archived":true,"fork":false,"pushed_at":"2022-07-14T13:08:51.000Z","size":1339,"stargazers_count":248,"open_issues_count":7,"forks_count":74,"subscribers_count":15,"default_branch":"master","last_synced_at":"2025-08-17T09:29:28.688Z","etag":null,"topics":["aes","composer","composer-package","database","databases","decrypt","decryption","eloquent","eloquent-database","eloquent-models","encrypt","encryption","laravel","laravel-5-package","laravel5","php","php7"],"latest_commit_sha":null,"homepage":"https://packagist.org/packages/austinheap/laravel-database-encryption","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/austinheap.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-12-12T01:49:24.000Z","updated_at":"2025-05-08T21:45:07.000Z","dependencies_parsed_at":"2022-11-02T11:16:08.744Z","dependency_job_id":null,"html_url":"https://github.com/austinheap/laravel-database-encryption","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/austinheap/laravel-database-encryption","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/austinheap%2Flaravel-database-encryption","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/austinheap%2Flaravel-database-encryption/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/austinheap%2Flaravel-database-encryption/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/austinheap%2Flaravel-database-encryption/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/austinheap","download_url":"https://codeload.github.com/austinheap/laravel-database-encryption/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/austinheap%2Flaravel-database-encryption/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":276104362,"owners_count":25586055,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-20T02:00:10.207Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aes","composer","composer-package","database","databases","decrypt","decryption","eloquent","eloquent-database","eloquent-models","encrypt","encryption","laravel","laravel-5-package","laravel5","php","php7"],"created_at":"2024-09-27T19:02:50.474Z","updated_at":"2025-10-02T03:30:35.210Z","avatar_url":"https://github.com/austinheap.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Laravel 5.5+ Database Encryption Package\n\n![laravel-database-encryption banner from the documentation](docs/img/banner-1544x500.png?raw=true)\n\n[![License](https://img.shields.io/packagist/l/austinheap/laravel-database-encryption.svg)](https://github.com/austinheap/laravel-database-encryption/blob/master/LICENSE.md)\n[![Current Release](https://img.shields.io/github/release/austinheap/laravel-database-encryption.svg)](https://github.com/austinheap/laravel-database-encryption/releases)\n[![Total Downloads](https://img.shields.io/packagist/dt/austinheap/laravel-database-encryption.svg)](https://packagist.org/packages/austinheap/laravel-database-encryption)\n[![Build Status](https://travis-ci.org/austinheap/laravel-database-encryption.svg?branch=master)](https://travis-ci.org/austinheap/laravel-database-encryption)\n[![Scrutinizer CI](https://scrutinizer-ci.com/g/austinheap/laravel-database-encryption/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/austinheap/laravel-database-encryption/)\n[![StyleCI](https://styleci.io/repos/113929569/shield?branch=master)](https://styleci.io/repos/113929569)\n[![Maintainability](https://api.codeclimate.com/v1/badges/a63deda99383852c739b/maintainability)](https://codeclimate.com/github/austinheap/laravel-database-encryption/maintainability)\n[![Test Coverage](https://api.codeclimate.com/v1/badges/a63deda99383852c739b/test_coverage)](https://codeclimate.com/github/austinheap/laravel-database-encryption/test_coverage)\n\n## A package for automatically encrypting and decrypting Eloquent attributes in Laravel 5.5+, based on configuration settings.