The bundle includes two dockerized demo projects (Symfony 7.4 and 8.1). Each runs on FrankenPHP with a custom Caddyfile and has its own Makefile.
Demo home – Overview, CRUD link and console commands:
Secret messages (CRUD) – List of messages (encrypted in DB with Halite), create/edit/delete:
| Demo | Path | Default port | PHP |
|---|---|---|---|
| Symfony 7 | demo/symfony7/ |
8007 | 8.2 |
| Symfony 8 | demo/symfony8/ |
8008 | 8.4 |
From the demo directory (e.g. demo/symfony8):
make up # Start FrankenPHP container
make install # composer install (bundle from /var/doctrine-encrypt-bundle)
make setup # install + DB create + schema + generate secret keyThen open http://localhost:8008 (or the port shown by make up).
- up – Start containers (FrankenPHP HTTP on configured port).
- down – Stop containers.
- build – Rebuild image (no cache).
- install –
composer installin container. - setup – install + db create + schema update + secret key + fixtures.
- shell – Shell in PHP container.
- logs – Container logs.
- db-create, db-schema, key, fixtures – Database, encryption key, and sample data.
- cache-clear, update-bundle, test – Cache, bundle update, tests.
Change port: PORT=9008 make up.
Both demos run with FrankenPHP in worker mode (boot once, handle requests in memory). The bundle is compatible with this setup: no request/session state, encryptors are stateless after loading the key, and the subscriber’s cache is cleared on postFlush. No extra configuration or code is required in the demos for FrankenPHP.
For production or long‑running workers, see the recommendations in Installation → FrankenPHP (e.g. limiting requests per worker when possible).
- Dockerfile – FrankenPHP (Alpine), extensions: zip, intl, sodium, pdo_sqlite; custom Caddyfile.
- docker/frankenphp/Caddyfile – Root
/app/public, workerindex.php(2 workers), encoding (zstd, br, gzip). - docker-compose.yml – Service
php, volumes: demo dir + bundle root as/var/doctrine-encrypt-bundle. - Makefile – Targets above.
- public/index.php – Symfony front controller.
- config/ – Bundles (DoctrineEncryptBundle), Doctrine,
nowo_doctrine_encrypt.yaml. - src/Entity/SecretMessage.php – Example entity with
#[Encrypted]property. - src/Entity/SensitiveRecord.php – Entity with two profiles:
personal_dataandfinancial_data. - src/Controller/DemoController.php – Home route.
- src/Controller/EncryptUtilDemoController.php – Page that uses EncryptUtil, MaskUtil, and the Twig filters
|decryptand|mask. - Templates – CRUD for Secret messages and Sensitive records, plus the EncryptUtil & Twig demo page.
The bundle is installed via Composer path repository pointing to /var/doctrine-encrypt-bundle (mounted from the repo root). See demo/README.md for more detail.
Symfony 7 and Symfony 8 demos both use multiple encryptor profiles. In config/packages/nowo_doctrine_encrypt.yaml you’ll find:
- profiles: e.g.
personal_data(Halite),financial_data(Defuse), and optionallyenv_var(key from%env(APP_ENCRYPT_KEY)%), each with its own key or key file. - default_profile:
personal_data(used by#[Encrypted]without a profile name).
SecretMessage uses the default profile. SensitiveRecord uses both:
personal_note→#[Encrypted('personal_data')]financial_note→#[Encrypted('financial_data')]
The "EncryptUtil & Twig" page demonstrates programmatic encrypt/decrypt via EncryptUtil, masking via MaskUtil, and the Twig filters |decrypt and |mask (default and config-specific usage). Run make encrypt-status (or php bin/console doctrine:encrypt:status) in the demo directory to see entities and encrypted properties. Full reference: Configuration, Usage (EncryptUtil, MaskUtil, Twig filters).
Composer 2.7+ can block packages with open security advisories. The Symfony 7 demo targets 7.4.* (not 7.0.*) so updates align with the patched minor line.
Demos set config.audit.block-insecure: false and policy.advisories.block: false so local composer update works; run composer audit to review advisories. Prefer make install / make update-bundle when you only need dependencies from the lock file.
If composer update still fails after pulling, run inside the container:
composer update -W --no-interaction
