Closed labrador-gibraltar closed 1 year ago
mogilvie
commented
2 years ago Hi, No, there is not a CLI command for decryption individual values. I'm not sure of the use case for it, except maybe to test. But there are unit tests that do the same thing. You can and modify one of those if you need it in your own application.
A global key change command is something that would be useful. Is this something that you would be able to put a pull request for?
labrador-gibraltar
commented
2 years ago Thank you for quick reply! I encrypt third-party API credentials, obtained via OAuth. Sometimes there is need to use them in test API requests and in other application, and it would be handy to quickly get what is already stored in DB rather then use debugger or run authorization once again.
At the moment I haven't a single line of code which could enhance the bundle, but i'll try to implement some features and will be happy to contribute
mogilvie
commented
1 year ago Coming back to this request. I've decided not no create a command to decrypt individual values via command line interface. If you want such a thing, then it's straight forward enough to write a short command that fires an EncryptEvent to decrypt the value.
On the second item of global key change. I have just added a command allow to decrypt/encrypt all Encrypted values in the database. So to change the compromised key you would:
Is there a simple way to get decrypted value having secret key and encrypted value? Like
php bin/console decrypt:value <encrypted value> [--key <secret key>]And how do I change key (decrypt and than encrypt with new key all data) if it's is compromised?