Can I use CipherSweet for field-level encryption in Laravel without breaking search functionality?

Yes, CipherSweet supports deterministic encryption for searchable fields while maintaining security. You can filter and sort encrypted data in Laravel, but complex queries (e.g., `LIKE` or full-text search) may require application-layer workarounds or database-specific functions like PostgreSQL’s `pgcrypto`.

What Laravel versions and PHP versions does CipherSweet support?

CipherSweet is designed for PHP 8.1+ and integrates seamlessly with Laravel 8.0+. For older Laravel versions (<8.0) or PHP <8.1, you may need polyfills or forks, as the package relies on modern PHP features like named arguments and attributes.

How do I integrate CipherSweet with Laravel’s Eloquent ORM?

Eloquent integration isn’t built-in, but you can use custom accessors/mutators or wrapper libraries like `spatie/laravel-ciphersweet`. For example, define `getAttribute()` and `setAttribute()` methods in your model to handle encryption/decryption automatically. Middleware can also encrypt/decrypt request/response data globally.

Does CipherSweet work with MySQL, or is it PostgreSQL-only?

CipherSweet is database-agnostic but requires schema changes (adding `ciphertext`, `salt`, and `nonce` columns). PostgreSQL has the best support via `paragonie/ciphersweet-db`, which leverages `pgcrypto` for some operations. MySQL lacks native encryption functions, so you’ll need application-layer decryption for queries, which limits advanced search features.

How do I manage encryption keys in Laravel with CipherSweet?

Keys are typically stored in environment variables (e.g., `.env`), which integrates cleanly with Laravel’s configuration. For production, use a key management system (KMS) like AWS KMS or HashiCorp Vault. Key rotation requires re-encrypting data with the new key, which may need a migration or background job.

Will CipherSweet slow down my Laravel application in production?

Performance depends on your use case, but CipherSweet uses ChaCha20-Poly1305 (faster than AES-GCM) to minimize CPU overhead. Benchmark your encrypted fields against unencrypted baselines, especially for high-concurrency workloads. Database locks or heavy decryption during queries can become bottlenecks.

Can I encrypt sensitive fields like credit card numbers or SSNs with CipherSweet in Laravel?

Absolutely. CipherSweet is ideal for encrypting PII like credit card numbers, SSNs, or medical records. Use deterministic encryption for searchable fields (e.g., customer IDs) and probabilistic encryption for unique, non-searchable data (e.g., passwords). Always pair encryption with Laravel’s built-in security features like request validation.

Are there alternatives to CipherSweet for Laravel field-level encryption?

Yes, alternatives include Laravel’s built-in `encrypt()` helper (simpler but less feature-rich) or libraries like `spatie/laravel-encryption` for basic field encryption. For advanced searchable encryption, consider `tightenco/ziggy` (for API signing) or database-specific solutions like PostgreSQL’s `pgcrypto`. CipherSweet stands out for its balance of security and searchability.

How do I handle decryption failures (e.g., corrupted ciphertext or lost keys) in Laravel?

Design for graceful degradation: log failures, notify admins, and implement fallback strategies like storing plaintext backups (if compliant) or showing placeholder values. For key loss, ensure you have a backup key rotation plan. Corrupted ciphertext should trigger re-encryption during the next write operation if possible.

Does CipherSweet support compliance requirements like GDPR or HIPAA for Laravel apps?

CipherSweet itself doesn’t include audit logging or access controls, but you can integrate it with Laravel’s logging (e.g., `Log::info()`) and use middleware to track encryption/decryption events. For HIPAA/GDPR, pair it with Laravel’s policy system, encryption key management via KMS, and data retention strategies. Always consult legal/compliance teams for specific requirements.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Ciphersweet Laravel Package

Q: How do I integrate CipherSweet with Laravel’s Eloquent ORM?

Eloquent integration isn’t built-in, but you can use custom accessors/mutators or wrapper libraries like `spatie/laravel-ciphersweet`. For example, define `getAttribute()` and `setAttribute()` methods in your model to handle encryption/decryption automatically. Middleware can also encrypt/decrypt request/response data globally.

Q: Does CipherSweet work with MySQL, or is it PostgreSQL-only?

CipherSweet is database-agnostic but requires schema changes (adding `ciphertext`, `salt`, and `nonce` columns). PostgreSQL has the best support via `paragonie/ciphersweet-db`, which leverages `pgcrypto` for some operations. MySQL lacks native encryption functions, so you’ll need application-layer decryption for queries, which limits advanced search features.

Q: How do I manage encryption keys in Laravel with CipherSweet?

Keys are typically stored in environment variables (e.g., `.env`), which integrates cleanly with Laravel’s configuration. For production, use a key management system (KMS) like AWS KMS or HashiCorp Vault. Key rotation requires re-encrypting data with the new key, which may need a migration or background job.

Q: Will CipherSweet slow down my Laravel application in production?

Performance depends on your use case, but CipherSweet uses ChaCha20-Poly1305 (faster than AES-GCM) to minimize CPU overhead. Benchmark your encrypted fields against unencrypted baselines, especially for high-concurrency workloads. Database locks or heavy decryption during queries can become bottlenecks.

Q: Can I encrypt sensitive fields like credit card numbers or SSNs with CipherSweet in Laravel?

Absolutely. CipherSweet is ideal for encrypting PII like credit card numbers, SSNs, or medical records. Use deterministic encryption for searchable fields (e.g., customer IDs) and probabilistic encryption for unique, non-searchable data (e.g., passwords). Always pair encryption with Laravel’s built-in security features like request validation.

Q: Are there alternatives to CipherSweet for Laravel field-level encryption?

