Open francislavoie opened 6 years ago
There was once builtin functionality to, somewhat, encrypt the payload in the queue. That's why there's still a protected $encrypter;
in the Queue class. This functionality has since been removed for unknown reasons.
Send a PR that adds encryption in an opt-in kind of way. It would probably just be done at the bottom of the createPayload method.
So that's the thing, I'd rather the implementation be more general than using Encrypter
because I'm not using the built-in encryption, I'm using an HSM which has a different contract.
Thanks for pointing that out though, I might do that... but that might take too long for the PR to get into a build I can use (I rather stick with 5.5 because it's LTS) 🤷♂️
Huh, did a quick blame, and it seems that $encrypter
was only ever used to encrypt closure jobs... that's weird. https://github.com/laravel/framework/blob/a32f8dadf2b36b3ee7549e0166d14cd465e89896/src/Illuminate/Queue/Queue.php#L157
I just realized something after doing some more digging on serialization in PHP. Apparently classes can implement the Serializable
interface to override how serialization works for a particular model. I think that means I can add a trait to my jobs/events that will have them be encrypted/decrypted before serialization/deserialization. I'll try it out and report back on this issue. I think this could be something added to the queue documentation to note for anyone else who wants to protect their job data
Description:
See: https://github.com/laravel/framework/blob/5.6/src/Illuminate/Queue/Queue.php#L128 https://github.com/laravel/framework/blob/5.6/src/Illuminate/Queue/Queue.php#L175 https://github.com/laravel/framework/blob/5.6/src/Illuminate/Queue/CallQueuedHandler.php#L42 https://github.com/laravel/framework/blob/5.6/src/Illuminate/Queue/CallQueuedHandler.php#L146
Because my Redis instances are hosted on less-secure servers than my application boxes, I need to be able to encrypt all the sensitive data that might be put into Redis. Currently there's no clear or easy way to extend this functionality transparently. I want to be able to plug in my own transformations at these points so I can control the data.
Any suggestions for doing this that I'm missing, or am I basically forced to fork
Illuminate\Queue
to do this?