Download the PHP package kyzegs/doctrine-encryption-bundle without Composer

On this page you can find all versions of the php package kyzegs/doctrine-encryption-bundle. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package doctrine-encryption-bundle

Doctrine Encryption Bundle

Field-level authenticated encryption and blind indexes for Doctrine entities in Symfony applications.

Maintained fork published as kyzegs/doctrine-encryption-bundle, replacing the unmaintained original package.

Requirements

Installation

Register the bundle if Symfony Flex has not already done so:

Generate a 256-bit key:

Store the result in a secret manager or an uncommitted environment file:

Configure the bundle:

The encryption and blind-index keys should be different. Never commit either key.

Encrypting fields

Use the PHP attribute on a Doctrine string field. Allow room for the versioned ciphertext envelope; TEXT is the least surprising choice.

New values are written with AES-256-GCM in a versioned, authenticated envelope. The entity contains plaintext while it is in memory; Doctrine stores ciphertext. Existing unversioned AES-CBC and AES-GCM values from older bundle versions remain readable.

External XML, YAML, or PHP Doctrine mappings can opt in without modifying the entity:

The equivalent field option is encrypted: true.

Encrypting JSON arrays

Doctrine json fields can encrypt array values without exposing serialization or ciphertext wrappers in entities. Select JSON format explicitly:

External XML, YAML, or PHP mappings use encrypted: json instead of encrypted: true:

Only arrays and null are accepted. Objects, resources, and scalar JSON values are rejected so hydration always preserves the declared array contract. Plaintext arrays already stored in a JSON column remain readable and are encrypted when changed or when processed by encrypt:database encrypt.

Encrypted JSON is stored as a versioned wrapper:

Wrapper detection requires exactly these keys, supported version 1, and the <ENC> ciphertext marker. Other arrays containing __doctrine_encrypted remain plaintext. The exact wrapper shape is reserved and must not be used as application data.

Encrypted scalar properties inside Doctrine embeddables are supported. Mark the embeddable property normally; bundle uses Doctrine's nested field path for encryption, decryption, change tracking, and database maintenance:

Searching encrypted values

Randomized encryption cannot be queried by plaintext and must not carry a meaningful unique constraint. Add a blind-index column instead:

Create the same hash when querying:

Available normalizers are none, trim, lowercase, and uppercase. Blind indexes reveal equality patterns; use them only for fields that genuinely need lookups.

Rebuild indexes in bounded batches:

Key rotation

Change the current key and key ID, then retain old keys under decryption_keys:

Back up the database, inspect the operation, and rotate in batches:

Remove a retired key only after every value using its key ID has been rotated and verified.

Database maintenance

The maintenance command supports scalar and encrypted JSON fields with encrypt, decrypt, and rotate, custom and composite scalar identifiers, quoted identifiers, transactions, batches, confirmation, and dry runs:

Association identifiers are rejected because they cannot be updated safely by the low-level command. Always take a verified backup before a write operation.

Multiple Doctrine connections

Optional Twig filter

Install Twig and leave enable_twig enabled to expose value|decrypt:

Decrypting in templates increases the number of places where plaintext exists. Prefer decrypting only at the application boundary that needs it.

Custom integrations

KeyProviderInterface is the extension point for Vault, KMS, HSM, or another secret source. It returns binary 32-byte keys and supports lookup by ciphertext key ID. Register the implementation as a service and configure it directly:

Likewise, encryptor_service accepts any registered EncryptorInterface service with arbitrary injected dependencies. encryptor_class remains available as a deprecated compatibility path for classes using the historical event-dispatcher constructor.

Security notes

See SECURITY.md for vulnerability reporting.


All versions of doctrine-encryption-bundle with dependencies

PHP Build Version
Package Version
Requires php Version >=8.2
symfony/framework-bundle Version ^6.4||^7.4||^8.0
symfony/console Version ^6.4||^7.4||^8.0
doctrine/orm Version ^2.20||^3.2
doctrine/doctrine-bundle Version ^2.12||^3.0
ext-mbstring Version *
ext-openssl Version *
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package kyzegs/doctrine-encryption-bundle contains the following files

Loading the files please wait ...