Download the PHP package techsemicolon/laravel-app-key-rotation without Composer
On this page you can find all versions of the php package techsemicolon/laravel-app-key-rotation. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download techsemicolon/laravel-app-key-rotation
More information about techsemicolon/laravel-app-key-rotation
Files in techsemicolon/laravel-app-key-rotation
Package laravel-app-key-rotation
Short Description A helper library to re-encrypt the existing encrypted data when you rotate your Laravel APP_KEY
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package laravel-app-key-rotation
Laravel Re-encrypt after APP_KEY rotation
A helper library to re-encrypt the existing encrypted data when you rotate your Laravel APP_KEY
The APP_KEY is used to keep your user sessions and other encrypted data secure! If the application key is not set, your user sessions and other encrypted data will not be secure. Believe it or not it is a big security risk.
To give you more specific context, earlier laravel had a security issue :
If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitrary class methods within your application.
Hence, it is important to rotatate your APP_KEY in frequent invertals. Know More
How can you use this package :
When APP_KEY is changed in an existing app, any data in your app which you have encrypted using Crypt facade or encrypt() helper function will no longer be decrypted as the encryption uses the APP_KEY.
So when you run php artisan key:generate to have a new key as part of key rotation, you need to first decrypt the old encrypted using old APP_KEY and then re-encrypt using newly generated APP_KEY.
Installation :
composer require techsemicolon/laravel-app-key-rotationUsage :
You can instantiate the ReEncrypter class by passing old APP_KEY. For that it is important for you to keep your old APP_KEY safe for reference before you rotate APP_KEY to a new one.
// This is your old APP_KEY
$oldAppKey = "your_old_app_key";
// Instantiate ReEncrypter
$eeEncrypter = new ReEncrypter($oldAppKey);
// Re-cncrypt the oldEncryptedPayload value
$newEncryptedPayload = $eeEncrypter->encrypt($oldEncryptedPayload);Suggestion :
When you update your database by new encrypted payload values, make sure you have another column in which you store the old encrypted payload value as a backup. This is to prevent any data loss during the key rotation.
Example :
Let's imagine we have a column called bank_account_number in users table which is stored as encrypted string. We have another column in the same table as old_bank_account_number to store old encrypted payload as backup.
We can create a command php artisan encryption:rotate :
For more detailes about why and how of laravel APP_KEY rotation, click here
License :
This psckage is open-sourced software licensed under the MIT license
