isapp/statamic-sensitive-form-fields
Composer 安装命令:
composer require isapp/statamic-sensitive-form-fields
包简介
Encrypt selected form submission fields at rest. Decrypt on read for authorized users only.
README 文档
README
Encrypt selected form submission fields before they are written to disk or database. Personal data — emails, phone numbers, messages — stays encrypted at rest and is decrypted at runtime only for authorized users.
Free vs Pro
| Feature | Free | Pro |
|---|---|---|
| AES-256-CBC encryption at rest | ✓ | ✓ |
| Per-field "Sensitive" toggle in blueprint editor | ✓ | ✓ |
| Works with Stache and Eloquent Driver | ✓ | ✓ |
| Double-encryption guard | ✓ | ✓ |
| Global enable/disable toggle | ✓ | ✓ |
| All CP users see decrypted values | ✓ | — |
| Role-based access control | — | ✓ |
| Masked values for unauthorized users | — | ✓ |
Configurable mask string (default: ••••••) |
— | ✓ |
| Re-key on APP_KEY rotation | — | ✓ |
Requirements
- PHP 8.2+
- Statamic 6+
Installation
composer require isapp/statamic-sensitive-form-fields
Before You Start: APP_KEY
This addon encrypts data using Laravel's Crypt, which relies entirely on your application's APP_KEY.
If APP_KEY changes, all previously encrypted submission data becomes permanently unreadable.
There is no recovery path without the original key. Before enabling this addon on a production site:
- Confirm your
APP_KEYis backed up securely (password manager, secrets vault) - Never commit
.envto version control - If you ever need to rotate
APP_KEY, usesensitive-fields:rekey(Pro) to re-encrypt submissions under the new key before traffic hits the rotated key (see Re-key after APP_KEY rotation)
A lost or rotated
APP_KEY= unrecoverable submission data. The addon logs a warning and returns raw ciphertext on decryption failure, but cannot recover data without the original key.
Usage
1. Mark fields as sensitive
Open any form blueprint in the Control Panel. On text or textarea fields, enable "Sensitive (encrypted at rest)".
From this point on, new submissions will have those field values encrypted before storage.
2. [Pro] Assign the permission
Go to CP → Users → Roles and grant a permission to roles that should see plain text. Super admins always see decrypted values regardless of role.
Two permission levels are available:
- View Decrypted Sensitive Fields (global) — grants access to decrypted values across all forms. Use this for administrator roles.
- View Decrypted Sensitive Fields per-form — grants access to decrypted values in one specific form only. Each form gets its own entry in the Roles editor. Use this to give role-specific access (e.g. HR reads the job-application form but not the contact form).
Users without a matching permission see •••••• instead of the actual value.
3. [Pro] Re-key after APP_KEY rotation
The command re-encrypts existing submissions using the current APP_KEY, so the new key must already be in place before you run it:
- Back up the old
APP_KEYvalue. - Set the new
APP_KEYin your.env(and clear config cache if necessary). - Run the rekey command. When invoked without
--old-key, it will prompt for the key interactively (input is hidden):
php artisan sensitive-fields:rekey
For non-interactive environments (CI/CD), pass the key via the option — but be aware it will appear in shell history and process listings:
php artisan sensitive-fields:rekey --old-key="base64:YOUR_OLD_APP_KEY"
Options:
--old-key— the previousAPP_KEYvalue (optional; prompted if omitted)--form=<handle>— limit to a single form--dry-run— preview without writing
If the command reports errors for some submissions, those values could not be decrypted with the provided key and are left unchanged.
4. [Pro] Configure addon settings
Go to CP → Tools → Addons → Sensitive Form Fields → Settings:
- Enabled — toggle encryption on/off globally
- Mask String — text shown to users without the permission (default:
••••••)
How It Works
- On form submission, a
SubmissionSavinglistener encrypts sensitive field values before they are written to storage. Encrypted values are prefixed withenc:v1:. - On read, a repository decorator processes each sensitive value:
- Free tier — decrypts and returns plain text for all CP users
- Pro, authorized — decrypts and returns plain text
- Pro, unauthorized — returns the configured mask string
- Values already prefixed with
enc:v1:are never double-encrypted. - If decryption fails (e.g. after
APP_KEYrotation), the raw ciphertext is returned, a warning is logged, and an error toast is shown in the CP (once per form per hour to avoid notification spam).
Limitations
- Search and filtering — encrypted values are opaque; filtering or searching on sensitive fields will not work
- APP_KEY rotation — changing
APP_KEYbreaks existing encrypted data; set the new key first, then usesensitive-fields:rekey --old-key=<previous-key>(Pro) to re-encrypt (see Re-key after APP_KEY rotation) - Complex field types — only string-based fields are encrypted; arrays, grids, and replicator fields are skipped
- Export — CSV and JSON exports contain decrypted or masked values based on the exporting user's permission (Pro)
- API — REST and GraphQL responses respect the same permission rules (Pro)
Changelog
Release notes are published via GitHub Releases.
Version tags follow Semantic Versioning without a v prefix (e.g. 1.0.0).
isapp/statamic-sensitive-form-fields 适用场景与选型建议
isapp/statamic-sensitive-form-fields 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 5 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 02 月 17 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「form」 「addon」 「encryption」 「statamic」 「sensitive」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 isapp/statamic-sensitive-form-fields 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 isapp/statamic-sensitive-form-fields 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 isapp/statamic-sensitive-form-fields 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Diese Contao 4 Erweiterung stellt Google reCAPTCHA V2 in Form eines neuen Formularfeldes im Formulargenerator bereit. This extension provides Google reCAPTCHA V2 in the form of a new form field in the form generator of Contao Open Source CMS.
Provide a way to secure accesses to all routes of an symfony application.
It's a barebone security class written on PHP
This composer plugin enables installation of GravityForms WordPress plugin and its addons.
A Laravel Filament Forms slug field.
A jQuery augmented PHP library for creating and validating HTML forms
统计信息
- 总下载量: 5
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 32
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: proprietary
- 更新时间: 2026-02-17