Download the PHP package webhubworks/laravel-secure-db-dump without Composer

Usage

Call artisan secure-db-dump:run to export data based on the following config.

[!NOTE] The original database is never modified. It is only read (dumped); all anonymization happens on the separate temp_secure_db_dump database.

The command performs these steps:

1. Setup – resolves the source DB connection (db_connection config, falls back to default), the storage disk, and builds the dump file paths ({database}_{Ymd_His}.sql.gz).
2. Dump original database – exports the source DB via spatie/db-dumper (gzip-compressed) to original_dump_*.sql.gz on the configured disk.
3. Setup temp database – runs CREATE DATABASE IF NOT EXISTS temp_secure_db_dump, registers it as a runtime connection, and switches the default connection to it.
4. Import dump – pipes the original dump through gunzip | mysql into temp_secure_db_dump, then truncates any tables listed in ignore_tables.
5. Anonymize – iterates the configured anonymize_fields table-by-table, applying each AnonymizerConfig (faker or static, optional where filters) via UPDATE statements on the temp DB. After every row's field rules, any configured row_hooks callables for that table are invoked (see Row hooks).
6. Dump secure database – exports temp_secure_db_dump (gzip-compressed) to secure_dump_*.sql.gz. Schema is omitted when only_content is enabled.
7. Clean up – drops temp_secure_db_dump (skipped on local env; falls back to dropping individual tables if DROP DATABASE fails).
8. Prompt – asks whether to delete the original dump file, then prints the path to the secure dump.

Use --only-anonymize to skip steps 2, 4, 6, 7 and 8 and just (re-)anonymize an already-imported temp_secure_db_dump.

Outcome:

• Source database: read-only (dumped, never modified).
• temp_secure_db_dump: created, populated, mutated, then dropped (kept around on local env for inspection).
• Files written to the configured disk (default local): original_dump_{database}_{timestamp}.sql.gz (optionally deleted at the end) and secure_dump_{database}_{timestamp}.sql.gz (the final anonymized dump).

DDEV

In case you get a permission error when trying to CREATE or DROP a database, add this post-start hook to your .ddev/config.yaml:

Config

Publish the config file via artisan vendor:publish --tag=secure-db-dump-config.

Anonymize fields

This package uses Faker to anonymize fields. You can find the available formatters/methods here: https://fakerphp.org/formatters/

Per field you want to anonymize you have to define the field and a type. Possible values are: faker or static.

Type: static

You will need to provide a value for the field.

Type: faker

You will need to provide a method and optionally args (an array) for the Faker method.

Examples

Row hooks

anonymize_fields covers per-field replacements only. When you need logic that goes beyond replacing a single column — for example inserting related records, reusing one generated value across several tables, or any cross-row coordination — register a row hook under the row_hooks config key.

Each hook is a callable(\Faker\Generator $faker, object $row): void registered against a table. The runner iterates the table's rows once and, for each row, first applies every matching anonymize_fields rule and then invokes every registered hook in order. The $row passed to a hook is the value read from the cursor (pre-anonymization); to read freshly anonymized values, re-query the row from the temp database, e.g. DB::table('projects')->where('id', $row->id)->first().

A table may appear in row_hooks without any anonymize_fields entry — the hook will still fire for every row in that table.

Like anonymize_fields, row_hooks accepts either an inline array or a fully qualified class name. The class must be invokable and return the same array shape.

Example

For each projects row, generate a unique 4-digit number, create a fresh cost_centers record titled "{number} - {project title}", and attach it to the project: