Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Doctrine Encrypted Field
Assessments

Doctrine Encrypted Field Laravel Package

aeliot/doctrine-encrypted-field

Laravel/Doctrine extension that transparently encrypts and decrypts entity fields. Adds an encrypted field type you can map in your entities so sensitive values are stored encrypted in the database and handled normally in your code.

View on GitHub
Deep Wiki
Context7

Technical Evaluation

Architecture Fit

  • Database Abstraction Layer (DAL) Compatibility: The package integrates with Doctrine ORM, which is a well-established PHP persistence layer. If the application already uses Doctrine (or Symfony), this package fits seamlessly into the existing architecture. For Laravel applications not using Doctrine, the fit is conditional—requires Doctrine ORM adoption or a custom bridge layer.
  • Encryption Scope: Field-level encryption is ideal for sensitive data (e.g., PII, payment details, API keys) without encrypting entire databases. Misalignment risk if encryption granularity is misapplied (e.g., over-encrypting non-sensitive fields).
  • Query Performance: Encrypted fields may break indexing, sorting, or full-text search unless handled via Doctrine’s Filter or custom DQL. Requires upfront design for query patterns.

Integration Feasibility

  • Laravel-Specific Challenges:
    • Laravel’s default Eloquent ORM is not Doctrine, requiring either:
      • Option 1: Replace Eloquent with Doctrine (high effort, breaking changes).
      • Option 2: Use a Doctrine bridge (e.g., doctrine/dbal for DBAL, but not full ORM).
      • Option 3: Hybrid approach: Use Doctrine for encrypted models only (complex, partial migration).
    • Migration Path: Non-trivial if the app relies on Eloquent features (e.g., relationships, accessors).
  • Encryption Backend: Depends on defuse/php-encryption (symmetric) or paragonie/halite (asymmetric). Compatibility with Laravel’s existing encryption (e.g., config/app.php key) must be validated.

Technical Risk

  • Data Integrity: Encryption/decryption failures (e.g., key rotation, corrupted ciphertext) could silently corrupt data. Requires robust error handling and fallback mechanisms.
  • Query Limitations: Encrypted fields cannot be used in WHERE, JOIN, or ORDER BY without application-layer filtering. May force denormalization or client-side filtering.
  • Performance Overhead: Encryption/decryption adds CPU latency per field access. Benchmark with production-like workloads.
  • Key Management: No built-in key rotation or HSM support. Must integrate with Laravel’s cache (e.g., Redis) or a dedicated KMS (e.g., AWS KMS, HashiCorp Vault).
  • Testing Complexity: Unit/integration tests must mock encryption layers. E2E tests require encrypted data validation.

Key Questions

  1. ORM Strategy:
    • Is replacing Eloquent with Doctrine feasible, or will a hybrid approach work?
    • How will encrypted models interact with existing Eloquent relationships?
  2. Encryption Granularity:
    • Which fields must be encrypted? Are there performance trade-offs for partial encryption?
  3. Query Workarounds:
    • How will filtered/sorted queries on encrypted fields be handled (e.g., application-layer filtering)?
  4. Key Management:
    • Where will encryption keys be stored? How will rotation be managed?
  5. Fallbacks:
    • What’s the plan for decryption failures (e.g., corrupted data, missing keys)?
  6. Compliance:
    • Does this meet regulatory requirements (e.g., GDPR, HIPAA) for encrypted data at rest?

Integration Approach

Stack Fit

  • Best Fit: Applications using Doctrine ORM (e.g., Symfony, legacy Laravel with Doctrine) or those willing to adopt it.
  • Laravel-Specific Fit:
    • Low Effort: Use doctrine/dbal for encrypted fields only (limited to raw SQL queries).
    • High Effort: Full Doctrine ORM migration (requires rewriting models, repositories, and queries).
  • Alternatives:
    • For Eloquent-only apps, consider native Laravel encryption (e.g., encrypt()) or packages like spatie/laravel-encryption.
    • For NoSQL, evaluate MongoDB’s client-side field-level encryption.

Migration Path

  1. Assessment Phase:
    • Audit existing models to identify encrypted field candidates.
    • Benchmark performance impact of encryption/decryption.
  2. Pilot Phase:
    • Migrate one non-critical model to Doctrine with encrypted fields.
    • Test queries, relationships, and transactions.
  3. Full Migration:
    • Option A (Doctrine Full): Replace Eloquent with Doctrine (requires refactoring).
    • Option B (Hybrid): Use Doctrine for encrypted models only (complex, may need custom proxies).
  4. Query Adaptation:
    • Replace DQL queries with application-layer filtering where needed.
    • Use Doctrine Filter for conditional encryption (e.g., only encrypt in production).

Compatibility

  • Doctrine Features:
    • Works with Doctrine 2.5+, defuse/php-encryption, and paragonie/halite.
    • Supports custom types, lifecycle callbacks, and event listeners.
  • Laravel Conflicts:
    • Eloquent macros, accessors, and mutators may not translate directly.
    • Service providers and bindings must be updated for Doctrine.
  • Database:
    • Requires compatible storage engine (e.g., InnoDB for transactions).
    • No schema migrations: Encrypted fields appear as TEXT/BLOB; existing migrations must be updated.

Sequencing

  1. Infrastructure:
    • Set up encryption keys (e.g., Laravel cache, KMS).
    • Configure doctrine/orm and dependencies.
  2. Model Layer:
    • Convert Eloquent models to Doctrine entities with @EncryptedField.
    • Implement custom types if needed (e.g., for JSON encrypted fields).
  3. Query Layer:
    • Update repositories to handle encrypted field queries.
    • Add application-layer filters for unsupported operations.
  4. Testing:
    • Validate encryption/decryption in unit tests.
    • Test edge cases (corrupted data, key rotation).
  5. Deployment:
    • Roll out in stages (e.g., encrypted fields first, then full migration).

Operational Impact

Maintenance

  • Dependency Management:
    • Track doctrine/orm, defuse/php-encryption, and Laravel version compatibility.
    • Monitor for CVE updates in encryption libraries.
  • Schema Changes:
    • Encrypted fields may require manual schema updates (e.g., altering column types).
    • Downgrade risks: Decrypting old data may fail if encryption schemes change.
  • Logging:
    • Log encryption/decryption failures (e.g., missing keys, corrupted data).
    • Audit key access and rotation events.

Support

  • Debugging Complexity:
    • Encrypted fields obscure raw data, making SQL debugging harder.
    • Developers must use application logs or decrypted dumps for troubleshooting.
  • Performance Debugging:
    • Slow queries may stem from encryption overhead or missing indexes.
    • Requires query profiling (e.g., Doctrine’s QueryLogger).
  • Key Recovery:
    • Lost keys permanently lock data. Document recovery procedures (e.g., backup keys offline).

Scaling

  • Horizontal Scaling:
    • Encryption keys must be synchronized across instances (e.g., Redis, shared storage).
    • Key caching adds latency; evaluate trade-offs for high-throughput systems.
  • Database Scaling:
    • Encrypted fields cannot be sharded by their values (e.g., no range partitioning).
    • Read replicas may duplicate encryption overhead.
  • Caching:
    • Encrypted data in Redis/Memcached requires decryption before caching.
    • Consider cache-aside pattern for sensitive data.

Failure Modes

Failure Scenario Impact Mitigation
Encryption key loss Permanent data loss Offline key backups, KMS integration
Corrupted ciphertext Silent data corruption Checksum validation, retry logic
Decryption failures Application crashes Graceful fallbacks, circuit breakers
Query timeouts on encrypted fields Slow responses Optimize encryption backend, denormalize
Key rotation misconfiguration Data unreadable across deployments Automated key versioning, rollback plan
Doctrine ORM misconfiguration Model hydration failures Comprehensive integration tests

Ramp-Up

  • Developer Onboarding:
    • Train team on Doctrine vs. Eloquent differences.
    • Document encryption best practices (e.g., field selection, key management).
  • Performance Tuning:
    • Benchmark encryption/decryption latency under load.
    • Optimize key storage (e.g., avoid disk I/O for keys).
  • Monitoring:
    • Track encryption success rates, decryption failures, and query performance.
    • Alert on key access anomalies (e.g., brute-force attempts).
  • Rollback Plan:
    • Maintain dual-write during migration (e.g., encrypted + plain
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
milito/query-filter
apiboxsym/user-bundle
apiboxsym/health-check-bundle
jayeshmepani/jpl-moshier-ephemeris-php
elnasnato/laraliveui
labrodev/rest-sdk
sampaui/sampaui
babelqueue/php-sdk
facebook/capi-param-builder-php
babelqueue/symfony
hamzi/corewatch
minionfactory/raw-hydrator
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours