Proper Way To Encrypt Data In Laravel Application Example

Hello Artisan,

In this tutorial, I will show you how to encrypt data in the Laravel 9 application. Sometimes we need to encrypt our important data when we want to send it to another application via API then it is good practice to secure that data using encryption.

Laravel provides encrypt and decrypt helpers to encryption data. But we won't use it. We will use the openssl_encrypt method so that our mobile application developer can easily decrypt that encrypted data via this cipher and encryption key and IV.

To create this data encryption in Laravel, I will use the openssl_encrypt php method and AES-256-CBC as a cipher. Look at the below openssl_method, it will take many parameters but all the parameters are not mendatory. 

  /**
         * openssl_encrypt(
         *  string $data,
         *  string $cipher_algo,
         *  string $passphrase,
         *  int $options = 0,
         *  string $iv = "",
         *  string &$tag = null,
         *  string $aad = "",
         *  int $tag_length = 16
         * ): string|false
         */

 

So if we want to create a data encryption system in Laravel using the openssl_encrypt method then we have to pass data like the below image:

 

Now let's see how we can create a very secured data encryption system in Laravel.

 

Step 1: Update ENV

We need ENCRYPTION_KEY and ENCRYPTION_IV as a parameter of the openssl_encrypt method. So create it like below as an example:

env
ENCRYPTION_KEY="71JZl1BjU5HFwmKrLly4WagG6GiQp0Qf"
ENCRYPTION_IV="LF8niCoUTmTRRkXt"

 

Step 2: Create Route

Now we have to create a route. Update web.php file like below:

routes/web.php

use App\Http\Controllers\UserController;
use Illuminate\Support\Facades\Route;

Route::controller(UserController::class)->group(function () {
    Route::get('/', 'index')->name('index');
});

 

Step 3: Create Controller

Now update the controller like below to create a data encryption system in Laravel using the openssl_encrypt method with cipher and IV. 

app/Http/Controllers/PostController.php

namespace App\Http\Controllers;

use App\Models\User;
use Illuminate\Http\Request;

class UserController extends Controller
{   
    public function index(User $user)
    {   
        //data we are going to encrypt

        $data = [
           'account_no' => 124234545,
           'balance'    => 300000
        ];

        $encrypted_credential = openssl_encrypt(
            json_encode($data),
            'AES-256-CBC',
            env('ENCRYPTION_KEY'),
            0,
            env('ENCRYPTION_IV')
        );

        return [
            'data' => $data ? $encrypted_credential : null,
            'raw' => $data
        ];
    }

}

 

Now if you run php artisan serve command and test it by visiting http://127.0.0.1:8000/ URL then you will see the following output:

 

Read also: Upload Large CSV File using Queue Job Batching in Laravel

 

See our encrypted data and our raw data which has been encrypted. So hope this tutorial can help you.

 

#laravel #laravel-9x