LeKoala\Encrypt\MemberKeyProvider
This class provides a multi tenant key provider Each user gets its own key to encrypt its data
- getTenant() selects a KeyProvider based on a given tenant.
- getTenantFromRow() gets the tenant ID (array key) based on the data stored in an encrypted row.
- injectTenantMetadata() injects some breadcrumb for getTenantFromRow() to use to select the appropriate key.
These methods were designed to be generalizable:
If you implement AWS KMS support, for example, you'd probably store an encrypted data key with injectTenantMetadata()
and then ask KMS to decrypt it in getTenantFromRow() (unless it's cached).
Synopsis
class MemberKeyProvider
extends MultiTenantProvider
{
- // members
- protected $forcedTenant;
- // methods
- public void __construct()
- public KeyProviderInterface getTenant()
- public KeyProviderInterface getActiveTenant()
- public MemberKeyProvider setActiveTenant()
- public int getForcedTenant()
- public MemberKeyProvider setForcedTenant()
- public string getTenantFromRow()
- public array injectTenantMetadata()
Hierarchy
Extends
- ParagonIE\CipherSweet\KeyProvider\MultiTenantProvider
Members
protected
- $forcedTenant — int
Methods
public
- __construct() — MemberKeyProvider constructor.
- getActiveTenant()
- getForcedTenant()
- getTenant()
- getTenantFromRow() — Given a row of data, determine which tenant should be selected.
- injectTenantMetadata() — This is called when you encrypt a row, extra fields can be added It's not really used in our case because we encrypt each fields one by one anyway
- setActiveTenant()
- setForcedTenant()