EncryptableFieldService
in package
Layer 2: Transparent database field encryption.
Manages encryption/decryption of sensitive database columns by category. Encrypted values are stored as base64-encoded ciphertext with a prefix marker.
Categories:
- contact_details: email, address, telephone, fax, contact person
- financial_data: appraisal values
- donor_information: actor history (when actor is donor)
- personal_notes: note content
- access_restrictions: rights notes
Table of Contents
Methods
- decryptCategory() : array{decrypted: int, skipped: int, failed: int, errors: string[]}
- Decrypt all fields in a category (reverse encryption).
- decryptValue() : string
- Decrypt a single value if it's encrypted.
- encryptCategory() : array{encrypted: int, skipped: int, failed: int, errors: string[]}
- Encrypt all fields in a category.
- encryptValue() : string
- Encrypt a plaintext value for storage.
- getCategories() : array<string|int, string>
- Get all available categories.
- getCategoryFields() : array<string|int, array{0: string, 1: string}>
- Get the field definitions for a category.
- isCategoryEnabled() : bool
- Check if a specific category is enabled for encryption.
- isEncryptedValue() : bool
- Check if a value is encrypted (has the prefix marker).
- isFieldEncrypted() : bool
- Check if a specific field is currently encrypted.
Methods
decryptCategory()
Decrypt all fields in a category (reverse encryption).
public
static decryptCategory(string $category[, callable|null $progress = null ]) : array{decrypted: int, skipped: int, failed: int, errors: string[]}
Parameters
- $category : string
-
Category name
- $progress : callable|null = null
-
Callback
Return values
array{decrypted: int, skipped: int, failed: int, errors: string[]}decryptValue()
Decrypt a single value if it's encrypted.
public
static decryptValue(string $value) : string
Parameters
- $value : string
-
Raw database value
Return values
string —Decrypted value (or original if not encrypted)
encryptCategory()
Encrypt all fields in a category.
public
static encryptCategory(string $category[, callable|null $progress = null ]) : array{encrypted: int, skipped: int, failed: int, errors: string[]}
Parameters
- $category : string
-
Category name
- $progress : callable|null = null
-
Callback: function(string $table, string $column, int $current, int $total)
Return values
array{encrypted: int, skipped: int, failed: int, errors: string[]}encryptValue()
Encrypt a plaintext value for storage.
public
static encryptValue(string $value) : string
Parameters
- $value : string
-
Plaintext value
Return values
string —Prefixed base64-encoded ciphertext
getCategories()
Get all available categories.
public
static getCategories() : array<string|int, string>
Return values
array<string|int, string>getCategoryFields()
Get the field definitions for a category.
public
static getCategoryFields(string $category) : array<string|int, array{0: string, 1: string}>
Parameters
- $category : string
Return values
array<string|int, array{0: string, 1: string}> —[[table, column], ...]
isCategoryEnabled()
Check if a specific category is enabled for encryption.
public
static isCategoryEnabled(string $category) : bool
Parameters
- $category : string
Return values
boolisEncryptedValue()
Check if a value is encrypted (has the prefix marker).
public
static isEncryptedValue(string $value) : bool
Parameters
- $value : string
Return values
boolisFieldEncrypted()
Check if a specific field is currently encrypted.
public
static isFieldEncrypted(string $table, string $column) : bool
Parameters
- $table : string
- $column : string