Download the PHP package ivinteractive/laravel-rotation without Composer
On this page you can find all versions of the php package ivinteractive/laravel-rotation. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download ivinteractive/laravel-rotation
More information about ivinteractive/laravel-rotation
Files in ivinteractive/laravel-rotation
Package laravel-rotation
Short Description A package to simplify data decryption and re-encryption when the APP_KEY needs rotation.
License MIT
Homepage https://github.com/ivinteractive/laravel-rotation
Informations about the package laravel-rotation
Rotater for Laravel
Rotater for Laravel is a package for reencrypting your data in case your application's encryption key becomes compromised. By running php artisan rotation:run
, the package will generate a new application key and reencrypt all configured database columns using the the new key.
Why choose this package?
While there are other key rotation packages available and you can also implement key rotation functionality manually, there are a number of features that will help key rotation run smoothly:
- Rotater pushes reencryption to the queue. With Laravel Horizon or multiple queue workers, this allows the reencryption processing to complete much more quickly than running everything synchronously. Since jobs are batched, you will still know when reencryption is done.
- Support for changing the cipher. Some older applications may still be using a shorter application key, but Rotater allows you to specify old and new ciphers so that the key can be updated.
- Rotater runs directly on the database columns specified in the config file. It does not interact with models, which improves performance, and makes for a more drop-in solution. While you can write your own command or implementation of the
RotatesApplicationKey
interface, there's no requirement to do so and there's no need to make your models implement an interface or use a trait. If you'd like, you could even create a separate application for handling the reencryption process so it doesn't need to touch your existing codebase at all. - Quality of life improvements: support for sending a notification when reencryption finishes, and automatically turning maintenance mode on and off.
Installation
You can install the package via composer:
Publish the configuration file:
The configuration file will contain the following:
Usage
The key rotation command will generate a new application key, set the existing application key as the old key in the configuration, and push the batched reencryption jobs to the queue:
The --horizon
option will make the call to horizon:terminate
instead of queue:restart
to make sure that the queued jobs use the recached config.
The --force
option will skip a confirmation step that comes before making any changes to the config or pushing any jobs to the queue.
The default behavior of the key rotation command is to put the application in maintenance mode while the reencryption is processing. If the application is down, the queue:work
command or the Horizon queue configuration must set the force
option to true
in order for the reencryption jobs to process.
It is highly recommended to use Horizon, since the reencryption queue configuration should be easier to manage. If using Horizon and remove_old_key
is set to true
, you should run php artisan horizon:terminate
once the reencryption is finished to refresh the config in your queue workers (the horizon:terminate
command is only available on the console and cannot be executed programmatically).
By default, the key rotater will use the value of config('app.cipher')
for decryption and reencryption. If the cipher is being changed, you can specify that in the config by setting config('rotation.cipher')
as an array with old
and new
keys. This is useful for upgrading the cipher used for encryption in older applications.
Events
The IvInteractive\Rotation\Events\ReencryptionFinished
event is fired upon the completion of the batched jobs.
The IvInteractive\Rotation\Listeners\SendFinishedNotification
event listener is provided for writing a message to the logs and sending a notification to the configured recipient.
Testing
Changelog
Please see CHANGELOG for more information what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
Credits
- Craig Spivack
- All Contributors
License
The MIT License (MIT). Please see License File for more information.