Skip to content

dachcom-digital/pimcore-secure-storage

Repository files navigation

Pimcore Secure Storage Bundle

Software License Software License Latest Release

Release Plan

Release Supported Pimcore Versions Supported Symfony Versions Release Date Maintained Branch
1.x ^11.3 ^6.4 -- Feature Branch master

Installation

"require" : {
    "dachcom-digital/secure-storage" : "~1.0.0",
}

Add Bundle to bundles.php:

return [
    SecureStorageBundle\SecureStorageBundle::class => ['all' => true],
];

Description

Encrypt/Decrypt assets on the fly!

Required PHP Extensions

  • openssl

Usage

Caution

This is a very, very dangerous bundle which can lead to heavy data loss, if you're not careful! Please read the instructions carefully!

Safety Instructions

  • Do not define paths with existing assets. Create a new folder or delete all assets first. Those assets can't be opened after defined (since they're not encrypted)
  • You'll never be able to remove those paths from configuration. If you have to, you need to download the assets from backend first
  • Do not change the key, after you pushed this to production. Encrypted assets will be end up corrupt

Limitations

  • The secure adapter only supports the LocalFilesystemAdapter. This is fine, since other adapters like aws or cloudflare usually already support encryption by default
  • Thumbnails can't be generated, since pimcore uses the getLocaleFileFromStream method in TemporaryFileHelperTrait. This is something we might can fix in the near future

Configuration

File Encryption

secure_storage:
    encrypter:
        options:
            cipher: 'aes-128-cbc'   # default
            key: 'your-12-bit-key'  # create your key with base64_encode(openssl_random_pseudo_bytes(16));

    secured_fly_system_storages:

        # form builder (if you want to encrypt form builder data)
        - storage: form_builder.chunk.storage
        - storage: form_builder.files.storage

        # pimcore
        -
            storage: pimcore.asset.storage
            paths:
                - /secure-storage
                - /formdata

Custom Encrypter

TBD


Asset Protection

secure_storage:

    pimcore_asset_protection:

        # protects:
        # - public/var/assets [pimcore.asset.storage]
        # - public/tmp/asset-cache [pimcore.asset_cache.storage]
        # - public/tmp/thumbnails [pimcore.thumbnail.storage]
        htaccess_protection_public_directories:
            paths:
                - /secure-storage

        omit_backend_search_indexing:
            paths:
                - /secure-storage

Upgrade Info

Before updating, please check our upgrade notes!

License

DACHCOM.DIGITAL AG, Löwenhofstrasse 15, 9424 Rheineck, Schweiz
dachcom.com, [email protected]
Copyright © 2024 DACHCOM.DIGITAL. All rights reserved.

For licensing details please visit LICENSE.md