Kunci Laravel Package

Product Decisions This Supports

• Data Security & Compliance: Enables deterministic encryption for structured data (e.g., PII, financial records) where identical plaintext must produce identical ciphertext (e.g., indexing, deduplication, or regulatory requirements like GDPR/CCPA). Justifies building encryption logic in-house vs. third-party SaaS.
• Cost Efficiency: Reduces cloud storage costs by avoiding redundant encrypted copies of identical data (e.g., user profiles with repeated fields like email or phone).
• Searchability: Supports encrypted search functionality (e.g., filtering encrypted logs or customer data without decryption).
• Migration Strategy: Facilitates phased adoption of encryption in legacy systems by allowing selective deterministic use cases (e.g., only for searchable fields).
• Roadmap Alignment: Accelerates features requiring encrypted data operations (e.g., analytics dashboards, audit logs, or multi-tenancy isolation).

When to Consider This Package

Adopt This Package If:

• Your Laravel app handles sensitive structured data (e.g., user profiles, transactions) where deterministic encryption is critical for search, deduplication, or compliance.
• You need consistent ciphertext for identical plaintext (e.g., indexing encrypted fields in Elasticsearch or a database).
• Your team lacks cryptography expertise and prefers a batteries-included solution over custom OpenSSL/PHP implementations.
• You’re using Laravel’s built-in encryption (config['app.cipher']) and want to extend it without vendor lock-in.
• Cost savings from reduced storage redundancy (e.g., encrypting repeated fields like country or status) justify the dev effort.

Look Elsewhere If:

• You require provable security (e.g., formal verification) or post-quantum cryptography—this package uses AES-256 (standard but not quantum-resistant).
• Your use case demands format-preserving encryption (FPE) or homomorphic encryption (e.g., encrypted calculations).
• You’re in a highly regulated industry (e.g., healthcare/HIPAA) where custom key management is mandatory—this package relies on Laravel’s default encryption keys.
• Your team needs multi-language support (this is PHP/Laravel-only).
• You’re encrypting unstructured data (e.g., files, blobs)—use a dedicated package like spatie/laravel-encryption or AWS KMS.

How to Pitch It (Stakeholders)

For Executives: "This update adds deterministic encryption to our Laravel stack, letting us securely encrypt sensitive data (e.g., customer records) while enabling search and deduplication—critical for compliance and cost savings. For example, we could encrypt user emails deterministically to power encrypted search in our support portal, reducing storage costs by avoiding redundant encrypted copies. The risk is minimal (uses AES-256, same as our current encryption), and the upside is faster delivery of features like encrypted analytics or multi-tenancy. I recommend piloting this for our [high-priority use case] by [date]."

For Engineers: *"The new deterministic mode in novay/kunci lets us encrypt identical plaintext to the same ciphertext, which is useful for:

• Searchable encryption: Index encrypted fields in databases/search engines.
• Deduplication: Avoid storing duplicate encrypted data (e.g., repeated status fields).
• Compliance: Meet requirements like GDPR’s ‘right to erasure’ by encrypting data deterministically for targeted deletion. Implementation: Replace Kunci::encrypt() with Kunci::encryptDeterministically() for targeted fields. Key management stays the same (uses Laravel’s app.cipher). Start with a spike to test performance overhead (expected: <5% latency increase)."*