This plugin provides a CakePHP 4 encrypted database type for application-level encryption. Before using this plugin you may want to weigh your options between full-disk, database-level, and application-level encryption. This plugin was born out of Amazon Aurora not supporting encryption with cross region replication before March 28, 2017.
Via Composer
$ composer require bcrowe/cakephp-encrypted-type
Load the plugin in your application's bootstrap.php
file, then define the type
mapping:
Plugin::load('BryanCrowe/EncryptedType');
Type::map('encrypted', 'BryanCrowe\EncryptedType\Database\Type\EncryptedType');
Make sure to have a Encryption.key
config value in your config/app.php
file:
[
'Encryption' => [
'key' => env('ENCRYPTION_KEY', 'defaultencryptionkeygoesrighthereyaythisisfun'),
],
]
Note: This database type expects columns to be nullable in the case of an
omitted column or whenever explicitly setting a null
value for a column.
Use BLOB
types for columns that are to be encrypted, for example:
CREATE TABLE `users` (
`id` char(36) NOT NULL DEFAULT '',
`first_name` blob,
`last_name` blob,
`email` blob,
`created` datetime DEFAULT NULL,
`modified` datetime DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Map the type to a column in your Table class:
<?php
namespace App\Model\Table;
use Cake\Database\Schema\TableSchema;
use Cake\ORM\Table;
class UsersTable extends Table
{
protected function _initializeSchema(TableSchema $schema)
{
$schema->columnType('first_name', 'encrypted');
$schema->columnType('last_name', 'encrypted');
$schema->columnType('email', 'encrypted');
return $schema;
}
}
Please see CHANGELOG for more information what has changed recently.
$ composer test
Please see CONTRIBUTING and CONDUCT for details.
If you discover any security related issues, please email bryan@bryan-crowe.com instead of using the issue tracker.
The MIT License (MIT). Please see License File for more information.