If you want to avoid storing sensitive DB data (like passport numbers) as plain text, Laravel can encrypt it in Eloquent Models by simply casting it as
encrypted. Let's see how it works.
It looks something like this:
We don't want our user passport numbers stored in plain text in our database, so encryption is a great way to protect it. This can encrypt any data in your models, not just user data.
Our database does not need anything special here. You must ensure that the column you want to encrypt is a
text column (based on the data amount), even if the original value contains only numbers, like passport numbers in our case.
In our model, we need to add the
protected $casts property and the column we want to encrypt. In our case, it is
// ...protected $casts = ['passport_number' => 'encrypted',];// ...
That's it! Now, whenever you save the passport number on your user model - it will be encrypted, and on retrieval, it will get decrypted. How cool is that?
IMPORTANT WARNING: Protect Your App Key
The encryption algorithm mentioned above is based on your application's
APP_KEY value. In your
.env file, you should have something like this:
When talking about encryption, you must keep your
APP_KEY safe. If someone gets access to it - they can decrypt all your encrypted data. So please keep it safe and don't share it with anyone.
What Happens If You Change Your App Key?
APP_KEY is re-generated whenever you run
php artisan key:generate. But what happens to your encrypted data if you change your
The encrypted data is lost
That's right. If you change your
APP_KEY - all your encrypted data will be lost. This is because this key is used for the encryption/decryption, and changing it - messes up the decryption process. Just look at this example:
And if we change the key:
So the main idea is this: DO NOT RUN key:generate ON PRODUCTION SERVER.
Be careful with your
APP_KEY and don't lose it. It's a good idea to keep a backup of it somewhere safe.