Yes, alternatives include Laravel’s built-in `encrypt()` helper (simpler but less feature-rich) or libraries like `spatie/laravel-encryption` for basic field encryption. For advanced searchable encryption, consider `tightenco/ziggy` (for API signing) or database-specific solutions like PostgreSQL’s `pgcrypto`. CipherSweet stands out for its balance of security and searchability.

Q: How do I handle decryption failures (e.g., corrupted ciphertext or lost keys) in Laravel?

Design for graceful degradation: log failures, notify admins, and implement fallback strategies like storing plaintext backups (if compliant) or showing placeholder values. For key loss, ensure you have a backup key rotation plan. Corrupted ciphertext should trigger re-encryption during the next write operation if possible.

Q: Does CipherSweet support compliance requirements like GDPR or HIPAA for Laravel apps?

CipherSweet itself doesn’t include audit logging or access controls, but you can integrate it with Laravel’s logging (e.g., `Log::info()`) and use middleware to track encryption/decryption events. For HIPAA/GDPR, pair it with Laravel’s policy system, encryption key management via KMS, and data retention strategies. Always consult legal/compliance teams for specific requirements.

paragonie/ciphersweet

CipherSweet is a PHP library for field-level encryption with searchable encrypted data. It helps you securely encrypt database columns while still supporting safe, blind-index-based search and sorting, with modern cryptography and key management support.

Deep Wiki

Context7

Fast, searchable field-level encryption for PHP projects

Frequently asked questions about Ciphersweet

Can I use CipherSweet for field-level encryption in Laravel without breaking search functionality?: Yes, CipherSweet supports deterministic encryption for searchable fields while maintaining security. You can filter and sort encrypted data in Laravel, but complex queries (e.g., `LIKE` or full-text search) may require application-layer workarounds or database-specific functions like PostgreSQL’s `pgcrypto`.
What Laravel versions and PHP versions does CipherSweet support?: CipherSweet is designed for PHP 8.1+ and integrates seamlessly with Laravel 8.0+. For older Laravel versions (<8.0) or PHP <8.1, you may need polyfills or forks, as the package relies on modern PHP features like named arguments and attributes.
How do I integrate CipherSweet with Laravel’s Eloquent ORM?: Eloquent integration isn’t built-in, but you can use custom accessors/mutators or wrapper libraries like `spatie/laravel-ciphersweet`. For example, define `getAttribute()` and `setAttribute()` methods in your model to handle encryption/decryption automatically. Middleware can also encrypt/decrypt request/response data globally.
Does CipherSweet work with MySQL, or is it PostgreSQL-only?: CipherSweet is database-agnostic but requires schema changes (adding `ciphertext`, `salt`, and `nonce` columns). PostgreSQL has the best support via `paragonie/ciphersweet-db`, which leverages `pgcrypto` for some operations. MySQL lacks native encryption functions, so you’ll need application-layer decryption for queries, which limits advanced search features.
How do I manage encryption keys in Laravel with CipherSweet?: Keys are typically stored in environment variables (e.g., `.env`), which integrates cleanly with Laravel’s configuration. For production, use a key management system (KMS) like AWS KMS or HashiCorp Vault. Key rotation requires re-encrypting data with the new key, which may need a migration or background job.
Will CipherSweet slow down my Laravel application in production?: Performance depends on your use case, but CipherSweet uses ChaCha20-Poly1305 (faster than AES-GCM) to minimize CPU overhead. Benchmark your encrypted fields against unencrypted baselines, especially for high-concurrency workloads. Database locks or heavy decryption during queries can become bottlenecks.
Can I encrypt sensitive fields like credit card numbers or SSNs with CipherSweet in Laravel?: Absolutely. CipherSweet is ideal for encrypting PII like credit card numbers, SSNs, or medical records. Use deterministic encryption for searchable fields (e.g., customer IDs) and probabilistic encryption for unique, non-searchable data (e.g., passwords). Always pair encryption with Laravel’s built-in security features like request validation.
Are there alternatives to CipherSweet for Laravel field-level encryption?: Yes, alternatives include Laravel’s built-in `encrypt()` helper (simpler but less feature-rich) or libraries like `spatie/laravel-encryption` for basic field encryption. For advanced searchable encryption, consider `tightenco/ziggy` (for API signing) or database-specific solutions like PostgreSQL’s `pgcrypto`. CipherSweet stands out for its balance of security and searchability.
How do I handle decryption failures (e.g., corrupted ciphertext or lost keys) in Laravel?: Design for graceful degradation: log failures, notify admins, and implement fallback strategies like storing plaintext backups (if compliant) or showing placeholder values. For key loss, ensure you have a backup key rotation plan. Corrupted ciphertext should trigger re-encryption during the next write operation if possible.
Does CipherSweet support compliance requirements like GDPR or HIPAA for Laravel apps?: CipherSweet itself doesn’t include audit logging or access controls, but you can integrate it with Laravel’s logging (e.g., `Log::info()`) and use middleware to track encryption/decryption events. For HIPAA/GDPR, pair it with Laravel’s policy system, encryption key management via KMS, and data retention strategies. Always consult legal/compliance teams for specific requirements.

Stars

464

Forks

Score

25.9

License

NOASSERTION

Last release

Mar 5, 2026

Watchers

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

davejamesmiller/laravel-breadcrumbs

artisanry/parsedown

christhompsontldr/phpsdk

enqueue/dsn

bunny/bunny

enqueue/test

enqueue/null

enqueue/amqp-tools

bower-asset/punycode

bower-asset/inputmask

bower-asset/jquery

bower-asset/yii2-pjax

laravel/nova

spatie/laravel-mailcoach

spatie/laravel-superseeder

laravel/liferaft

nst/json-test-suite

danielmiessler/sec-lists

jackalope/jackalope-transport

twbs/bootstrap4