Can I use this bundle with Laravel’s Eloquent ORM, or is it strictly for Doctrine?

This bundle is designed for Doctrine ORM, not Eloquent. However, you can integrate it with Laravel by using Doctrine DBAL for encrypted fields or adopting a hybrid approach with custom traits to mirror its logic in Eloquent models. Full Doctrine ORM adoption in Laravel requires significant architecture changes.

What Laravel versions does this bundle support, and are there compatibility issues?

The bundle itself doesn’t specify Laravel versions, but it requires Doctrine DBAL (≥2.13) or Doctrine ORM (≥2.10). Since Laravel doesn’t natively support Doctrine’s event system, you’ll need to use bridges like `laravel-doctrine` or manually implement workarounds. Test thoroughly for version conflicts, especially if mixing with other Doctrine extensions.

How do I handle encryption key management in production? Does the bundle support key rotation?

The bundle generates a static `DOCTRINE_ENCRYPTION_KEY` via a console command, but it lacks built-in key rotation. For production, store keys in environment variables or secure vaults (e.g., AWS KMS, HashiCorp Vault) and extend the bundle to support rotation. Losing the key means permanent data loss, so document this process rigorously.

Will this bundle work with my existing database schema, or do I need to migrate tables?

You’ll need to add `BINARY` columns for nonce and encrypted values to your existing tables. Use Laravel’s schema builder to add these columns post-installation. For zero-downtime migrations, consider dual-write periods where old and new columns coexist until full migration.

Are there performance concerns with encrypting/decrypting data on every save or fetch?

Yes, encryption/decryption adds overhead during `save()` and `find()` operations. Benchmark with your expected data volume to assess impact. Mitigate by caching decrypted values in memory (e.g., Laravel’s cache) or using selective encryption for highly sensitive fields only.

What happens if the encryption nonce is corrupted or altered in the database?

A corrupted nonce will cause decryption failures, potentially breaking your application. The bundle doesn’t include recovery mechanisms, so ensure data integrity with database constraints (e.g., checksums) or implement application-level validation. Always back up encrypted data before schema changes.

Is this bundle suitable for encrypting passwords or tokens, or just general PII like credit card numbers?

While it can encrypt any sensitive string data (including passwords or tokens), this bundle is better suited for PII/PCI compliance (e.g., credit card numbers, medical records) due to its database-layer approach. For passwords, Laravel’s built-in `encrypt()` or `hash()` methods are more secure and simpler to manage.

How do I configure the bundle for nullable vs. non-nullable encrypted fields?

Use the `Cryptable` attribute’s `nullable` parameter to define field behavior. For nullable fields, set both the encrypted and nonce properties as nullable in your Doctrine entity. Example: `#[Cryptable(nonceProperty: 'nonce', encryptedProperty: 'encrypted', nullable: true)] private ?string $value;`

Are there alternatives to this bundle for Laravel that might be easier to integrate?

Yes. For Eloquent, consider `spatie/laravel-encryption` or Laravel’s native `encrypt()` helper. If you need Doctrine integration, evaluate `gedmo/doctrine-extensions` (though it’s Symfony-focused). This bundle is only ideal if you’re already using Doctrine ORM or willing to adopt it for encrypted fields.

The bundle hasn’t been updated in months—is it still maintained, and should I use it for production?

The last release was in October 2025, but there’s no visible maintainer activity or test suite. Proceed with caution: audit the code for vulnerabilities, implement your own key management, and monitor for updates. For production, consider forking the repo or pairing it with a more actively maintained alternative.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Doctrine Extensions Bundle Laravel Package

