Can I use ParamsCodecBundle directly in Laravel, or is it only for Symfony?

This bundle is designed for Symfony 2/3, but you can adapt its core logic (the `ParamCodec` interface and `AesCodec` class) for Laravel. The encryption/decryption logic is framework-agnostic—just port the `param_codec` service and Twig helpers to Laravel middleware or a custom URL generator. For a ready-made Laravel solution, consider building a standalone package inspired by this bundle’s architecture.

How do I install and configure this bundle in Symfony 2/3?

Install via Composer with `composer require aaugustyniak/params-codec-bundle`, then register the bundle in `AppKernel.php` under the `$bundles` array. Configure the secret passphrase in `parameters.yml` under `params_codec_passphrase`. The bundle auto-registers the `param_codec` service and Twig extensions, so no additional DI configuration is needed unless you customize the codec.

What Laravel versions does this bundle support?

This bundle is **not** natively for Laravel—it targets Symfony 2/3. However, you can use its encryption logic in Laravel by extracting the `AesCodec` class and integrating it into your routing or middleware. For Laravel 5.8+, ensure your PHP version (7.2+) matches the bundle’s dependencies. If you need a Laravel-specific package, check alternatives like custom middleware or packages like `spatie/laravel-honeypot` for inspiration.

How secure is the AES encryption in this bundle?

The bundle uses AES encryption via Symfony’s `openssl_encrypt`/`openssl_decrypt`, which is secure if configured properly. However, it lacks key derivation (e.g., PBKDF2) and may use a predictable IV by default. For production, audit the `AesCodec` class for secure defaults or wrap it with a custom implementation using authenticated encryption (e.g., AES-GCM) and a proper key derivation function like Argon2.

Can I encrypt only specific route parameters, or does it apply to all?

You can selectively encrypt parameters using the `@DecryptParams` annotation on controller actions. Without the annotation, the bundle won’t decrypt route parameters automatically. For Twig-generated URLs, use the `encodeParam()` function to manually encrypt values before passing them to `path()`. This gives you granular control over which params are secured.

What happens if a decrypted parameter fails or is invalid?

By default, the bundle will throw an exception if decryption fails (e.g., due to a corrupted or tampered parameter). To handle this gracefully, catch exceptions in your controller or configure a custom error handler in the `AesCodec` class. For production, log failed decryptions and consider returning a 404 or 403 response to avoid exposing sensitive data.

Is there a performance impact from encrypting/decrypting route params?

Yes, encryption/decryption adds latency (~1–5ms per request, depending on hardware). Benchmark in staging for high-traffic routes. If performance is critical, consider encrypting only the most sensitive params or using a faster algorithm like ChaCha20 (though this bundle doesn’t support it natively). For Laravel, you might optimize by caching decrypted values or using middleware to skip encryption for non-sensitive routes.

How do I manage the secret passphrase securely?

The passphrase is stored in `parameters.yml`, which can expose it in plaintext if not excluded from version control. For production, use Symfony’s `%env%` or a secrets manager (e.g., Vault) to inject the passphrase dynamically. Never hardcode it in your repository. In Laravel, store the key in `.env` and use Laravel’s encryption services for consistency.

Are there alternatives for Laravel that achieve the same goal?

For Laravel, consider custom middleware to encrypt/decrypt route parameters or packages like `spatie/laravel-honeypot` for CSRF protection. For API tokens, use Laravel Sanctum or Passport instead of URL params. If you need URL-level encryption, build a lightweight package using Laravel’s `Str::of()` and OpenSSL functions, inspired by this bundle’s `AesCodec` logic.

Does this bundle work with Symfony 4/5/6, or is it legacy-only?

This bundle is primarily tested for Symfony 2/3. For Symfony 4+, you’ll need to adapt the bundle registration (e.g., `config/bundles.php` instead of `AppKernel.php`) and handle route collector changes. The core encryption logic remains compatible, but Twig and routing APIs may require updates. Check the GitHub issues for Symfony 4+ compatibility patches or contribute fixes if needed.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Params Codec Bundle Laravel Package

aaugustyniak/params-codec-bundle

Symfony 2/3 bundle that AES-encrypts route parameters. Adds a param_codec service and Twig helpers to generate encrypted URLs, plus a @DecryptParams annotation to automatically decrypt controller arguments using a secret passphrase.

View on GitHub

Deep Wiki

Context7

Symfony bundle for obfuscating/encryption routing params.

Frequently asked questions about Params Codec Bundle

Can I use ParamsCodecBundle directly in Laravel, or is it only for Symfony?: This bundle is designed for Symfony 2/3, but you can adapt its core logic (the `ParamCodec` interface and `AesCodec` class) for Laravel. The encryption/decryption logic is framework-agnostic—just port the `param_codec` service and Twig helpers to Laravel middleware or a custom URL generator. For a ready-made Laravel solution, consider building a standalone package inspired by this bundle’s architecture.
How do I install and configure this bundle in Symfony 2/3?: Install via Composer with `composer require aaugustyniak/params-codec-bundle`, then register the bundle in `AppKernel.php` under the `$bundles` array. Configure the secret passphrase in `parameters.yml` under `params_codec_passphrase`. The bundle auto-registers the `param_codec` service and Twig extensions, so no additional DI configuration is needed unless you customize the codec.
What Laravel versions does this bundle support?: This bundle is **not** natively for Laravel—it targets Symfony 2/3. However, you can use its encryption logic in Laravel by extracting the `AesCodec` class and integrating it into your routing or middleware. For Laravel 5.8+, ensure your PHP version (7.2+) matches the bundle’s dependencies. If you need a Laravel-specific package, check alternatives like custom middleware or packages like `spatie/laravel-honeypot` for inspiration.
How secure is the AES encryption in this bundle?: The bundle uses AES encryption via Symfony’s `openssl_encrypt`/`openssl_decrypt`, which is secure if configured properly. However, it lacks key derivation (e.g., PBKDF2) and may use a predictable IV by default. For production, audit the `AesCodec` class for secure defaults or wrap it with a custom implementation using authenticated encryption (e.g., AES-GCM) and a proper key derivation function like Argon2.
Can I encrypt only specific route parameters, or does it apply to all?: You can selectively encrypt parameters using the `@DecryptParams` annotation on controller actions. Without the annotation, the bundle won’t decrypt route parameters automatically. For Twig-generated URLs, use the `encodeParam()` function to manually encrypt values before passing them to `path()`. This gives you granular control over which params are secured.
What happens if a decrypted parameter fails or is invalid?: By default, the bundle will throw an exception if decryption fails (e.g., due to a corrupted or tampered parameter). To handle this gracefully, catch exceptions in your controller or configure a custom error handler in the `AesCodec` class. For production, log failed decryptions and consider returning a 404 or 403 response to avoid exposing sensitive data.
Is there a performance impact from encrypting/decrypting route params?: Yes, encryption/decryption adds latency (~1–5ms per request, depending on hardware). Benchmark in staging for high-traffic routes. If performance is critical, consider encrypting only the most sensitive params or using a faster algorithm like ChaCha20 (though this bundle doesn’t support it natively). For Laravel, you might optimize by caching decrypted values or using middleware to skip encryption for non-sensitive routes.
How do I manage the secret passphrase securely?: The passphrase is stored in `parameters.yml`, which can expose it in plaintext if not excluded from version control. For production, use Symfony’s `%env%` or a secrets manager (e.g., Vault) to inject the passphrase dynamically. Never hardcode it in your repository. In Laravel, store the key in `.env` and use Laravel’s encryption services for consistency.
Are there alternatives for Laravel that achieve the same goal?: For Laravel, consider custom middleware to encrypt/decrypt route parameters or packages like `spatie/laravel-honeypot` for CSRF protection. For API tokens, use Laravel Sanctum or Passport instead of URL params. If you need URL-level encryption, build a lightweight package using Laravel’s `Str::of()` and OpenSSL functions, inspired by this bundle’s `AesCodec` logic.
Does this bundle work with Symfony 4/5/6, or is it legacy-only?: This bundle is primarily tested for Symfony 2/3. For Symfony 4+, you’ll need to adapt the bundle registration (e.g., `config/bundles.php` instead of `AppKernel.php`) and handle route collector changes. The core encryption logic remains compatible, but Twig and routing APIs may require updates. Check the GitHub issues for Symfony 4+ compatibility patches or contribute fixes if needed.

Popularity trends

Recorded values over time (once-a-day snapshots). May 11, 2026 – Jun 9, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

Favorites

Forks

Score

0.0

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 0

+0.0
Forks

input: 0

+0.0
Open issues + PRs

input: 0

+0.0
Releases

input: 0

+0.0
Recency

input: —

+0.0
Issue opportunity

input: 0

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 0.0

License

MIT

Watchers

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

sayedenam/sayed-dashboard

milito/query-filter

apiboxsym/user-bundle

apiboxsym/health-check-bundle

jayeshmepani/jpl-moshier-ephemeris-php

elnasnato/laraliveui

labrodev/rest-sdk

sampaui/sampaui

babelqueue/php-sdk

facebook/capi-param-builder-php

babelqueue/symfony

hamzi/corewatch

minionfactory/raw-hydrator

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed