PHP code example of crumbls / sealcraft

1. Go to this page and download the library: Download crumbls/sealcraft library. Choose the download type require.

2. Extract the ZIP file and open the index.php.

3. Add this code to the index.php.

    
        
<?php
require_once('vendor/autoload.php');

/* Start to develop here. Best regards https://php-download.com/ */

crumbls / sealcraft example snippets


use Crumbls\Sealcraft\Casts\Encrypted;
use Crumbls\Sealcraft\Concerns\HasEncryptedAttributes;

class Patient extends Model
{
    use HasEncryptedAttributes;

    protected $casts = [
        'ssn'       => Encrypted::class,
        'dob'       => Encrypted::class,
        'diagnosis' => Encrypted::class,
    ];
}


use Crumbls\Sealcraft\Casts\Encrypted;
use Crumbls\Sealcraft\Casts\EncryptedJson;
use Crumbls\Sealcraft\Concerns\HasEncryptedAttributes;

class Patient extends Model
{
    use HasEncryptedAttributes;

    protected $casts = [
        'ssn'     => Encrypted::class,
        'history' => EncryptedJson::class,
    ];
}

$patient->history = [
    'conditions' => ['asthma', 'hypertension'],
    'allergies'  => [
        ['substance' => 'penicillin', 'severity' => 'severe'],
    ],
    'notes'      => 'no recent flares',
];


config(['sealcraft.providers.gcp_kms.token_resolver' => fn (): string => GcpAuth::freshAccessToken()]);


config([
    'sealcraft.providers.azure_key_vault.token_resolver' => fn () => Azure::kvToken(),
    'sealcraft.providers.azure_key_vault.hmac_key_resolver' => fn () => AzureSecretHelper::hmacKeyBytes(),
]);


protected array $sealcraft = [
    'strategy' => 'per_group',   // 'per_group' (default) | 'per_row'
    'type'     => 'tenant',      // context type name
    'column'   => 'tenant_id',   // per_group: context id column
                                 // per_row:   row-key column (default: sealcraft_key)
];


class Document extends Model
{
    use HasEncryptedAttributes;

    protected array $sealcraft = [
        'type'   => 'tenant',
        'column' => 'tenant_id',
    ];

    protected $casts = ['body' => Encrypted::class];
}


class VaultEntry extends Model
{
    use HasEncryptedAttributes;

    protected array $sealcraft = ['strategy' => 'per_row'];

    protected $casts = ['secret' => Encrypted::class];
}


class OwnedUser extends Model
{
    use HasEncryptedAttributes;

    protected array $sealcraft = ['strategy' => 'per_row'];

    protected $casts = ['ssn' => Encrypted::class, 'dob' => Encrypted::class];
}

class OwnedRecord extends Model
{
    use HasEncryptedAttributes;

    protected $casts = ['body' => Encrypted::class];

    public function owner() { return $this->belongsTo(OwnedUser::class); }

    public function sealcraftContext(): \Crumbls\Sealcraft\Values\EncryptionContext
    {
        return $this->owner->sealcraftContext();
    }
}


class Patient extends Model
{
    use HasEncryptedAttributes;

    protected array $sealcraft = [
        'type'   => 'patient',
        'column' => 'patient_id',
    ];

    protected $casts = [
        // Uses model-level context (patient, patient_id)
        'ssn'        => Encrypted::class,
        'history'    => EncryptedJson::class,

        // Per-column override: DEK under (employer, employer_id)
        'work_notes' => Encrypted::class . ':type=employer,column=employer_id',
    ];
}


$patient->user_id = $newOwner->id;
$patient->save();  // auto-decrypts with old DEK, re-encrypts with new DEK


app(\Crumbls\Sealcraft\Services\KeyManager::class)
    ->shredContext($user->sealcraftContext());

bash
composer sealcraft:install
php artisan sealcraft:verify

bash
php artisan vendor:publish --tag=sealcraft-config
php artisan vendor:publish --tag=sealcraft-migrations
php artisan migrate

bash
php artisan sealcraft:shred Crumbls\\Sealcraft\\Tests\\Fixtures\\OwnedUser <sealcraft_key>

bash
php artisan sealcraft:rotate-dek "App\\Models\\Patient" patient 42

bash
php artisan sealcraft:migrate-provider --from=aws_kms --to=gcp_kms --dry-run
php artisan sealcraft:migrate-provider --from=aws_kms --to=gcp_kms