This is a work in progress, so if you'd like something implemented please feel free to ask for it or contribute to help us!
This bundle protects the data of your project through encryption.
$ composer require ekino/data-protection-bundle
<?php
// app/AppKernel.php
public function registerBundles()
{
$bundles = [
// ...
new Ekino\DataProtectionBundle\EkinoDataProtectionBundle(),
// ...
];
}
<?php
// config/bundles.php
return [
// ...
Ekino\DataProtectionBundle\EkinoDataProtectionBundle::class => ['all' => true],
// ...
];
ekino_data_protection:
encryptor:
method: aes-256-cbc # default
secret: foo # required
encrypt_logs: true # default
use_sonata_admin: false # default
The method
is one of openssl_get_cipher_methods().
This bundle provides a processor for Monolog to encrypt your logs in order
to not be human-readable. To use it, just add the prefix private_
on the
context key for each data you want to encrypt, for instance:
<?php
$logger->critical('Something to be logged', [
'a_non_sensitive_data' => 'foo', // won't be encrypted
'private_firstname' => 'John', // will be encrypted
]);
Then the data can be decrypted in a secure area using the encryptor.
If you don't want it, you can disable it in the config:
ekino_data_protection:
encrypt_logs: false
This bundle provides a Sonata Admin panel to decrypt your logs that would have been encrypted by the above processor. To use it, enable it in configuration:
ekino_data_protection:
use_sonata_admin: true
Then, you will be able to add the following route admin_app_logs_decrypt_encrypt
into
your menu for example. This route provides a form with only one field in which you
can fill in only the encrypted part of the log or a full text containing several logs.
In case of several encrypted logs, each decrypted result will be displayed in a
dedicated tab.
Warning :
Ekino\DataProtectionBundle\DependencyInjection\EnvVarEncryptedProcessor
is now deprecated in favor of built-in symfony secret feature
This bundle provides a processor using the configured encryptor to decrypt a secret at runtime. This allows you to not reveal your secrets and easy rotate them without flushing the cache.
To use it, just use the prefix ekino_encrypted
as this example shows:
# .env
DATABASE_URL=d6NhbhWDBVpj5l3gYD5BiKLeYxJllx7Lf8hJXhtoJ70=
# config/packages/doctrine.yaml
doctrine:
dbal:
url: '%env(ekino_encrypted:DATABASE_URL)%'
To encrypt a text, run the following command:
bin/console ekino-data-protection:encrypt myText
, optionally with --secret mySecret
and/or --method myCipher