- Can I use this package in a Laravel app that only uses Eloquent?
- No, this package requires Doctrine ORM, which isn’t Laravel’s default. You’d need to either migrate to Doctrine (high effort) or use a hybrid approach with doctrine/dbal for encrypted fields only, but this limits you to raw SQL queries. For Eloquent-only apps, consider native Laravel encryption or spatie/laravel-encryption.
- How do I encrypt a specific field in a Doctrine entity?
- Replace the field’s type with `EncryptedType` in your entity’s mapping. For example, swap `string` for `EncryptedType` in annotations or YAML/XML mappings. The package handles encryption/decryption automatically during persist/hydrate operations.
- Will encrypted fields work in Doctrine queries (WHERE, JOIN, ORDER BY)?
- No, encrypted fields cannot be used directly in DQL queries. You’ll need to filter/sort at the application layer or use Doctrine’s Filter system for conditional decryption. This may require denormalized data or client-side processing.
- What encryption backend does this package use, and can I customize it?
- By default, it uses `defuse/php-encryption` (symmetric). You can configure it to use `paragonie/halite` (asymmetric) or other libraries by extending the `EncryptedType` class. Ensure your chosen backend aligns with Laravel’s encryption key management.
- How do I handle key rotation or missing encryption keys in production?
- The package doesn’t include built-in key rotation, so you’ll need to integrate with Laravel’s cache (e.g., Redis) or a dedicated KMS like AWS KMS. Store keys securely and implement fallback mechanisms—like logging decryption failures—to avoid silent data corruption.
- Does this package support Laravel’s built-in encryption (config/app.php keys)?
- No, it uses its own encryption backend. You’ll need to configure the package’s encryption key separately, ideally in `.env` or a secure secrets manager. Avoid mixing Laravel’s encryption keys with this package’s keys unless explicitly tested for compatibility.
- How does this affect database indexing or performance?
- Encrypted fields cannot be indexed or sorted natively, which may degrade query performance. Benchmark your workloads, especially for read-heavy operations. Consider partial encryption (only sensitive fields) to mitigate overhead.
- Can I use this with Laravel’s caching (e.g., Redis) for encrypted data?
- No, encrypted fields should not be cached in plaintext. If you cache entities, ensure encrypted fields are excluded or re-encrypted before storage. For Redis, use Laravel’s cache tags or serialize/deserialize encrypted data carefully.
- What’s the best way to test encrypted fields in Laravel?
- Mock the encryption layer in unit tests using PHPUnit’s mocking tools. For integration tests, validate that encrypted fields persist correctly and decrypt properly. Use factories to generate test data with known encrypted values for assertions.
- Are there alternatives for field-level encryption in Laravel without Doctrine?
- Yes, for Eloquent-only apps, use Laravel’s native `encrypt()` helper or packages like `spatie/laravel-encryption`. For NoSQL, MongoDB’s client-side field-level encryption is an option. If you’re open to Doctrine, this package offers more seamless ORM integration.