dayploy/doctrine-extensions-bundle

View on GitHub

Deep Wiki

Context7

At a glance

Frequently asked questions about Doctrine Extensions Bundle

Can I use this bundle with Laravel’s Eloquent ORM, or is it strictly for Doctrine?: This bundle is designed for Doctrine ORM, not Eloquent. However, you can integrate it with Laravel by using Doctrine DBAL for encrypted fields or adopting a hybrid approach with custom traits to mirror its logic in Eloquent models. Full Doctrine ORM adoption in Laravel requires significant architecture changes.
What Laravel versions does this bundle support, and are there compatibility issues?: The bundle itself doesn’t specify Laravel versions, but it requires Doctrine DBAL (≥2.13) or Doctrine ORM (≥2.10). Since Laravel doesn’t natively support Doctrine’s event system, you’ll need to use bridges like `laravel-doctrine` or manually implement workarounds. Test thoroughly for version conflicts, especially if mixing with other Doctrine extensions.
How do I handle encryption key management in production? Does the bundle support key rotation?: The bundle generates a static `DOCTRINE_ENCRYPTION_KEY` via a console command, but it lacks built-in key rotation. For production, store keys in environment variables or secure vaults (e.g., AWS KMS, HashiCorp Vault) and extend the bundle to support rotation. Losing the key means permanent data loss, so document this process rigorously.
Will this bundle work with my existing database schema, or do I need to migrate tables?: You’ll need to add `BINARY` columns for nonce and encrypted values to your existing tables. Use Laravel’s schema builder to add these columns post-installation. For zero-downtime migrations, consider dual-write periods where old and new columns coexist until full migration.
Are there performance concerns with encrypting/decrypting data on every save or fetch?: Yes, encryption/decryption adds overhead during `save()` and `find()` operations. Benchmark with your expected data volume to assess impact. Mitigate by caching decrypted values in memory (e.g., Laravel’s cache) or using selective encryption for highly sensitive fields only.
What happens if the encryption nonce is corrupted or altered in the database?: A corrupted nonce will cause decryption failures, potentially breaking your application. The bundle doesn’t include recovery mechanisms, so ensure data integrity with database constraints (e.g., checksums) or implement application-level validation. Always back up encrypted data before schema changes.
Is this bundle suitable for encrypting passwords or tokens, or just general PII like credit card numbers?: While it can encrypt any sensitive string data (including passwords or tokens), this bundle is better suited for PII/PCI compliance (e.g., credit card numbers, medical records) due to its database-layer approach. For passwords, Laravel’s built-in `encrypt()` or `hash()` methods are more secure and simpler to manage.
How do I configure the bundle for nullable vs. non-nullable encrypted fields?: Use the `Cryptable` attribute’s `nullable` parameter to define field behavior. For nullable fields, set both the encrypted and nonce properties as nullable in your Doctrine entity. Example: `#[Cryptable(nonceProperty: 'nonce', encryptedProperty: 'encrypted', nullable: true)] private ?string $value;`
Are there alternatives to this bundle for Laravel that might be easier to integrate?: Yes. For Eloquent, consider `spatie/laravel-encryption` or Laravel’s native `encrypt()` helper. If you need Doctrine integration, evaluate `gedmo/doctrine-extensions` (though it’s Symfony-focused). This bundle is only ideal if you’re already using Doctrine ORM or willing to adopt it for encrypted fields.
The bundle hasn’t been updated in months—is it still maintained, and should I use it for production?: The last release was in October 2025, but there’s no visible maintainer activity or test suite. Proceed with caution: audit the code for vulnerabilities, implement your own key management, and monitor for updates. For production, consider forking the repo or pairing it with a more actively maintained alternative.

Popularity trends

Recorded values over time (once-a-day snapshots). May 9, 2026 – Jun 7, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

Favorites

Forks

Score

20.4

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 0

+0.0
Forks

input: 0

+0.0
Open issues + PRs

input: 0

+0.0
Releases

input: 3

+0.9
Recency

input: 17

+19.1
Issue opportunity

input: 0

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 20.0

Opportunity

31.6

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

48.7
Contribution need

open_issues + open_prs: 0

0.0
Health factor

archived + recency + open issues

×0.99

Total 31.5

License

MIT

Last release

May 21, 2026

Watchers

Downloads

88/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

jayeshmepani/jpl-moshier-ephemeris-php

elnasnato/laraliveui

labrodev/rest-sdk

sampaui/sampaui

babelqueue/php-sdk

facebook/capi-param-builder-php

babelqueue/symfony

hamzi/corewatch

minionfactory/raw-hydrator

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle