Laravel MySql AES Encrypt/Decrypt

Laravel database encryption at database side using native AES_DECRYPT and AES_ENCRYPT functions. Automatically encrypt and decrypt fields in your Models.

Version Compatibility

Install

1. Composer

composer require tapanderasari/laravel-mysql-encrypt

2. Publish config (optional)

php artisan vendor:publish --provider="TapanDerasari\MysqlEncrypt\Providers\LaravelServiceProvider"

3. Set encryption key in .env file

APP_AESENCRYPT_KEY=yourencryptionkey

Update Models

<?php

namespace App;

use TapanDerasari\MysqlEncrypt\Traits\Encryptable;
use Illuminate\Database\Eloquent\Model;

class User extends Model
{
    use Encryptable; // <-- 1. Include trait

    public array $encryptable = [ // <-- 2. Include columns to be encrypted
        'email',
        'first_name',
        'last_name',
        'telephone',
    ];
}

Schema

Encrypted columns must use VARBINARY (or BINARY/BLOB) in MySQL, not VARCHAR.

Schema::create('users', function (Blueprint $table) {
    $table->bigIncrements('id');
    $table->string('password');
    $table->binary('first_name', 300);  // VARBINARY(300)
    $table->binary('last_name', 300);
    $table->binary('email', 300);
    $table->binary('telephone', 50);
    $table->rememberToken();
    $table->timestamps();
});

Validators

unique_encrypted

unique_encrypted:<table>,<field(optional)>,<ignore_id(optional)>

exists_encrypted

exists_encrypted:<table>,<field(optional)>

Scopes

A global scope DecryptSelectScope is automatically applied to models using the Encryptable trait. It rewrites SELECT queries to wrap encrypted columns with AES_DECRYPT().

The following local scopes are available:

Exact match

User::whereEncrypted('email', 'john@example.com')->first();
User::whereNotEncrypted('email', 'john@example.com')->get();

OR conditions

User::whereEncrypted('email', 'a@b.com')
    ->orWhereEncrypted('email', 'c@d.com')
    ->get();

User::whereNotEncrypted('email', 'a@b.com')
    ->orWhereNotEncrypted('email', 'c@d.com')
    ->get();

LIKE search

User::whereEncryptedLike('first_name', 'John')->get();
User::orWhereEncryptedLike('first_name', 'Jane')->get();

Ordering

User::orderByEncrypted('first_name', 'asc')->get();
User::orderByEncryptedSort('last_name', 'desc')->get();

Implementing encryption for existing data

For this you can create one command like

php artisan make:command EncryptionForExistingData

In this command you fetch existing table or model data without global scope DecryptSelectScope.

You can refer the example, clicking on below Example button:

License

The MIT License (MIT). Please see License File for more information.