A Symfony bundle that allows you to encrypt and decrypt parameters
Switch branches/tags
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
Command Remove null as a possible value for encryption and decryption keys Jun 18, 2017
Configuration Refactor short if else constructs to a more concise format Jun 19, 2017
Console Fix variable name Jan 21, 2018
DependencyInjection Add rewriting Doctrine configuration key "url" Mar 6, 2018
Encryption Refactor short if else constructs to a more concise format Jun 19, 2017
Exception Add MissingTagAttributeException Jul 5, 2017
Replacement Pass container to parameter replacer to enable parameter environment … Mar 6, 2018
Resources Replace parameter environment placeholders in decryption configuratio… Mar 6, 2018
Tests Add rewriting Doctrine configuration key "url" Mar 6, 2018
.coveralls.yml Add Coveralls configuration May 26, 2017
.gitattributes Add /phpunit.xml.dist to .gitattributes export-ignore Jun 21, 2017
.gitignore Add /.php_cs to .gitignore Jun 19, 2017
.php_cs.dist Add .php_cs.dist Jun 19, 2017
.travis.yml Add Symfony version 3.4.x (LTS) to Travis CI testing scenarios Jan 20, 2018
CHANGELOG.md Update CHANGELOG for version 1.1.1 Mar 6, 2018
CONTRIBUTING.md Add Composer scripts for PHPUnit and PHP CS Fixer Mar 6, 2018
LICENSE Add copyright holder to LICENSE Apr 24, 2017
PcdxParameterEncryptionBundle.php Load compiler pass for bundle configuration service definition rewrit… Jul 4, 2017
README.md Add author and contributing information to README Jun 21, 2017
composer.json Add Composer scripts for PHPUnit and PHP CS Fixer Mar 6, 2018
phpunit.xml.dist Add phpunit.xml.dist Apr 26, 2017



This bundle lets you save Symfony parameters in an encrypted form and automatically decrypt them during runtime.

Latest Stable Version Build Status Code Coverage


What It Does

This bundle allows developers to save sensitive information in Symfony parameters in an encrypted form so that it can be committed to a VCS. The only remaining sensitive information, the decryption key, could then be saved in an unversioned parameters.yml file or simply passed in an environment variable.

Through this approach you can easily keep all stage-specific configuration files in the VCS and use a switch mechanism to detect which one to load. This helps you keep the number of stage-specific (automatically) deployed but unversioned files to an absolute minimum.

What It Does Not Do

The intention is not to provide security in a way that an attacker with access to the webspace file system wouldn't be able to decrypt the parameters.

The PHP process needs to read both the encrypted data as well as the decryption key(s), be it in the file system or in memory as an environment variable. Someone who manages to infiltrate the process therefore automatically gains relevant read access to both pieces of information as well.

Additionally, anyone who can read the Symfony application cache would be able to extract the dumped container including all decrypted parameters anyway.


  • Provides encryption for Symfony parameters
  • Does not impact overall application performance when container is cached
  • Allows defining keys in base64 encoded format to support binary values
  • Allows generating keys with PBKDF2
  • Allows specifying multiple algorithm configurations to enable usage of different methods of encryption in the same application
  • Modular approach to harness encryption ciphers from reputable third-party Composer packages
  • Highly configurable
  • Highly extensible (custom encrypters, decrypters, key transformers, ...)
  • 100% code coverage

Furthermore, this bundle comes with the following ciphers out-of-the-box:

Symmetric Ciphers

  • Caesar


The documentation source files are located in the Resources/doc/ directory of this bundle.


Please refer to the Getting Started guide.


This bundle is released under the MIT license.


See also the list of contributors.


The official project repository with the issue tracker can be found on GitHub.

Please refer to the contributing document.