This bundle is the wrapper for the Broadway Sensitive Serializer library. You can find more info on the base library here.
git clone https://github.com/matiux/broadway-sensitive-serializer-bundle.git && cd broadway-sensitive-serializer-bundle
cp docker/docker-compose.override.dist.yml docker/docker-compose.override.yml
rm -rf .git/hooks && ln -s ../scripts/git-hooks .git/hooks
make build-php ARG="--no-cache"
make upd
make composer ARG="install"
make build-php ARG="--no-cache"
make upd
make phpunit
broadway_sensitive_serializer:
aggregate_master_key: 'm4$t3rS3kr3tk31' # Master key to encrypt the keys of aggregates. Get it from an external service or environment variable
key_generator: open-ssl # For now is the only one generator implemented
# To use the DBAL implementation, install matiux/broadway-sensitive-serializer-dbal package with composer
aggregate_keys: broadway_sensitive_serializer.aggregate_keys.dbal
#aggregate_keys: broadway_sensitive_serializer.aggregate_keys.in_memory # Default implementation, of little use outside of testing
data_manager:
name: AES256 # For now, it is the only encryption strategy implemented
key: null # Encryption key to sensitize data. If null you will need to pass the key at runtime. This is the convenient way, check out the examples and wiki on main library
iv: null # Initialization vector. If null it will be generated internally and iv_encoding must be set to true. This is the convenient way, check out the examples and wiki on main library
iv_encoding: true # Encrypt the iv and is appends to encrypted value. It makes sense to set it to true if the iv option is set to null. This is the convenient way, check out the examples and wiki on main library
#--- Alternatively -----
#data_manager:
# name: AES256
# parameters:
# AES256:
# key: null
# iv: null
# iv_encoding: true
strategy:
name: whole
aggregate_key_auto_creation: true # Enable AggregateKey model auto creation. This is the convenient way, check out the examples and wiki on main library
value_serializer: json # Strategy to serialize payload's values. Default json
excluded_id_key: id # The key of the aggregate id which should not be encrypted
excluded_keys: # List of keys to be excluded from encryption
- occurred_at
events: # List of events supported by the strategy
- SensitiveUser\User\Domain\Event\AddressAdded
- SensitiveUser\User\Domain\Event\UserRegistered
#--- Alternatively -----
#strategy:
# name: whole
# parameters:
# whole:
# aggregate_key_auto_creation: true
# value_serializer: json
# excluded_id_key: id
# excluded_keys:
# - occurred_at
# events:
# - SensitiveUser\User\Domain\Event\AddressAdded
# - SensitiveUser\User\Domain\Event\UserRegistered
broadway_sensitive_serializer:
aggregate_master_key: 'm4$t3rS3kr3tk31' # Master key to encrypt the keys of aggregates. Get it from an external service or environment variable
key_generator: open-ssl # For now is the only one generator implemented
# To use the DBAL implementation, install matiux/broadway-sensitive-serializer-dbal package with composer
aggregate_keys: broadway_sensitive_serializer.aggregate_keys.dbal
#aggregate_keys: broadway_sensitive_serializer.aggregate_keys.in_memory # Default implementation, of little use outside of testing
data_manager:
name: AES256 # For now, it is the only encryption strategy implemented
key: null # Encryption key to sensitize data. If null you will need to pass the key at runtime. This is the convenient way, check out the examples and wiki on main library
iv: null # Initialization vector. If null it will be generated internally and iv_encoding must be set to true. This is the convenient way, check out the examples and wiki on main library
iv_encoding: true # Encrypt the iv and is appends to encrypted value. It makes sense to set it to true if the iv option is set to null. This is the convenient way, check out the examples and wiki on main library
#--- Alternatively -----
#data_manager:
# name: AES256
# parameters:
# AES256:
# key: null
# iv: null
# iv_encoding: true
strategy:
name: partial
aggregate_key_auto_creation: true # Enable AggregateKey model auto creation. This is the convenient way, check out the examples and wiki on main library
value_serializer: json # Strategy to serialize payload's values. Default json
events: # List of events supported by the strategy
- SensitiveUser\User\Domain\Event\AddressAdded:
- address # List of keys to sensitize
- SensitiveUser\User\Domain\Event\UserRegistered:
- name
- surname
#--- Alternatively -----
#strategy:
# name: partial
# parameters:
# partial:
# aggregate_key_auto_creation: true
# value_serializer: json
# events:
# - SensitiveUser\User\Domain\Event\AddressAdded:
# - address
# - SensitiveUser\User\Domain\Event\UserRegistered:
# - name
# - surname
broadway_sensitive_serializer:
aggregate_master_key: 'm4$t3rS3kr3tk31' # Master key to encrypt the keys of aggregates. Get it from an external service or environment variable
key_generator: open-ssl # For now is the only one generator implemented
# To use the DBAL implementation, install matiux/broadway-sensitive-serializer-dbal package with composer
aggregate_keys: broadway_sensitive_serializer.aggregate_keys.dbal
#aggregate_keys: broadway_sensitive_serializer.aggregate_keys.in_memory # Default implementation, of little use outside of testing
data_manager:
name: AES256 # For now, it is the only encryption strategy implemented
key: null # Encryption key to sensitize data. If null you will need to pass the key at runtime. This is the convenient way, check out the examples and wiki on main library
iv: null # Initialization vector. If null it will be generated internally and iv_encoding must be set to true. This is the convenient way, check out the examples and wiki on main library
iv_encoding: true # Encrypt the iv and is appends to encrypted value. It makes sense to set it to true if the iv option is set to null. This is the convenient way, check out the examples and wiki on main library
#--- Alternatively -----
#data_manager:
# name: AES256
# parameters:
# AES256:
# key: null
# iv: null
# iv_encoding: true
strategy:
name: custom
aggregate_key_auto_creation: true # Enable AggregateKey model auto creation. This is the convenient way, check out the examples and wiki on main library
value_serializer: json # Strategy to serialize payload's values. Default json
#--- Alternatively -----
#strategy:
# name: custom
# parameters:
# custom:
# aggregate_key_auto_creation: true
# value_serializer: json