:lock_with_ink_pen: CakePHP 4 plugin that provides application-level database encryption.
This plugin provides a CakePHP 4 encrypted database type for application-level
encryption. Before using this plugin you may want to weigh your options
between full-disk, database-level, and application-level encryption.
This plugin was born out of Amazon Aurora not supporting encryption with cross
region replication before March 28, 2017.
Via Composer
$ composer require bcrowe/cakephp-encrypted-type
Load the plugin in your application’s bootstrap.php file, then define the type
mapping:
Plugin::load('BryanCrowe/EncryptedType');Type::map('encrypted', 'BryanCrowe\EncryptedType\Database\Type\EncryptedType');
Make sure to have a Encryption.key config value in your config/app.php file:
['Encryption' => ['key' => env('ENCRYPTION_KEY', 'defaultencryptionkeygoesrighthereyaythisisfun'),],]
Note: This database type expects columns to be nullable in the case of an
omitted column or whenever explicitly setting a null value for a column.
Use BLOB types for columns that are to be encrypted, for example:
CREATE TABLE `users` (`id` char(36) NOT NULL DEFAULT '',`first_name` blob,`last_name` blob,`email` blob,`created` datetime DEFAULT NULL,`modified` datetime DEFAULT NULL,PRIMARY KEY (`id`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Map the type
to a column in your Table class:
<?phpnamespace App\Model\Table;use Cake\Database\Schema\TableSchema;use Cake\ORM\Table;class UsersTable extends Table{protected function _initializeSchema(TableSchema $schema){$schema->columnType('first_name', 'encrypted');$schema->columnType('last_name', 'encrypted');$schema->columnType('email', 'encrypted');return $schema;}}
Please see CHANGELOG for more information what has changed
recently.
$ composer test
Please see CONTRIBUTING and CONDUCT for
details.
If you discover any security related issues, please email bryan@bryan-crowe.com
instead of using the issue tracker.
The MIT License (MIT). Please see License File for more
information.