How to encrypt and decrypt data in Laravel?
Jul 30, 2025 am 03:23 AM
Laravel uses Crypt facade to implement data encryption and decryption. First, ensure that there is a valid APP_KEY in the .env file and generate it through php artisan key:generate; 1. Encrypt strings using Crypt::encryptString(), such as $encrypted = Crypt::encryptString('Hello, this is secret!'); 2. Decrypt data using Crypt::decryptString($encrypted) and catch DecryptException with try-catch; 3. In the model, store and decrypt readings can be automatically encrypted through accessors and modifiers, such as setSsnAttribute and getSsnAttribute methods; 4. Be careful not to use encryption to store passwords. Hash::make() should be used. Once APP_KEY changes the original encrypted data, it will not be decrypted. Avoid encrypting a large amount of data to reduce overhead. File encryption requires encrypting content before storing. Summary: Laravel provides secure and convenient encryption services through the AES-256-CBC algorithm, and reasonably use the Crypt facade and perform exception handling and key management to ensure data security.
Laravel provides a simple and secure way to encrypt and decrypt data using its built-in encryption service , which leverages OpenSSL with the AES-256-CBC cipher by default. This ensures that sensitive data (like API keys, user info, or configuration values) can be safely stored or transmitted.
Here's how you can encrypt and decrypt data in Laravel:
? 1. Use Laravel's Crypt Facade
Laravel's Crypt facade provides an easy interface for encryption and decryption. It requires that your app has a valid APP_KEY set in the .env file (which is generated automatically during installation).
Make sure your .env contains something like:
APP_KEY=base64:your-random-base64-encoded-string
You can generate it using:
php artisan key:generate
? 2. Encrypt Data
To encrypt data, use Crypt::encrypt() or Crypt::encryptString() .
? Use
encryptString()for strings to avoid serialization issues.
use Illuminate\Support\Facades\Crypt; $encrypted = Crypt::encryptString('Hello, this is secret!');
This returns an encrypted string that looks like:
eyJpdiI6Inl...
You can store this in a database or session safely.
? 3. Decrypt Data
To decrypt, use Crypt::decryptString() (for strings):
try {
$decrypted = Crypt::decryptString($encrypted);
echo $decrypted; // Output: Hello, this is secret!
} catch (Illuminate\Contracts\Encryption\DecryptException $e) {
// Handle decryption failure (eg, tampered data, wrong key)
echo 'Decryption failed!';
}?? Always wrap decryption in a try-catch block because invalid or tampered data will throw a
DecryptException.
? 4. Example: Storing Encrypted Data in Database
Suppose you have a users table with an ssn (Social Security Number) field you want to encrypt.
In your model (optional):
use Illuminate\Support\Facades\Crypt;
class User extends Model
{
// Don't store raw SSN
public function setSsnAttribute($value)
{
$this->attributes['ssn'] = Crypt::encryptString($value);
}
public function getSsnAttribute($value)
{
try {
return Crypt::decryptString($value);
} catch (\Illuminate\Contracts\Encryption\DecryptException $e) {
return 'Decryption failed';
}
}
}Now when you save:
User::create([
'name' => 'John Doe',
'ssn' => '123-45-6789', // Automatically encrypted
]);When you read:
$user = User::first(); echo $user->ssn; // Automatically decrypted → "123-45-6789"
?? Security Notes
- Never encrypt passwords — use
Hash::make()instead. - The encryption uses your
APP_KEY. If it changes, all previously encrypted data becomes undecryptable. - Avoid encrypting large amounts of data — encryption adds overhead and storage size.
- For encrypting files, consider encrypting the file content before saving and decrypting after reading.
? Manual Encryption Without Facade (Optional)
You can also use the service container directly:
app('encryptter')->encryptString('data'); app('encrypter')->decryptString($encryptedData);
? Summary
| Task | Code |
|---|---|
| Encrypt string | Crypt::encryptString('secret')
|
| Decrypt string | Crypt::decryptString($encrypted)
|
| Handle errors | Use try/catch
|
| Auto encrypt/decrypt in models | Use accessors/mutators |
Basically, Laravel makes encryption simple and secure out of the box — just use Crypt::encryptString() and Crypt::decryptString() with proper error handling. Keep your APP_KEY safe and never expose decrypted data unnecessarily.
The above is the detailed content of How to encrypt and decrypt data in Laravel?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to use PHP to develop a Q&A community platform Detailed explanation of PHP interactive community monetization model
Jul 23, 2025 pm 07:21 PM
1. The first choice for the Laravel MySQL Vue/React combination in the PHP development question and answer community is the first choice for Laravel MySQL Vue/React combination, due to its maturity in the ecosystem and high development efficiency; 2. High performance requires dependence on cache (Redis), database optimization, CDN and asynchronous queues; 3. Security must be done with input filtering, CSRF protection, HTTPS, password encryption and permission control; 4. Money optional advertising, member subscription, rewards, commissions, knowledge payment and other models, the core is to match community tone and user needs.
Guide to matching Laravel routing parameter passing and controller method
Jul 23, 2025 pm 07:24 PM
This article aims to resolve common errors in the Laravel framework where routing parameter passing matches controller methods. We will explain in detail why writing parameters directly to the controller method name in the routing definition will result in an error of "the method does not exist", and provide the correct routing definition syntax to ensure that the controller can correctly receive and process routing parameters. In addition, the article will explore best practices for using HTTPDELETE methods in deletion operations.
Data_get practice for dynamic access to model association properties in Laravel Livewire
Jul 23, 2025 pm 06:51 PM
This article aims to solve how to efficiently and securely access deep properties associated with model through string paths when dynamically rendering data in LaravelLivewire components. When you need to obtain specific fields of the associated model based on a configuration string (such as "user.name"), access using object properties will fail. The article will introduce Laravel's data_get helper function in detail and provide code examples to show how to use it to solve this problem gracefully and ensure the flexibility and robustness of data acquisition.
How to develop AI intelligent form system with PHP PHP intelligent form design and analysis
Jul 25, 2025 pm 05:54 PM
When choosing a suitable PHP framework, you need to consider comprehensively according to project needs: Laravel is suitable for rapid development and provides EloquentORM and Blade template engines, which are convenient for database operation and dynamic form rendering; Symfony is more flexible and suitable for complex systems; CodeIgniter is lightweight and suitable for simple applications with high performance requirements. 2. To ensure the accuracy of AI models, we need to start with high-quality data training, reasonable selection of evaluation indicators (such as accuracy, recall, F1 value), regular performance evaluation and model tuning, and ensure code quality through unit testing and integration testing, while continuously monitoring the input data to prevent data drift. 3. Many measures are required to protect user privacy: encrypt and store sensitive data (such as AES
How to set environment variables in PHP environment Description of adding PHP running environment variables
Jul 25, 2025 pm 08:33 PM
There are three main ways to set environment variables in PHP: 1. Global configuration through php.ini; 2. Passed through a web server (such as SetEnv of Apache or fastcgi_param of Nginx); 3. Use putenv() function in PHP scripts. Among them, php.ini is suitable for global and infrequently changing configurations, web server configuration is suitable for scenarios that need to be isolated, and putenv() is suitable for temporary variables. Persistence policies include configuration files (such as php.ini or web server configuration), .env files are loaded with dotenv library, and dynamic injection of variables in CI/CD processes. Security management sensitive information should be avoided hard-coded, and it is recommended to use.en
How to make PHP container support automatic construction? Continuously integrated CI configuration method of PHP environment
Jul 25, 2025 pm 08:54 PM
To enable PHP containers to support automatic construction, the core lies in configuring the continuous integration (CI) process. 1. Use Dockerfile to define the PHP environment, including basic image, extension installation, dependency management and permission settings; 2. Configure CI/CD tools such as GitLabCI, and define the build, test and deployment stages through the .gitlab-ci.yml file to achieve automatic construction, testing and deployment; 3. Integrate test frameworks such as PHPUnit to ensure that tests are automatically run after code changes; 4. Use automated deployment strategies such as Kubernetes to define deployment configuration through the deployment.yaml file; 5. Optimize Dockerfile and adopt multi-stage construction
Deep analysis of matching Laravel routing parameter transfer and controller method
Jul 23, 2025 pm 07:15 PM
This article deeply explores the correct transmission of routing parameters and the matching mechanism of controller methods in the Laravel framework. In response to the common "method does not exist" error caused by writing routing parameters directly to the controller method name, the article elaborates on the correct way to define routing, that is, declare parameters in the URI and receive them as independent parameters in the controller method. At the same time, the article also provides code examples and suggestions on best practices for HTTP methods, aiming to help developers build more robust and RESTful Laravel applications.
Laravel routing parameter passing: correctly define the controller method and routing binding
Jul 23, 2025 pm 07:06 PM
This article discusses the correct posture of parameter transfer of controller method in Laravel routing in depth. In response to common errors caused by writing routing parameters directly to the controller method name, the correct routing definition syntax is explained in detail, and the mechanism of Laravel automatic parameter binding is emphasized. At the same time, the article recommends using HTTPDELETE method that is more in line with RESTful specifications to handle deletion operations to improve the maintainability and semantics of the application.
