You can use a custom encryption class instead of Halite or Defuse.
Your class must implement Nowo\DoctrineEncryptBundle\Encryptors\EncryptorInterface:
namespace App\Encryptor;
use Nowo\DoctrineEncryptBundle\Encryptors\EncryptorInterface;
class MyEncryptor implements EncryptorInterface
{
public function __construct(string $secretKeyPath)
{
// Load or derive key from $secretKeyPath
}
public function encrypt(string $data): string
{
// Return encrypted string
}
public function decrypt(string $data): string
{
// Return decrypted string
}
}- Register your class as a service (e.g. in
config/services.yamlor via service attribute). - In
config/packages/nowo_doctrine_encrypt.yaml, setencryptor_classto your class FQCN:
nowo_doctrine_encrypt:
encryptor_class: App\Encryptor\MyEncryptor
secret_directory_path: '%kernel.project_dir%'The bundle will pass secret_directory_path (and the resolved key file path) to your encryptor’s constructor; the exact argument is the same as for the built-in encryptors (see HaliteEncryptor / DefuseEncryptor in the bundle source).
Prefer using well-audited libraries (e.g. Halite or Defuse). If you implement a custom encryptor, ensure you use a secure key derivation and authenticated encryption where appropriate.