{"id":19852602,"url":"https://github.com/onramplab/laravel-security-model","last_synced_at":"2026-05-12T18:36:24.965Z","repository":{"id":69527229,"uuid":"601417593","full_name":"OnrampLab/laravel-security-model","owner":"OnrampLab","description":null,"archived":false,"fork":false,"pushed_at":"2023-09-28T09:06:06.000Z","size":112,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-11T13:28:12.664Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OnrampLab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-14T02:36:15.000Z","updated_at":"2023-02-14T02:36:22.000Z","dependencies_parsed_at":"2023-09-28T10:31:08.646Z","dependency_job_id":null,"html_url":"https://github.com/OnrampLab/laravel-security-model","commit_stats":{"total_commits":90,"total_committers":3,"mean_commits":30.0,"dds":"0.022222222222222254","last_synced_commit":"9d2b2be84a8b3beaad3416d537aaad42d94f25fd"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":"OnrampLab/composer-package-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OnrampLab%2Flaravel-security-model","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OnrampLab%2Flaravel-security-model/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OnrampLab%2Flaravel-security-model/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OnrampLab%2Flaravel-security-model/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OnrampLab","download_url":"https://codeload.github.com/OnrampLab/laravel-security-model/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241241524,"owners_count":19932769,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-12T14:03:38.444Z","updated_at":"2026-05-12T18:36:24.794Z","avatar_url":"https://github.com/OnrampLab.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# laravel-security-model\n\n[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md)\n[![CircleCI](https://circleci.com/gh/OnrampLab/laravel-security-model.svg?style=shield)](https://circleci.com/gh/OnrampLab/laravel-security-model)\n[![Total Downloads](https://img.shields.io/packagist/dt/onramplab/laravel-security-model.svg?style=flat-square)](https://packagist.org/packages/onramplab/laravel-security-model)\n\nA Laravel package providing security for Eloquent model\n\n## Requirements\n\n- PHP \u003e= 7.4;\n- composer.\n\n## Features\n\n- Encryption \n  - Easy to use with Laravel Eloquent model\n  - Support multiple types of key management service\n    - AWS KMS\n\n## Installation\n\nInstall the package via composer\n\n```bash\ncomposer require onramplab/laravel-security-model\n```\n\nPublish migration files and run command to build tables needed in package\n\n```bash\nphp artisan vendor:publish --tag=\"security-model-migrations\"\nphp artisan migrate\n```\n\nAlso, you can choose to publish the configuration file\n\n```bash\nphp artisan vendor:publish --tag=\"security-model-config\"\n```\n\n## Usage\n\n### Encryption\n\n1. Set up credentials for key provider you want to use for encryption\n2. Run command to generate a encryption key and a hash key\n\n    ```bash\n    php artisan security-model:generate-key\n    ```\n\n3. Use the `Securable` trait in a model\n4. Implement the `Securable` interface in a model\n5. Set up `$encryptable` attribute in a model to define encryptable fields. You can check out the [section](#encryptable-field-parameters) below for more info about field parameters\n\n```php\n\u003c?php\n\nnamespace App\\Models;\n\nuse Illuminate\\Database\\Eloquent\\Model;\nuse OnrampLab\\SecurityModel\\Concerns\\Securable;\nuse OnrampLab\\SecurityModel\\Contracts\\Securable as SecurableContract;\n\nclass User extends Model implements SecurableContract\n{\n    use Securable;\n\n    /**\n     * The attributes that are mass assignable.\n     */\n    protected array $fillable = [\n        'phone',\n        'email',\n    ];\n\n    /**\n     * The attributes that are needed to be encrypted.