\n\nThe purpose of this project is to create a set-it-and-forget-it package that can be\ninstalled without much effort to encrypt and decrypt Eloquent model attributes stored\nin your database tables, transparently. It is therefore highly opinionated but built\nfor [configuration](#step-3-configure-the-package).\n\nWhen [enabled](#step-2-enable-the-package-optional), it automagically begins encrypting\ndata as it is stored in the model attributes and decrypting data as it is recalled from\nthe model attributes.\n\nAll data that is encrypted is prefixed with a header so that encrypted data can be\neasily identified, encryption keys rotated, and (optionally) versioning of the encrypted\ndata format itself.\n\nThis supports columns that store either encrypted or non-encrypted data to make migration\neasier.  Data can be read from columns correctly regardless of whether it is encrypted or\nnot but will be automatically encrypted when it is saved back into those columns. Standard\nLaravel Eloquent features like attribute casting will continue to work as normal, even if\nthe underlying values stored in the database are encrypted by this package.\n\nThere is [documentation for `laravel-database-encryption` online](https://austinheap.github.io/laravel-database-encryption/),\nthe source of which is in the [`docs/`](https://github.com/austinheap/laravel-database-encryption/tree/master/docs)\ndirectory. The most logical place to start are the [docs for the `HasEncryptedAttributes` trait](https://austinheap.github.io/laravel-database-encryption/classes/AustinHeap.Database.Encryption.Traits.HasEncryptedAttributes.html).\n\n## Table of Contents\n\n* [Summary](#a-package-for-automatically-encrypting-and-decrypting-eloquent-attributes-in-laravel-55-based-on-configuration-settings)\n* [Requirements](#requirements)\n* [Status](#status)\n* [Schemas](#schemas)\n* [Installation](#installation)\n    + [Step 1: Composer](#step-1-composer)\n    + [Step 2: Enable the package (Optional)](#step-2-enable-the-package-optional)\n    + [Step 3: Configure the package](#step-3-configure-the-package)\n* [Usage](#usage)\n* [Keys and IVs](#keys-and-ivs)\n* [Unit Tests](#unit-tests)\n* [Overrides](#overrides)\n* [FAQ](#faq)\n    + [Can I manually encrypt or decrypt arbitrary data?](#can-i-manually-encrypt-or-decrypt-arbitrary-data)\n    + [Can I search encrypted data?](#can-i-search-encrypted-data)\n    + [Can I encrypt all my `User` model data?](#can-i-encrypt-all-my-user-model-data)\n    + [Is this package compatible with `elocryptfive` out-of-the-box?](#is-this-package-compatible-with-elocryptfive-out-of-the-box)\n    + [Is this package compatible with `insert-random-Eloquent-package-here`?](#is-this-package-compatible-with-insert-random-eloquent-package-here)\n* [Implementations](#implementations)\n* [Credits](#credits)\n* [Contributing](#contributing)\n* [License](#license)\n\n## Requirements\n\n* Laravel: 5.5, 5.6, 5.7, or 5.8\n* PHP: 7.1, 7.2, or 7.3\n* PHP [OpenSSL extension](http://php.net/manual/en/book.openssl.php)\n\n## Status\n\n**Framework**|**Version**|**Release**|**Status**|**PHP v7.1**|**PHP v7.2**|**PHP v7.3**\n:-----:|:-----:|:-----:|:-----:|:-----:|:-----:|:-----:\nLaravel|[v5.5](https://laravel.com/docs/5.5/releases)|[v0.1.0](https://github.com/austinheap/laravel-database-encryption/releases/tag/v0.1.0) ([Packagist](https://packagist.org/packages/austinheap/laravel-database-encryption#v0.1.0))|Stable|[![Build Status](https://travis-ci.org/austinheap/laravel-database-encryption.svg?branch=v0.1.0)](https://travis-ci.org/austinheap/laravel-database-encryption)|[![Build Status](https://travis-ci.org/austinheap/laravel-database-encryption.svg?branch=v0.1.0)](https://travis-ci.org/austinheap/laravel-database-encryption)|[![Build Status](https://travis-ci.org/austinheap/laravel-database-encryption.svg?branch=v0.1.0)](https://travis-ci.org/austinheap/laravel-database-encryption)\nLaravel|[v5.6](https://laravel.com/docs/5.6/releases)|[v0.1.1](https://github.com/austinheap/laravel-database-encryption/releases/tag/v0.1.1) ([Packagist](https://packagist.org/packages/austinheap/laravel-database-encryption#v0.1.1))|Stable|[![Build Status](https://travis-ci.org/austinheap/laravel-database-encryption.svg?branch=v0.1.1)](https://travis-ci.org/austinheap/laravel-database-encryption)|[![Build Status](https://travis-ci.org/austinheap/laravel-database-encryption.svg?branch=v0.1.1)](https://travis-ci.org/austinheap/laravel-database-encryption)|[![Build Status](https://travis-ci.org/austinheap/laravel-database-encryption.svg?branch=v0.1.1)](https://travis-ci.org/austinheap/laravel-database-encryption)\nLaravel|[v5.7](https://laravel.com/docs/5.7/releases)|[v0.2.0](https://github.com/austinheap/laravel-database-encryption/releases/tag/v0.2.0) ([Packagist](https://packagist.org/packages/austinheap/laravel-database-encryption#v0.2.0))|Stable|[![Build Status](https://travis-ci.org/austinheap/laravel-database-encryption.svg?branch=v0.2.0)](https://travis-ci.org/austinheap/laravel-database-encryption)|[![Build Status](https://travis-ci.org/austinheap/laravel-database-encryption.svg?branch=v0.2.0)](https://travis-ci.org/austinheap/laravel-database-encryption)|[![Build Status](https://travis-ci.org/austinheap/laravel-database-encryption.svg?branch=v0.2.0)](https://travis-ci.org/austinheap/laravel-database-encryption)\nLaravel|[v5.8](https://laravel.com/docs/5.8/releases)|[v0.2.1](https://github.com/austinheap/laravel-database-encryption/releases/tag/v0.2.1) ([Packagist](https://packagist.org/packages/austinheap/laravel-database-encryption#v0.2.1))|Stable|[![Build Status](https://travis-ci.org/austinheap/laravel-database-encryption.svg?branch=v0.2.1)](https://travis-ci.org/austinheap/laravel-database-encryption)|[![Build Status](https://travis-ci.org/austinheap/laravel-database-encryption.svg?branch=v0.2.1)](https://travis-ci.org/austinheap/laravel-database-encryption)|[![Build Status](https://travis-ci.org/austinheap/laravel-database-encryption.svg?branch=v0.2.1)](https://travis-ci.org/austinheap/laravel-database-encryption)\n\n## Schemas\n\nEncrypted values are usually longer than plain text values, sometimes much longer.\nYou may find that the column widths in your database tables need to be altered to\nstore the encrypted values generated by this package.\n\nIf you are encrypting long strings such as JSON blobs then the encrypted values may\nbe longer than a `VARCHAR` field can support, and you will need to alter your column\ntypes to `TEXT` or `LONGTEXT`.\n\nThe FAQ contains [migration instructions if you are moving from elocryptfive](#is-this-package-compatible-with-elocryptfive-out-of-the-box).\n\n## Installation\n\n### Step 1: Composer\n\nVia Composer command line:\n\n```bash\n$ composer require austinheap/laravel-database-encryption\n```\n\nOr add the package to your `composer.json`:\n\n```json\n{\n    \"require\": {\n        \"austinheap/laravel-database-encryption\": \"^0.2\"\n    }\n}\n```\n\n### Step 2: Enable the package (Optional)\n\nThis package implements Laravel auto-discovery feature. After you install it the package\nprovider and facade are added automatically.