Try Depot: Bring ultra-fast, remote Docker builds directly to your Laravel workflow

Laravel News Laravel News

Encrypt and Decrypt Eloquent Model Fields in Laravel Apps

Published on by

Encrypt and Decrypt Eloquent Model Fields in Laravel Apps image

Laravel Ciphersweet is a package by Spatie to integrate searchable field-level encryption in Laravel applications. The package's readme explains the problem Ciphersweet can help solve as follows:

In your project, you might store sensitive personal data in your database. Should an unauthorised person get access to your DB, all sensitive can be read which is obviously not good.

To solve this problem, you can encrypt the personal data. This way, unauthorized persons cannot read it, but your application can still decrypt it when you need to display or work with the data.

This package is a wrapper for Ciphersweet to integrate its features into Laravel models easily. Here's an example of a model from the readme's setup instructions that illustrates what a model looks like using Ciphersweet:

use Spatie\LaravelCipherSweet\Contracts\CipherSweetEncrypted;
use Spatie\LaravelCipherSweet\Concerns\UsesCipherSweet;
use ParagonIE\CipherSweet\EncryptedRow;
use Illuminate\Database\Eloquent\Model;
 
class User extends Model implements CipherSweetEncrypted
{
    use UsesCipherSweet;
 
    public static function configureCipherSweet(EncryptedRow $encryptedRow): void
    {
        $encryptedRow
            ->addField('email')
            ->addBlindIndex('email', new BlindIndex('email_index'));
    }
}

This allows you the encrypt a user's email to keep it safe from unauthorized people reading the data, but give you the ability to decrypt the data to display it or work with it.

Once you have configured this package and set up a model, you can search encrypted data in the database using blind indexes:

$user = User::whereBlind('email', 'email_index', 'rias@spatie.be');

This package also aids in generating encrypting keys and encrypting model attributes to speed up integration with Ciphersweet.

I want to point out that you should not use this package blindly without understanding the ins and outs of the use case you are trying to solve. You can learn more about CipherSweet on this page, which has many linked resources.

CipherSweet also has PHP-specific documentation to help get you up to speed with the underlying PHP package.

I would also recommend reading Rias' post, Encrypting Laravel Eloquent models with CipherSweet.

To get started with this package, check it out on GitHub at spatie/laravel-ciphersweet.

Paul Redmond photo

Staff writer at Laravel News. Full stack web developer and author.

X X Github Github
Filed in:
Laravel Packages
Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

Cube

Laravel Jobs

Explore hundreds of open positions today.

View all jobs
image
Laravel Cloud

Easily create and manage your servers and deploy your Laravel applications in seconds.

Visit Laravel Cloud

Partners

View all →
Bacancy logo

Bacancy

Supercharge your project with a seasoned Laravel developer with 4-6 years of experience for just $3200/month. Get 160 hours of dedicated expertise & a risk-free 15-day trial. Schedule a call now!

Bacancy
Tinkerwell logo

Tinkerwell

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

Tinkerwell
Get expert guidance in a few days with a Laravel code review logo

Get expert guidance in a few days with a Laravel code review

Expert code review! Get clear, practical feedback from two Laravel devs with 10+ years of experience helping teams build better apps.

Get expert guidance in a few days with a Laravel code review
PhpStorm logo

PhpStorm

The go-to PHP IDE with extensive out-of-the-box support for Laravel and its ecosystem.

PhpStorm
Laravel Cloud logo

Laravel Cloud

Easily create and manage your servers and deploy your Laravel applications in seconds.

Laravel Cloud
Kirschbaum logo

Kirschbaum

Providing innovation and stability to ensure your web application succeeds.

Kirschbaum
Shift logo

Shift

Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

Shift
Harpoon: Next generation time tracking and invoicing logo

Harpoon: Next generation time tracking and invoicing

The next generation time-tracking and billing software that helps your agency plan and forecast a profitable future.

Harpoon: Next generation time tracking and invoicing
Lucky Media logo

Lucky Media

Get Lucky Now - the ideal choice for Laravel Development, with over a decade of experience!

Lucky Media
SaaSykit: Laravel SaaS Starter Kit logo

SaaSykit: Laravel SaaS Starter Kit

SaaSykit is a Multi-tenant Laravel SaaS Starter Kit that comes with all features required to run a modern SaaS. Payments, Beautiful Checkout, Admin Panel, User dashboard, Auth, Ready Components, Stats, Blog, Docs and more.

SaaSykit: Laravel SaaS Starter Kit

The latest

View all →
Statamic 6 Is Officially Released image

Statamic 6 Is Officially Released

Read article
Livewire 4 and Blade Improvements in Laravel VS Code Extension v1.5.0 image

Livewire 4 and Blade Improvements in Laravel VS Code Extension v1.5.0

Read article
Manage PostgreSQL Databases Directly in VS Code with Microsoft's Extension image

Manage PostgreSQL Databases Directly in VS Code with Microsoft's Extension

Read article
NativePHP for Mobile Is Now Free image

NativePHP for Mobile Is Now Free

Read article
Fuse for Laravel: A Circuit Breaker Package for Queue Jobs image

Fuse for Laravel: A Circuit Breaker Package for Queue Jobs

Read article
Generate Complete Application Modules with a Single Command using Laravel TurboMaker image

Generate Complete Application Modules with a Single Command using Laravel TurboMaker

Read article