bcrowe/cakephp-encrypted-type

CakePHP 3 plugin that provides application-level database encryption.

CakePHP Encrypted Type

![Software License][ico-license] ![Coverage Status][ico-scrutinizer] ![Total Downloads][ico-downloads], _(*1)

This plugin provides a CakePHP 4 encrypted database type for application-level encryption. Before using this plugin you may want to weigh your options between full-disk, database-level, and application-level encryption. This plugin was born out of Amazon Aurora not supporting encryption with cross region replication before March 28, 2017., _(*2)

Install

Via Composer, _(*3)

``` bash $ composer require bcrowe/cakephp-encrypted-type, <sub>(*4)</sub>

Load the plugin in your application's `bootstrap.php` file, then define the type
mapping:

``` php
Plugin::load('BryanCrowe/EncryptedType');
Type::map('encrypted', 'BryanCrowe\EncryptedType\Database\Type\EncryptedType');

Make sure to have a Encryption.key config value in your config/app.php file:, <sub>(*5)</sub>

``` php [ 'Encryption' => [ 'key' => env('ENCRYPTION_KEY', 'defaultencryptionkeygoesrighthereyaythisisfun'), ], ], <sub>(*6)</sub>

## Usage

**Note:** This database type expects columns to be nullable in the case of an
omitted column or whenever explicitly setting a `null` value for a column.

Use `BLOB` types for columns that are to be encrypted, for example:

``` sql
CREATE TABLE `users` (
  `id` char(36) NOT NULL DEFAULT '',
  `first_name` blob,
  `last_name` blob,
  `email` blob,
  `created` datetime DEFAULT NULL,
  `modified` datetime DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

Map the type to a column in your Table class:, <sub>(*7)</sub>

``` php <?php namespace App\Model\Table;, <sub>(*8)</sub>

use Cake\Database\Schema\TableSchema; use Cake\ORM\Table;, <sub>(*9)</sub>

class UsersTable extends Table {, <sub>(*10)</sub>

protected function _initializeSchema(TableSchema $schema)
{
    $schema->columnType('first_name', 'encrypted');
    $schema->columnType('last_name', 'encrypted');
    $schema->columnType('email', 'encrypted');

    return $schema;
}

}, <sub>(*11)</sub>

## Changelog

Please see [CHANGELOG](CHANGELOG.md) for more information what has changed
recently.

## Testing

``` bash
$ composer test

Contributing

Please see CONTRIBUTING and CONDUCT for details., <sub>(*12)</sub>

Security

If you discover any security related issues, please email bryan@bryan-crowe.com instead of using the issue tracker., <sub>(*13)</sub>

Credits

• Bryan Crowe
• All Contributors

License

The MIT License (MIT). Please see License File for more information., <sub>(*14)</sub>