Download the PHP package richardstyles/eloquentencryption without Composer

On this page you can find all versions of the php package richardstyles/eloquentencryption. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of richardstyles/eloquentencryption

Informations about the package eloquentencryption

Eloquent Encryption

This package enables an additional layer of security when handling sensitive data. Allowing key fields of your eloquent models in the database to be encrypted at rest.

Latest Version on Packagist Build Status Quality Score Total Downloads

🎉 Version 4.x is now available!

Requirements: Laravel 12-13 | PHP 8.2+ | phpseclib v3

⚠️ Breaking Change: This version requires Laravel 12+ and PHP 8.2+. For older versions, use v3.x.

See upgrade guide for migration instructions.

Introduction

This open source package fulfils the need of encrypting selected model data in your database whilst allowing your app:key to be rotated. When needing to store private details this package allows for greater security than the default Laravel encrypter.

The package supports two encryption methods:

Both methods use Laravel model casting to dynamically encrypt and decrypt key fields.

Usually, you would use Laravel's Encrypter to encrypt the data, but this has the limitation of using the app:key as the private secret. As the app key also secures session/cookie data, it is advised that you rotate this every so often - if you're storing encrypted data using this method you have to decrypt it all first and re-encrypt whenever this is done. Therefore this package improves on this by creating a separate and stronger encryption process allowing you to rotate the app:key. This allows for a level of security of sensitive model data within your Laravel application and your database.

If you don't want to use RSA keys, then I have another package Eloquent AES which uses a separate key eloquent_key to encrypt using AES-256-CBC.

Requirements

Version 4.x (Current)

Requirement Version
PHP 8.2, 8.3, 8.4, or 8.5
Laravel 12.x or 13.x
phpseclib v3.0+

Older Laravel/PHP Versions?

If you're using an older version of Laravel or PHP, use version 3.x instead:

Version 3.x supports:

Installation

Install the package via composer:

You do not need to register the ServiceProvider as this package uses Laravel Package auto discovery. The Migration blueprint helpers are added using macros, so do not affect the schema files.

The configuration can be published using this command, if you need to change the RSA key size, storage path and key file names.

In order to encrypt and decrypt data you need to generate RSA keys for this package. By default, this will create 4096-bit RSA keys to your storage/ directory. Do not add these to version control and backup accordingly.

⚠️ If you re-run this command, you will lose access to any encrypted data ⚠️

Quick Start Checklist

After installation, follow these steps to get started:

  1. Generate RSA Keys: Run php artisan encrypt:generate
  2. Configure Model Encryption: Add Model::encryptUsing(new EloquentEncryption()) to AppServiceProvider::boot() (see Usage)
  3. Add Encrypted Columns: Use the $table->encrypted('field_name') helper in migrations
  4. Cast Model Attributes: Add 'field_name' => 'encrypted' to your model's $casts array
  5. Backup Your Keys: Ensure RSA keys in storage/ are backed up securely and excluded from version control

Migration Helpers

There is a helper function to define your encrypted fields in your migrations. There is nothing special needed for this to function, simply declare a encrypted column type in your migration files. This just creates a binary/blob column to hold the encrypted data. Using this helper indicates that the field is encrypted when looking through your migrations.

You can use any additional blueprint helpers, such as ->nullable() if there is no initial data to encrypt. It is advised that ->index() shouldn't normally be placed on these binary fields as you should not be querying against these, given they are encrypted.

Usage

Step 1: Configure the Encrypter (Required)

Laravel provides the Model::encryptUsing() static method on the base Eloquent Model. This allows the built-in encrypted casting to use any Illuminate\Contracts\Encryption\Encrypter implementation - including this package's RSA encryption.

Add the following to your App\Providers\AppServiceProvider.php in the boot() method:

Important: This must be configured before any models with encrypted casts are instantiated. The AppServiceProvider::boot() method is the ideal location.

Step 2: Use Encrypted Casts in Your Models

Once configured, you can use Laravel's built-in encrypted casts on any model:

Accessing Encrypted Data

Once configured, your encrypted attributes work seamlessly with no additional code:

Database Storage

In your database, the encrypted fields are stored as binary data:

This was made possible by a PR to Laravel by @hivokas.

Key Rotation

For enhanced security, you can rotate your RSA encryption keys periodically. The package supports key rotation without losing access to previously encrypted data.

How Key Rotation Works

  1. Generate new keys: Creates a new RSA key pair
  2. Preserve old keys: Moves current keys to a "previous keys" list
  3. Decrypt old data: Data encrypted with previous keys can still be decrypted
  4. Encrypt new data: New data is encrypted with the latest key

Rotating Keys

This command will:

Configuration

You can configure the maximum number of previous keys to maintain:

Key Storage Structure (Default File-Based Handler)

When using the default RsaKeyStorageHandler, key rotation history is tracked in a metadata file. Each previous key pair includes:

The metadata is stored in storage/.eloquent_encryption_metadata.json:

Important Notes:

Note: This metadata structure is specific to the default RsaKeyStorageHandler. If you implement a custom key storage handler, you can manage key rotation history however you prefer, as long as your getPreviousKeys() method returns the required structured format.

Security Best Practices

Re-encrypting Data with New Keys

After rotation, existing data remains encrypted with old keys. To re-encrypt with the new key:

  1. Read the encrypted attribute (triggers decryption with previous key)
  2. Save the model (triggers encryption with new current key)

Example:

Custom Key Storage Handlers

The package is designed to be flexible and extensible. The default RsaKeyStorageHandler stores keys in the local filesystem, but you can implement your own custom key storage to integrate with external systems like HashiCorp Vault, AWS KMS, Azure Key Vault, or databases.

How to Implement a Custom Handler

  1. Create a class that implements the RsaKeyHandler interface:

  2. Update the config to use your custom handler:

That's it! The package will automatically use your custom handler for all key operations.

Important Notes

Default Handler (RsaKeyStorageHandler)

The default file-based handler stores keys in your Laravel storage/ directory and uses a .eloquent_encryption_metadata.json file to track key rotation history. This metadata file is an implementation detail of the file-based handler and won't be relevant to custom handlers.

Performance Consideration: The default handler reads key files from disk on each encryption/decryption operation. For high-throughput applications, consider implementing a caching layer or using a custom handler with in-memory caching.

Query Builder

A significant caveat with storing encrypted data in the database, is that you are unable to use your database provider to query against the column. Should you need to do this, then please be aware of the extra overhead as all rows would need to be processed in a collection using cursors and lazy collection methods.

Upgrading

Upgrading to 4.x from 3.x

⚠️ This is a major version with breaking changes.

Version Requirements

Version 4.x requires:

Before upgrading:

  1. Ensure your application is running Laravel 12+ and PHP 8.2+
  2. Review the CHANGELOG for detailed changes
  3. Test thoroughly in a non-production environment

To upgrade:

Not ready to upgrade? Continue using version 3.x:

Data Compatibility ✅

Your existing encrypted data will continue to work without any migration. The encryption algorithm and key format remain compatible. The upgrade only affects:

What's New in 4.x

phpseclib v3:

Laravel 12-13 Optimization:

Testing Framework

The test suite has been migrated from PHPUnit to Pest for better developer experience. This doesn't affect package functionality but provides:

If you were extending or contributing to this package, please note the new test structure.

Testing

This package uses Pest for testing.

Run with coverage:

Run specific test files:

Code Style

This package uses Laravel Pint for code style formatting.

Run Pint to fix code style:

Check code style without making changes:

Changelog

Please see CHANGELOG for more information what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Support

If you are having general issues with this package, feel free to contact me on Twitter.

If you believe you have found an issue, please report it using the GitHub issue tracker, or better yet, fork the repository and submit a pull request with a failing test.

If you're using this package, I'd love to hear your thoughts. Thanks!

Security

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.

Laravel Package Boilerplate

This package was generated using the Laravel Package Boilerplate.

All versions of eloquentencryption with dependencies

PHP Build Version
Package Version
Requires php Version ^8.2|^8.3|^8.4|^8.5
illuminate/support Version ^12.0||^13.0
illuminate/database Version ^12.0||^13.0
phpseclib/phpseclib Version ^3.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package richardstyles/eloquentencryption contains the following files

Loading the files please wait ...