To make your life a little easier we created some commands that you can use for encrypting and decrypting your current database.
You can use the comment doctrine:encrypt:status to get the current database and encryption information.
$ php bin/console doctrine:encrypt:status
This command will return the amount of entities and the amount of properties with the @Encrypted tag for each entity. The result will look like this:
DoctrineEncrypt\Entity\User has 3 properties which are encrypted.
DoctrineEncrypt\Entity\UserDetail has 13 properties which are encrypted.
2 entities found which are containing 16 encrypted properties.
You can use the comment doctrine:encrypt:database [encryptor] to encrypt the current database.
- Optional parameter [encryptor]
- An encryptor provided by the bundle (Defuse or Halite) or your own encryption class.
- Default: Your encryptor set in the configuration file or the default encryption class when not set in the configuration file
- Optional parameter [batchSize]
- The amount of Entities that are processed before flush is called.
- Default: 20
- Optional parameter [answer]
- The answer to the confirmation question.
- When specified the question is skipped and the supplied answer given.
- Anything except y or yes will be seen as no
- When not specified the confirmation question is asked
$ php bin/console doctrine:encrypt:database
The command asks a confirmation question similar to this:
9 entities found which are containing properties with the encryption tag.
Which are going to be encrypted with [Ambta\DoctrineEncryptBundle\Encryptors\HaliteEncryptor].
Wrong settings can mess up your data and it will be unrecoverable.
I advise you to make a backup.
Continue with this action? (y/yes)
or you can provide an encryptor (optional).
$ php bin/console doctrine:encrypt:database Defuse
$ php bin/console doctrine:encrypt:database Halite
you can also provide the batchsize (optional) to specify the batchSize the encryptor is also required.
$ php bin/console doctrine:encrypt:database Halite 30
Skipping the confirmation question may be done by supplying the answer to be used
$ php bin/console doctrine:encrypt:database --answer=y
$ php bin/console doctrine:encrypt:database --answer=yes
This command will output the progess and state the all values found are now encrypted when done.
You can use the comment doctrine:decrypt:database [encryptor] to decrypt the current database.
- Optional parameter [encryptor]
- An encryptor provided by the bundle (Defuse or Halite) or your own encryption class.
- Default: Your encryptor set in the configuration file or the default encryption class when not set in the configuration file
- Optional parameter [batchSize]
- The amount of Entities that are processed before flush is called.
- Default: 20
- Optional parameter [answer]
- The answer to the confirmation question.
- When specified the question is skipped and the supplied answer given.
- Anything except y or yes will be seen as no
- When not specified the confirmation question is asked
$ php bin/console doctrine:decrypt:database
The command asks a confirmation question similar to this:
199 entities found which are containing 40 properties with the encryption tag.
Which are going to be decrypted with [Ambta\DoctrineEncryptBundle\Encryptors\HaliteEncryptor].
Wrong settings can mess up your data and it will be unrecoverable.
I advise you to make a backup.
Continue with this action? (y/yes)
or you can provide an encryptor (optional).
$ php bin/console doctrine:decrypt:database Defuse
$ php bin/console doctrine:decrypt:database Halite
you can also provide the batchsize (optional) to specify the batchSize the encryptor is also required.
$ php bin/console doctrine:decrypt:database Halite 30
Skipping the confirmation question may be done by supplying the answer to be used
$ php bin/console doctrine:decrypt:database --answer=y
$ php bin/console doctrine:decrypt:database --answer=yes
This command will output the progess and state the all values found are now decrypted when done.
You may want to use your own encryption class learn how here: