Merge pull request #4 from codedmonkey/encryption

Encrypted database values

Author: codedmonkey

.github/workflows/tests.yaml

@@ -49,6 +49,9 @@ jobs:
       - name: Install Composer dependencies
         run: composer install --ansi --no-interaction --no-progress
 
+      - name: Generate encryption keys
+        run: bin/console encryption:generate-keys
+
       - name: Validate mapping
         run: bin/console doctrine:schema:validate --skip-sync -vvv --ansi --no-interaction
 
@@ -113,6 +116,9 @@ jobs:
       - name: Build assets
         run: npm run build
 
+      - name: Generate encryption keys
+        run: bin/console encryption:generate-keys
+
       - name: Create database schema
         run: bin/console doctrine:schema:create --env=test
 

.gitignore

@@ -4,6 +4,7 @@
 /config/dirigent.php
 /config/dirigent.yaml
 /config/dirigent.yml
+/config/encryption/
 /config/packages/dirigent.yaml
 /storage/
 

Dockerfile

@@ -61,6 +61,7 @@ RUN set -e; \
         php83-phar \
         php83-session \
         php83-simplexml \
+        php83-sodium \
         php83-tokenizer \
         php83-xml \
         postgresql \

composer.json

@@ -11,6 +11,7 @@
         "ext-ctype": "*",
         "ext-curl": "*",
         "ext-iconv": "*",
+        "ext-sodium": "*",
         "cebe/markdown": "^1.2",
         "composer/composer": "^2.7",
         "doctrine/doctrine-bundle": "^2.11",

composer.lock

@@ -8,6 +8,9 @@ doctrine:
 
         profiling_collect_backtrace: '%kernel.debug%'
         use_savepoints: true
+
+        types:
+            encrypted_text: CodedMonkey\Dirigent\Doctrine\Type\EncryptedTextType
     orm:
         auto_generate_proxy_classes: true
         enable_lazy_ghost_objects: true

config/packages/doctrine.yaml

@@ -4,3 +4,5 @@ doctrine_migrations:
         # as migrations classes should NOT be autoloaded
         'DoctrineMigrations': '%kernel.project_dir%/migrations'
     enable_profiler: false
+    services:
+        'Doctrine\Migrations\Version\MigrationFactory': CodedMonkey\Dirigent\Doctrine\MigrationFactory

config/packages/doctrine_migrations.yaml

@@ -31,4 +31,5 @@ services:
         public: true
         arguments:
             -
+                'encryption:generate-keys': '@CodedMonkey\Dirigent\Command\EncryptionGenerateKeysCommand'
                 'packages:update': '@CodedMonkey\Dirigent\Command\PackagesUpdateCommand'

config/services.yaml

@@ -2,6 +2,13 @@ parameters:
   kernel_secret: '%env(default:kernel_secret_file:KERNEL_SECRET)%'
   kernel_secret_file: '%env(default::file:KERNEL_SECRET_FILE)%'
 
+dirigent:
+  encryption:
+    private_key: '%env(DECRYPTION_KEY)%'
+    private_key_path: '%env(DECRYPTION_KEY_FILE)%'
+    public_key: '%env(ENCRYPTION_KEY)%'
+    public_key_path: '%env(ENCRYPTION_KEY_FILE)%'
+
 framework:
   secret: '%kernel_secret%'
 

docker/config.yaml

@@ -5,6 +5,10 @@
     'DIRIGENT_IMAGE' => '1',
     'SYMFONY_DOTENV_PATH' => './.env.dirigent',
 
+    'DECRYPTION_KEY' => '',
+    'DECRYPTION_KEY_FILE' => '/srv/config/secrets/decryption_key',
+    'ENCRYPTION_KEY' => '',
+    'ENCRYPTION_KEY_FILE' => '/srv/config/secrets/encryption_key',
     'GITHUB_TOKEN' => '',
     'KERNEL_SECRET_FILE' => '/srv/config/secrets/kernel_secret',
     'MAILER_DSN' => 'null://null',