Legacy Encrypter Laravel Package
laravel/legacy-encrypter
Drop-in Laravel encrypter compatible with legacy apps. Encrypt/decrypt data using older key formats and cipher settings so you can read existing payloads and migrate safely. Useful for upgrades where stored encrypted values must remain accessible.
Product Decisions This Supports
- Legacy System Migration: Enables secure decryption of data encrypted with older Laravel versions (pre-5.8) using the deprecated
mcryptlibrary, allowing smooth transitions without data loss. - Compliance & Security: Addresses compliance requirements (e.g., GDPR, HIPAA) where legacy-encrypted data must remain accessible during migration to modern encryption (e.g., OpenSSL).
- Cost-Effective Build vs. Buy: Avoids reinventing a wheel for legacy decryption, reducing dev time and risk. Ideal for teams with constrained resources or tight deadlines.
- Roadmap Alignment: Supports phased upgrades by decoupling decryption from encryption upgrades, letting teams prioritize new features while handling legacy data incrementally.
- Use Cases:
- Migrating from Laravel 5.7 or earlier to newer versions.
- Auditing or accessing legacy-encrypted user data (e.g., passwords, tokens).
- Integrating third-party systems that rely on
mcrypt-encrypted data.
When to Consider This Package
-
Adopt if:
- Your application uses Laravel ≤5.7 and relies on
mcrypt-encrypted data (e.g., passwords, API tokens, sensitive fields). - You need to decrypt but not encrypt legacy data (use Laravel’s default
encrypterfor new data). - Your team lacks resources to build a custom decryption solution or reverse-engineer
mcryptlogic. - You’re migrating to Laravel 8+ or PHP 8.x and must preserve access to legacy data during transition.
- Your application uses Laravel ≤5.7 and relies on
-
Look elsewhere if:
- Your legacy data uses custom encryption schemes beyond Laravel’s
mcryptimplementation. - You need bidirectional encryption/decryption (this package is decryption-only).
- Your team can allocate time to develop a native PHP
mcryptwrapper (though this package mitigates that risk). - Security policies prohibit reliance on deprecated libraries (mitigate by treating decrypted data as ephemeral).
- Your legacy data uses custom encryption schemes beyond Laravel’s
How to Pitch It (Stakeholders)
For Executives:
"This lightweight package solves a critical migration bottleneck: securely accessing legacy-encrypted data during our Laravel upgrade. By leveraging Laravel’s official mcrypt decrypter, we avoid costly custom development, reduce risk, and ensure compliance without disrupting new feature delivery. It’s a zero-cost, low-risk enabler for our roadmap—think of it as a ‘bridge’ to modern encryption, not a long-term dependency."
For Engineering:
*"The legacy-encrypter package provides a drop-in solution to decrypt mcrypt-encrypted data (e.g., from Laravel ≤5.7) using Laravel’s existing encryption config. Key benefits:
- No dependency bloat: Only adds ~50 lines of code.
- Security: Uses Laravel’s validated
mcryptlogic (same as legacy apps). - Flexibility: Works alongside the default
encrypterfor new data. Use case: Add it to yourcomposer.json, configure it inconfig/app.php, and decrypt legacy data viaLegacyEncrypter::decrypt(). Perfect for migration scripts or audit tools. Avoid if you need encryption or custommcryptvariants."*
How can I help you explore Laravel packages today?