ekino / data-protection-bundle
Data protection bundle
Installs: 24 241
Dependents: 0
Suggesters: 0
Security: 0
Stars: 4
Watchers: 13
Forks: 10
Open Issues: 6
Type:symfony-bundle
Requires
- php: ^8.1
- ext-json: *
- ext-openssl: *
- monolog/monolog: ^3.6.0
- symfony/config: ^5.4 || ^6.4 || ^7.0
- symfony/console: ^5.4 || ^6.4 || ^7.0
- symfony/dependency-injection: ^5.4 || ^6.4 || ^7.0
- symfony/form: ^5.4 || ^6.4 || ^7.0
- symfony/http-kernel: ^5.4 || ^6.4 || ^7.0
- symfony/options-resolver: ^5.4 || ^6.4 || ^7.0
- symfony/translation: ^5.4 || ^6.4 || ^7.0
- symfony/validator: ^5.4 || ^6.4 || ^7.0
Requires (Dev)
- dg/bypass-finals: ^1.4
- ekino/phpstan-banned-code: ^1.0
- friendsofphp/php-cs-fixer: ^3.0
- phpstan/phpstan-phpunit: ^1.0
- phpunit/phpunit: ^9.5
- sonata-project/admin-bundle: ^4.0
- sonata-project/twig-extensions: ^2.0
This package is auto-updated.
Last update: 2024-10-31 14:08:25 UTC
README
This is a work in progress, so if you'd like something implemented please feel free to ask for it or contribute to help us!
Purpose
This bundle protects the data of your project through encryption.
Installation
Step 1: add dependency
$ composer require ekino/data-protection-bundle
Step 2: register the bundle
Symfony 2 or 3:
<?php // app/AppKernel.php public function registerBundles() { $bundles = [ // ... new Ekino\DataProtectionBundle\EkinoDataProtectionBundle(), // ... ]; }
Symfony 4:
<?php // config/bundles.php return [ // ... Ekino\DataProtectionBundle\EkinoDataProtectionBundle::class => ['all' => true], // ... ];
Step 3: configure the bundle
ekino_data_protection: encryptor: method: aes-256-cbc # default secret: foo # required encrypt_logs: true # default use_sonata_admin: false # default
The method is one of openssl_get_cipher_methods().
Usage
Encrypt the logs
This bundle provides a processor for Monolog to encrypt your logs in order
to not be human-readable. To use it, just add the prefix private_ on the
context key for each data you want to encrypt, for instance:
<?php $logger->critical('Something to be logged', [ 'a_non_sensitive_data' => 'foo', // won't be encrypted 'private_firstname' => 'John', // will be encrypted ]);
Then the data can be decrypted in a secure area using the encryptor.
If you don't want it, you can disable it in the config:
ekino_data_protection: encrypt_logs: false
Decrypt the logs
This bundle provides a Sonata Admin panel to decrypt your logs that would have been encrypted by the above processor. To use it, enable it in configuration:
ekino_data_protection: use_sonata_admin: true
Then, you will be able to add the following route admin_app_logs_decrypt_encrypt into
your menu for example. This route provides a form with only one field in which you
can fill in only the encrypted part of the log or a full text containing several logs.
In case of several encrypted logs, each decrypted result will be displayed in a
dedicated tab.
Decrypt your secrets at runtime
This bundle provides a processor using the configured encryptor to decrypt a secret at runtime. This allows you to not reveal your secrets and easy rotate them without flushing the cache.
To use it, just use the prefix ekino_encrypted as this example shows:
# .env
DATABASE_URL=d6NhbhWDBVpj5l3gYD5BiKLeYxJllx7Lf8hJXhtoJ70=
# config/packages/doctrine.yaml doctrine: dbal: url: '%env(ekino_encrypted:DATABASE_URL)%'
Encrypt texts using the CLI
To encrypt a text, run the following command:
bin/console ekino-data-protection:encrypt myText, optionally with --secret mySecret and/or --method myCipher