GDPR friendly encryption
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Annotation
Bridge
DependencyInjection
Encryptor
Resources/config
Subscriber
Tests
Twig
.gitignore
DoctrineEncryptionBundle.php
README.md
composer.json
phpunit.xml

README.md

Doctrine Encryption Bundle

SensioLabsInsight

With GDPR becoming business critical here's a bundle that handles the data encryption layer.

Installation

composer require matt9mg/doctrine-encryption-bundle dev-master

   app/AppKernel.php
   
   
    public function registerBundles()
    {
        $bundles = [
            ...
            new Matt9mg\Encryption\DoctrineEncryptionBundle(),
            ...
        ];
    }

Configuration

Basic

Basic configuration will take advantage of the encryption library provided

matt9mg_doctrine_encryption:
  key: 'an encryption key'
  iv: 'an encryption iv'
  suffix: 'an encryption suffix'

Full

matt9mg_doctrine_encryption:
  key: 'an encryption key'
  iv: 'an encryption iv'
  suffix: 'an encryption suffix'
  method: 'AES-256-CBC' // This is the default setting
  class: 'Full\Namespace\To\Your\Encryptor' // If not supplied will use the default

Usage

Using the encryption service in controller

use Matt9mg\Encryption\Bridge\Bridge;

$this->get(Bridge::class)->encrypt($string)
$this->get(Bridge::class)->decrypt($string);

Entity Annotation

    use Matt9mg\Encryption\Annotation\Encrypted;

    class User {
       /**
       * @Encrypted()
       */
       private $firstname;
    
    }

The above will auto encrypt on prePersist and preUpdate

Twig

{{ user.firstname | decrypt }}

Design decision

You'll notice there is no postLoad event to convert back to decrypted. Experience with doctrine is that as the entity is changed it adds it to the queue to be flushed. Say if you have an account with 1000 users each user would be decrypted meaning re saved.

How to add a custom Encryptor

Create a class that extends Matt9mg\Encryption\Encryptor\EncryptorInterface. Then register as mentioned in the above config.

Tests

Yes there a loads of lovely unit tests :)

Roadmap

  • Form inputs
  • Command line util
  • Travis integration