Download the PHP package jacknoordhuis/laravel-database-hashing without Composer

Laravel 5.5+ Database Hashing package

A package for automatically hashing Eloquent attributes!

The purpose of this library is to create a set-it-and-forget-it package that can be installed without much effort to hash eloquent model attributes stored in your database tables.

When enabled, this package will automatically hash the data assigned to attributes that you've specified as they are updated. This allows you to hide the plain text value of attributes and maintain the ability search the database for the value (the same input data will always provide the same hash).

All data hashed by this package will have an application specific salt which is specified in the configuration or environment files, so hashing the same data with a different salt in another application will result in a different output. This adds layer of complexity/protection against attackers who try to reconstruct your data by attempting to brute force a hash. If this is not enough, this package also supports providing a secondary salt on top of the application salt, but this cannot be configured to automatically apply to attributes out of the box.

Installation

Step 1: Composer

Via command line:

Or add the package to your composer.json:

Step 2: Enable the package

This package implements Laravel 5.5's package auto-discovery feature. After you install it the package provider and facade are registered automatically.

If you would like to explicitly declare the provider and/or alias, you can do so by first adding the service provider to your config/app.php file:

And then add the alias to your config/app.php file:

Step 3: Configure the package

Publish the package config file:

You may now enable automatic hashing of eloquent models by editing the config/database-hashing.php file:

Or simply setting the the DB_HASHING_ENABLED environment variable to true, via the Laravel .env file or hosting environment.

Usage

Use the HasHashedAttributes trait in any eloquent model that you wish to apply automatic attribute hashing to and define a protected $hashing array containing an array of the attributes to automatically hash.

For example:

Looking up hashed values

You can lookup hashed values in your database tables by simply hashing the value you're searching for, as the resulting hash will always be the same.

You can also optionally provide a salt modifier when hashing data directly, which adds another level of complexity/security on top of the application-level salt.

FAQ's

Can I manually hash arbitrary data?

Yes! You can manually hash any string using the DatabaseHashing::create() global facade.

For example:

Can I hash all my model data?

No! The hashing process is irreversible, meaning it should only be used for creating (pseudonymous) identifiers so that it is still possible to look up data in your database. If you want to encrypt your data use a package like laravel-database-encryption.

Should I hash numeric auto-incrementing identifiers?

Probably not. If all data stored in your database is encrypted or hashed then the numeric identifier is effectively anonymous (it's really pseudonymous) so there is no way to associate any human readable data with the identifier. There are other reasons for not hashing or encrypting the primary key in your database, and you can read about those here.

Compatibility with the laravel-database-encryption package

By default these two packages will conflict but we can get around this by implementing our own setAttribute() method that calls both the packages implementations as well:

This can be extracted into it's own trait if it is needed across multiple models in your project. This same approach can also be used to make any package that implements the setAttribute() method on models compatible.