\n\nIf you would like to declare the provider and/or alias explicitly, you may do so by first\nadding the service provider to your `config/app.php` file:\n\n```php\n'providers' =\u003e [\n    //\n    AustinHeap\\Database\\Encryption\\EncryptionServiceProvider::class,\n];\n```\n\nAnd then add the alias to your `config/app.php` file:\n\n```php\n'aliases' =\u003e [\n    //\n    'DatabaseEncryption' =\u003e AustinHeap\\Database\\EncryptionFacade::class,\n];\n```\n\n### Step 3: Configure the package\n\nPublish the package config file:\n\n```bash\n$ php artisan vendor:publish --provider=\"AustinHeap\\Database\\Encryption\\EncryptionServiceProvider\"\n```\n\nYou may now enable automagic encryption and decryption of Eloquent models by editing the\n`config/database-encryption.php` file:\n\n```php\nreturn [\n    'enabled' =\u003e env('DB_ENCRYPTION_ENABLED', true),\n];\n```\n\nOr simply setting the the `DB_ENCRYPTION_ENABLED` environment variable to true, via\nthe Laravel `.env` file or hosting environment.\n\n```bash\nDB_ENCRYPTION_ENABLED=true\n```\n\n## Usage\n\nUse the `HasEncryptedAttributes` trait in any Eloquent model that you wish to apply encryption\nto and define a `protected $encrypted` array containing a list of the attributes to encrypt.\n\nFor example:\n\n```php\n    use AustinHeap\\Database\\Encryption\\Traits\\HasEncryptedAttributes;\n\n    class User extends Eloquent {\n        use HasEncryptedAttributes;\n       \n        /**\n         * The attributes that should be encrypted on save.\n         *\n         * @var array\n         */\n        protected $encrypted = [\n            'address_line_1', 'first_name', 'last_name', 'postcode'\n        ];\n    }\n```\n\nYou can combine `$casts` and `$encrypted` to store encrypted arrays. An array will first be\nconverted to JSON and then encrypted.\n\nFor example:\n\n```php\n    use AustinHeap\\Database\\Encryption\\Traits\\HasEncryptedAttributes;\n\n    class User extends Eloquent {\n        use HasEncryptedAttributes;\n\n        protected $casts     = ['extended_data' =\u003e 'array'];\n        protected $encrypted = ['extended_data'];\n    }\n```\n\nBy including the `HasEncryptedAttributes` trait, the `setAttribute()` and `getAttributeFromArray()`\nmethods provided by Eloquent are overridden to include an additional step. This additional step\nsimply checks whether the attribute being accessed via setter/getter is included in the `$encrypted`\narray on the model, and then encrypts or decrypts it accordingly.\n\n## Keys and IVs\n\nThe key and encryption algorithm used is the default Laravel `Encrypter` service, and configured in\nyour `config/app.php`:\n\n```php\n    'key' =\u003e env('APP_KEY', 'SomeRandomString'),\n    'cipher' =\u003e 'AES-256-CBC',\n```\n\nIf you're using `AES-256-CBC` as the cipher for encrypting data, use the built in command to generate\nyour application key if you haven't already with `php artisan key:generate`.  If you are encrypting longer\ndata, you may want to consider the `AES-256-CBC-HMAC-SHA1` cipher.\n\nThe IV for encryption is randomly generated and cannot be set.\n\n## Unit Tests\n\nThis package has aggressive unit tests built with the wonderful [orchestral/testbench](https://github.com/orchestral/testbench)\npackage which is built on top of PHPUnit. A MySQL server required for execution of unit tests.\n\nThere are [code coverage reports for `laravel-database-encryption`](https://austinheap.github.io/laravel-database-encryption/coverage/)\navailable online.\n\n## Overrides\n\nThe following Laravel 5.5 methods from Eloquent are affected by this trait.\n\n* `constructor()` -- calls `fill()`.\n* `fill()` -- calls `setAttribute()` which has been extended to encrypt the data.\n* `hydrate()` -- TBD.\n* `create()` -- calls `constructor()` and hence `fill()`.\n* `firstOrCreate()` -- calls `constructor()`.\n* `firstOrNew()` -- calls `constructor()`.\n* `updateOrCreate()` -- calls `fill()`.\n* `update()` -- calls `fill()`.\n* `toArray()` -- calls `attributesToArray()`.\n* `jsonSerialize()` -- calls `toArray()`.\n* `toJson()` -- calls `toArray()`.\n* `attributesToArray()` -- calls `getArrayableAttributes()`.\n* `getAttribute()` -- calls `getAttributeValue()`.\n* `getAttributeValue()` -- calls `getAttributeFromArray()`.\n* `getAttributeFromArray()` -- calls `getArrayableAttributes()`.\n* `getArrayableAttributes()` -- extended to decrypt data.\n* `setAttribute()` -- extended to encrypt data.\n* `getAttributes()` -- extended to decrypt data.\n* `castAttribute()` -- extended to cast encrypted data.\n* `isDirty()` -- extended to recognize encrypted data.\n\n## FAQ\n\n### Can I manually encrypt or decrypt arbitrary data?\n\nYes! You can manually encrypt or decrypt data using the `encryptedAttribute()` and `decryptedAttribute()`\nfunctions. For example:\n\n```php\n    $user = new User();\n    $encryptedEmail = $user-\u003eencryptedAttribute(Input::get('email'));\n```\n\n### Can I search encrypted data?\n\nNo! You will not be able to search on attributes which are encrypted by this package because...it is encrypted.\nComparing encrypted values would require a fixed IV, which introduces security issues.\n\nIf you need to search on data then either:\n\n* Leave it unencrypted, or\n* Hash the data and search on the hash instead of the encrypted value using a well known hash algorithm\n  such as `SHA256`.\n\nYou could store both a hashed and an encrypted value, using the hashed value for searching and retrieve\nthe encrypted value as needed.\n\n### Can I encrypt all my `User` model data?\n\nNo! The same issue with searching also applies to authentication because authentication requires search.\n\n### Is this package compatible with [`elocryptfive`](https://github.com/delatbabel/elocryptfive) out-of-the-box?\n\nNo! While it _is_ a (more modern) replacement, it is not compatible directly out of the box. To migrate to this package from elocryptfive, you must:\n\n1. Decrypt all the data in your database encrypted by elocryptfive.\n2. Remove any calls to elocryptfive from your models/code.\n3. Remove elocryptfive from your `composer.json` and run `composer update`.\n4. At this point you should have no encrypted data in your database and all calls/references, but make sure elocryptfive is completely purged.\n5. Follow the installation instructions above.\n6. ???\n7. Profit!\n\nA pull request for automated migrations is more than welcome but is currently out of the scope of this project's goals.\n\n### Is this package compatible with `insert-random-Eloquent-package-here`?\n\nProbably not! It's not feasible to guarantee interoperability between random packages out there, especially packages that also heavily modify Eloquent's default behavior.\n\nIssues and pull requests regarding interoperability will not be accepted.\n\n## Implementations\n\nThe following decently-trafficed sites use this package in production:\n\n- [securitytext.org - `security.txt` document registry and whois server](https://securitytext.org/)\n\n## Credits\n\nThis is a fork of [delatbabel/elocryptfive](https://github.com/delatbabel/elocryptfive),\nwhich was a fork of [dtisgodsson/elocrypt](https://github.com/dtisgodsson/elocrypt),\nwhich was based on earlier work.\n\n- [delatbabel/elocryptfive Contributors](https://github.com/delatbabel/elocryptfive/graphs/contributors)\n- [dtisgodsson/elocrypt Contributors](https://github.com/dtisgodsson/elocrypt/graphs/contributors)\n\n## Contributing\n\n[Pull requests](https://github.com/austinheap/laravel-database-encryption/pulls) welcome! Please see\n[the contributing guide](CONTRIBUTING.md) for more information.\n\n## License\n\nThe MIT License (MIT). Please see [License File](LICENSE.md) for more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faustinheap%2Flaravel-database-encryption","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faustinheap%2Flaravel-database-encryption","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faustinheap%2Flaravel-database-encryption/lists"}