Skip to content

🔏 CakePHP plugin that provides field-level (column) encryption within the application layer before data is stored or transmitted to the database, supporting regulatory compliance, zero-trust security, end-to-end encryption, and contextual awareness.

License

Notifications You must be signed in to change notification settings

bcrowe/cakephp-encrypted-type

Repository files navigation

CakePHP Encrypted Type

Latest Version on Packagist Software License Build Status Coverage Status Quality Score Total Downloads

This plugin provides a CakePHP 4 encrypted database type for application-level encryption. Before using this plugin you may want to weigh your options between full-disk, database-level, and application-level encryption. This plugin was born out of Amazon Aurora not supporting encryption with cross region replication before March 28, 2017.

Install

Via Composer

$ composer require bcrowe/cakephp-encrypted-type

Load the plugin in your application's bootstrap.php file, then define the type mapping:

Plugin::load('BryanCrowe/EncryptedType');
Type::map('encrypted', 'BryanCrowe\EncryptedType\Database\Type\EncryptedType');

Make sure to have a Encryption.key config value in your config/app.php file:

[
    'Encryption' => [
        'key' => env('ENCRYPTION_KEY', 'defaultencryptionkeygoesrighthereyaythisisfun'),
    ],
]

Usage

Note: This database type expects columns to be nullable in the case of an omitted column or whenever explicitly setting a null value for a column.

Use BLOB types for columns that are to be encrypted, for example:

CREATE TABLE `users` (
  `id` char(36) NOT NULL DEFAULT '',
  `first_name` blob,
  `last_name` blob,
  `email` blob,
  `created` datetime DEFAULT NULL,
  `modified` datetime DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

Map the type to a column in your Table class:

<?php
namespace App\Model\Table;

use Cake\Database\Schema\TableSchema;
use Cake\ORM\Table;

class UsersTable extends Table
{

    protected function _initializeSchema(TableSchema $schema)
    {
        $schema->columnType('first_name', 'encrypted');
        $schema->columnType('last_name', 'encrypted');
        $schema->columnType('email', 'encrypted');

        return $schema;
    }
}

Changelog

Please see CHANGELOG for more information what has changed recently.

Testing

$ composer test

Contributing

Please see CONTRIBUTING and CONDUCT for details.

Security

If you discover any security related issues, please email bryan@bryan-crowe.com instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.

About

🔏 CakePHP plugin that provides field-level (column) encryption within the application layer before data is stored or transmitted to the database, supporting regulatory compliance, zero-trust security, end-to-end encryption, and contextual awareness.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages