Replaces Laravel's built-in encryption with an encryption based on AWS KMS

Related tags

Security aws laravel encryption kms laravel-package
Overview

Laravel Kms Encryption

Latest Version on Packagist GitHub Tests Action Status GitHub Code Style Action Status Total Downloads

Introduction

This package replaces Laravel's built-in encryption with an encryption based on AWS KMS.

Two major features provided by kms are:

  • ability to automatically rotate key (annually) without deleting the previous ones
  • you don’t have access to the actual key, which means you can’t leak it

This package has been based on this blogpost

Installation

This package requires Laravel 8.x or higher.

You can install the package via composer:

composer require smknstd/laravel-kms-encryption

Next you should publish the config file, and setup your values :

php artisan vendor:publish --provider="Smknstd\LaravelKmsEncryption\LaravelKmsEncryptionServiceProvider"

If you want to use IAM Roles that are already setup, aws sdk will automatically use them by default. Otherwise, you should setup credentials to the proper aws user allowed to "use" the given kms key, by adding a kms section in your config/services.php file :

    'kms' => [
        'key' => env('AWS_ACCESS_KEY_ID'),
        'secret' => env('AWS_SECRET_ACCESS_KEY'),
        'region' => env('AWS_REGION'),
    ],

Now everytime you'll encrypt something it will use the provided kms key. It includes all fields using eloquent's encrypted casting. If you have previously encrypted data, be aware that you won't be able to decrypt it.

Cookies encryption

If you use laravel's middleware EncryptCookies, it can't work with kms. To let the middleware continue working with laravel's encrypter you need to edit App\Http\kernel.php. Just replace the existing middleware with :

   protected $middlewareGroups = [
     'web' => [
         \Smknstd\LaravelKmsEncryption\Middleware\EncryptCookies::class,
         ...
     ]
   ]

Testing

composer test

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

License

The MIT License (MIT). Please see License File for more information.

You might also like...
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

null 752 Jan 3, 2023
🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.
🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.

Optimus id transformation With this library, you can transform your internal id's to obfuscated integers based on Knuth's integer hash. It is similar

Jens Segers 1.2k Jan 2, 2023
HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or

TYPO3 GitHub Department 18 Jul 18, 2022
A PHP utility for managing secrets in the cloud using AWS KMS and DynamoDB

CredStash for PHP This is a PHP port of original CredStash (written in python). Encryption and DynamoDB storage are compatible with python version so

Global Media Outreach 21 Nov 15, 2022
AWS Cognito package using the AWS SDK for PHP/Laravel
AWS Cognito package using the AWS SDK for PHP/Laravel

Laravel Package to manage Web and API authentication with AWS Cognito AWS Cognito package using the AWS SDK for PHP This package provides a simple way

EllaiSys 74 Nov 15, 2022
A PocketMine-MP plugin that replaces a block to another block when breaks, then back to the original block after a certain time

BlockReplacer A PocketMine-MP plugin that replaces a block to another block when breaks, then back to the original block after a certain time How to I

AIPTU 11 Sep 2, 2022
A simple plugin that replaces the sms channel with Whatsapp Web channel through Wo-Wa Whatsapp service

Mautic Whatsapp Plugin This plugin replaces the SMS channel and allows you to send messages to Whatsapp using the Wo-Wa Whatsapp Web application. Inte

Joey Keller 9 Dec 16, 2022
Composer package which adds support for HTML5 elements using Laravels Form interface (e.g. Form::date())

Laravel HTML 5 Inputs Composer package which adds support for HTML5 elements by extending Laravel's Form interface (e.g. Form::date()) Adds support fo

Small Dog Studios 11 Oct 13, 2020
A package to flash multiple messages using Laravels default session message flashing system
A package to flash multiple messages using Laravels default session message flashing system

Flash multiple advanced messages with both text, messages and links An opinionated solution for flashing multiple advanced messages from the backend a

Bilfeldt 6 Jan 18, 2022
LaravelS is an out-of-the-box adapter between Swoole and Laravel/Lumen.
LaravelS is an out-of-the-box adapter between Swoole and Laravel/Lumen.

🚀 LaravelS is an out-of-the-box adapter between Swoole and Laravel/Lumen.

Biao Xie 3.7k Dec 29, 2022
Adds a way to write php and run it directly in Laravels' Artisan Tinker.
Adds a way to write php and run it directly in Laravels' Artisan Tinker.

Adds a way to write php in PhpStorm/IDEA and run it directly as if through laravel artisan tinker - allowing you to quickly run a piece of code with a

Robbin 120 Jan 2, 2023
Strongly typed settings for Laravel, includes built-in encryption and friendly validation.

Strongly Typed Laravel Settings Install composer require bogdankharchenko/typed-laravel-settings Model Setup namespace App\Models\User; use Illuminat

Bogdan Kharchenko 10 Aug 31, 2022
Simple Video is a automated H264 encryption system built on Lumen Laravel Framework

Simple Video is a automated H264 encryption system built on Lumen Laravel Framework

Azril Nazli Alias 4 Oct 5, 2022
Cipi is a Laravel based cloud server control panel that supports Digital Ocean, AWS, Vultr, Google Cloud, Linode, Azure and other VPS.
Cipi is a Laravel based cloud server control panel that supports Digital Ocean, AWS, Vultr, Google Cloud, Linode, Azure and other VPS.

Cipi is a Laravel based cloud server control panel that supports Digital Ocean, AWS, Vultr, Google Cloud, Linode, Azure and other VPS. It comes with nginx, Mysql, multi PHP-FPM versions, multi users, Supervisor, Composer, npm, free Let's Encrypt certificates, Git deployment, backups, ffmpeg, fail2ban, Redis, API and with a simple graphical interface useful to manage Laravel, Codeigniter, Symfony, WordPress or other PHP applications. With Cipi you don’t need to be a Sys Admin to deploy and manage websites and PHP applications powered by cloud VPS.

Andrea Pollastri 907 Jan 8, 2023
A Laravel artisan based package to create the AWS (SES + SNS) infrastructure to receive email event notifications with Http/Https endpoint.
A Laravel artisan based package to create the AWS (SES + SNS) infrastructure to receive email event notifications with Http/Https endpoint.

Laravel SES Tracking Setup the AWS infrastructure to handle email events using SES/SNS and http/s endpoints with a single Laravel artisan command. Thi

null 11 Apr 26, 2022
This component, based on the Symfony serializer and async-aws, is a human-readable and quick abstraction to easily store serialized objects in DynamoDB 🚀.

DynamoDB Storable This component, based on the Symfony serializer and async-aws, is a human-readable and quick abstraction to easily store serialized

Matthieu W. 2 Jun 19, 2022
AWS SDK with readable code and async responses

AsyncAws client If you are one of those people that like the Amazon PHP SDK but hate the fact that you need to download Guzzle, PSR-7 and every AWS AP

Async AWS 375 Dec 24, 2022
Official repository of the AWS SDK for PHP (@awsforphp)

AWS SDK for PHP - Version 3 The AWS SDK for PHP makes it easy for developers to access Amazon Web Services in their PHP code, and build robust applica

Amazon Web Services 5.7k Jan 1, 2023
Deploy and execute non-PHP AWS Lambda functions from your Laravel application.

Sidecar for Laravel Deploy and execute non-PHP AWS Lambda functions from your Laravel application. Read the full docs at hammerstone.dev/sidecar/docs.

Hammerstone 624 Dec 30, 2022
Comments
  • EncryptCookies fails because missing method getKey()

    EncryptCookies fails because missing method getKey()

    https://github.com/laravel/framework/blob/8.x/src/Illuminate/Cookie/Middleware/EncryptCookies.php#L86

    https://github.com/laravel/framework/blob/8.x/src/Illuminate/Contracts/Encryption/Encrypter.php

    After this security fix last year, as mentionned here https://github.com/laravel/framework/commit/5786aa4a388adfcc62862573275bd37d49aa07d7#commitcomment-46401370, encrypter contract doesn't have a getKey() method. And so doesn't kms encrypter. At the moment the cookie feature is broken ...

    bug 
    opened by smknstd 1
Owner
Arnaud Becher
Let me be what I wanna be
Arnaud Becher
GitHub
Simple Encryption in PHP.

php-encryption composer require defuse/php-encryption This is a library for encrypting data with a key or password in PHP. It requires PHP 5.6 or new

Taylor Hornby 3.6k Jan 3, 2023
A petite library of encryption functions for PHP

?? dcrypt A petite library of essential encryption functions for PHP 7.1+. For legacy PHP version support, look here. If you need a dcrypt inspired en

null 96 Oct 6, 2022
A simple php (lumen) app for sharing sensitive text (basically like onetimesecret), but with full end-to-end AES-256-GCM encryption so even the server has no access to the data, and developed with very simple deployment in mind.

A simple php (lumen) app for sharing sensitive text (basically like onetimesecret), but with full end-to-end AES-256-GCM encryption so even the server has no access to the data, and developed with very simple deployment in mind.

Alan Woo 51 Nov 21, 2022
Encryption-free Private Messaging For Flarum

Whisper - Private Messaging for Flarum A Flarum extension. Add private messaging functionality to your Flarum Community! Simple to install, no setting

Charlie 4 Dec 7, 2021
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication.

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

[sCRiPTz-TEAM] 3 Dec 31, 2021
Password manager featuring client-side encryption, vaults, folders and more.

vaults is a password manager featuring client side AES-256 encryption, PBKDF2 hashing, vaults, password generation & more. Features Technical overview

null 27 Nov 18, 2022
JSON Object Signing and Encryption library for PHP.

NAMSHI | JOSE Deprecation notice Hi there, as much as we'd like to be able to work on all of the OSS in the world, we don't actively use this library

Namshi 1.7k Dec 22, 2022
A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryption, digital signing and message authentication.

PHP Encryption A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryp

null 19 Dec 31, 2022
Simplest implementation of RSA algorithm encryption and decryption

Simplest RSA (Rivest–Shamir–Adleman) Simplest implementation of RSA algorithm encryption and decryption. Richard Feynman: What I cannot create, I do n

Max Base 8 Aug 30, 2022
AES 128 bit Encryption and Decryption algorithm excuted purely on PHP with no external libraries.

AES128 Executed with PHP Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S National I

Ahmed Mohamed Mostafa 2 Aug 8, 2022