laravel-mysql-encrypt maintained by chr15k
Description
Laravel database encryption using native MySQL functions
Author
Last update
2025/03/09 10:41
(dev-master)
License
Downloads
10 104
Laravel MySql AES Encrypt/Decrypt
Laravel MySQL encryption using native MySQL AES_DECRYPT and AES_ENCRYPT functions. Automatically encrypt and decrypt fields in your Models.
Install
1. Composer
composer require chr15k/laravel-mysql-encrypt
2. Publish config
php artisan vendor:publish --provider="Chr15k\MysqlEncrypt\Providers\MysqlEncryptServiceProvider"
3. AES Key generation
Add to .env file:
APP_AESENCRYPT_KEY=
Generate a new secure AES key (or add your existing key manually):
php artisan laravel-mysql-encrypt:key:generate
Update Models
<?php
namespace App;
use Chr15k\MysqlEncrypt\Traits\Encryptable;
use Illuminate\Database\Eloquent\Model;
class User extends Model
{
use Encryptable; // <-- 1. Include trait
protected $encryptable = [ // <-- 2. Include columns to be encrypted
'email',
'first_name',
'last_name',
'telephone',
];
}
Validators
# UniqueEncrypted(table, field(optional), ignore_id(optional))
<?php
use Chr15k\MysqlEncrypt\Rules\UniqueEncrypted;
Validator::make($data, [
'name' => [new UniqueEncrypted('users')],
]);
# ExistsEncrypted(table, field(optional))
<?php
use Chr15k\MysqlEncrypt\Rules\ExistsEncrypted;
Validator::make($data, [
'name' => [new ExistsEncrypted('users')],
]);
Scopes
Custom Local scopes available:
whereEncrypted
whereNotEncrypted
orWhereEncrypted
orWhereNotEncrypted
orderByEncrypted
Global scope DecryptSelectScope automatically booted in models using Encryptable trait.
Schema columns to support encrypted data
Schema::create('users', function (Blueprint $table) {
$table->bigIncrements('id');
$table->string('password');
$table->rememberToken();
$table->timestamps();
});
// Once the table has been created, use ALTER TABLE to create VARBINARY
// or BLOB types to store encrypted data.
DB::statement('ALTER TABLE `users` ADD `first_name` VARBINARY(300)');
DB::statement('ALTER TABLE `users` ADD `last_name` VARBINARY(300)');
DB::statement('ALTER TABLE `users` ADD `email` VARBINARY(300)');
DB::statement('ALTER TABLE `users` ADD `telephone` VARBINARY(50)');
Example Usage
<?php
use App\Models\User;
use Chr15k\MysqlEncrypt\Rules\ExistsEncrypted;
use Chr15k\MysqlEncrypt\Rules\UniqueEncrypted;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Route;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Str;
Route::get('/', function () {
$user = User::firstOrCreate([
'email' => 'test@example.com',
], [
'name' => 'Test',
'email' => 'test@example.com',
'email_verified_at' => now(),
'password' => Hash::make('password'),
'remember_token' => Str::random(10),
]);
// querying an encrypted value using the base methods will not work (as expected):
dump(User::where('name', 'Test')->first()); // => null
// querying through the encrypted scopes will decrypt the value as expected:
dump(
User::whereEncrypted('name', 'Test')
->orWhereEncrypted('name', 'Chris')
->first()
); // => App\Models\User
// Accessing the encrypted attribute on the model will automatically decrypt the value:
dump($user->name); // => 'Test'
// Validation rules
// ExistsEncrypted
$validator = Validator::make(['name' => 'Chris'], [
'name' => [new ExistsEncrypted('users')],
]);
if ($validator->fails()) {
dump($validator->errors()->first()); // => "The selected name does not exist"
}
// UniqueEncrypted
$validator = Validator::make(['name' => 'Test'], [
'name' => [new UniqueEncrypted('users')],
]);
if ($validator->fails()) {
dump($validator->errors()->first()); // => "The name field must be unique"
}
});
License
The MIT License (MIT). Please see License File for more information.