\n     */\n    protected array $encryptable = [\n        'phone' =\u003e ['type' =\u003e 'string'],\n        'email' =\u003e ['type' =\u003e 'string', 'searchable' =\u003e true],\n    ];\n}\n```\n\n### Encryptable Field Parameters\n\n- type\n\n  - Type\n  \n    string\n  \n  - Required\n  \n    yes  \n\n  - Description\n\n    Determinate content type of the encryptable field. Here are available types:\n\n      - `string`\n      - `json`\n      - `integer`\n      - `float`\n      - `boolean`\n\n- searchable\n\n  - Type\n  \n    boolean\n  \n  - Required\n  \n    no  \n\n  - Description\n    \n    Determinate whether the encryptable field is searchable. If the field is searchable, you should make a migration to create a new column to store blind index value for searching. \n\n### Searchable Encrypted Field\n\nTo achieve searching on encrypted fields, we use a strategy called **blind indexing**. Its idea is to store a hash value of the plaintext in a separate column and would it will be used for searching.\n\nThat means if you define a encryptable field to be searchable, you should postfix the original column name with `_bidx` to create a new column. For example, if you define a `email` column to be searchable, then you need to create a `email_bidx` column in your table.\n\n### Conditional Encryption\n\nSometimes you may need to determinate whether a model should be encrypted under certain conditions. To accomplish this, you may define a `shouldBeEncryptable` method on your model:\n\n```php\n/**\n * Determine if the model should be encrytable.\n */\npublic function shouldBeEncryptable(): bool\n{\n    return $this-\u003eisClassified();\n}\n```\n\n### Redaction\n\n1. Use the `Securable` trait in a model\n2. Implement the `Securable` interface in a model\n3. Set up `$redactable` attribute in a model to define redactable fields with redactor classes you want to apply for each fields\n\n```php\n\u003c?php\n\nnamespace App\\Models;\n\nuse Illuminate\\Database\\Eloquent\\Model;\nuse OnrampLab\\SecurityModel\\Concerns\\Securable;\nuse OnrampLab\\SecurityModel\\Contracts\\Securable as SecurableContract;\nuse OnrampLab\\SecurityModel\\Redactors\\E164PhoneNumberRedactor;\nuse OnrampLab\\SecurityModel\\Redactors\\EmailRedactor;\n\nclass User extends Model implements SecurableContract\n{\n    use Securable;\n\n    /**\n     * The attributes that are mass assignable.\n     */\n    protected array $fillable = [\n        'phone',\n        'email',\n    ];\n\n    /**\n     * The attributes that are needed to be redacted.\n     */\n    protected array $redactable = [\n        'phone' =\u003e E164PhoneNumberRedactor::class,\n        'email' =\u003e EmailRedactor::class,\n    ];\n}\n```\n\nThere are some built-in redactors available for different kinds of model field:\n\n- E164PhoneNumberRedactor\n- EmailRedactor\n- NameRedactor\n- PhoneNumberRedactor\n- SecretRedactor\n- ZipCodeRedactor\n\n### Custom Redactor\n\nBesides those built-in redactors mentioned above, you may wish to specify ones with custom logic. Thus, you are free to create your own redactor class. Just simply implement the class with `Redactor` interface, then use it in your securable model. \n\n```php\n\u003c?php\n\nnamespace App\\Redactors;\n\nuse Illuminate\\Database\\Eloquent\\Model;\nuse Illuminate\\Support\\Str;\nuse OnrampLab\\SecurityModel\\Contracts\\Redactor;\n\nclass FirstCharacterRedactor implements Redactor\n{\n\n    /**\n     * @param mixed $value\n     * @param Model $model\n     * @return mixed\n     */\n    public function redact($value, $model)\n    {\n        return Str::mask((string) $value, '*', 0, 1);\n    }\n}\n```\n\n## Running Tests\n\n```bash\ncomposer test\n```\n\n## Changelog\n\nTo keep track, please refer to [CHANGELOG.md](https://github.com/Onramplab/laravel-security-model/blob/master/CHANGELOG.md).\n\n## Contributing\n\n1. Fork it.\n2. Create your feature branch (git checkout -b my-new-feature).\n3. Make your changes.\n4. Run the tests, adding new ones for your own code if necessary (phpunit).\n5. Commit your changes (git commit -am 'Added some feature').\n6. Push to the branch (git push origin my-new-feature).\n7. Create new pull request.\n\nAlso please refer to [CONTRIBUTION.md](https://github.com/Onramplab/laravel-security-model/blob/master/CONTRIBUTION.md).\n\n## License\n\nPlease refer to [LICENSE](https://github.com/Onramplab/laravel-security-model/blob/master/LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fonramplab%2Flaravel-security-model","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fonramplab%2Flaravel-security-model","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fonramplab%2Flaravel-security-model/lists"}