diff --git a/navigation.php b/navigation.php index a010f94..65c3caf 100644 --- a/navigation.php +++ b/navigation.php @@ -209,6 +209,7 @@ return [ ], ], 'Console commands' => 'console-commands', + 'Tenant attribute encryption' => 'tenant-attribute-encryption', 'Cached lookup' => 'cached-lookup', 'Real-time facades' => 'realtime-facades', 'Tenant maintenance mode' => 'tenant-maintenance-mode', diff --git a/package-lock.json b/package-lock.json index 91a24ac..245820e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -24968,6 +24968,7 @@ }, "laravel-mix-jigsaw": { "version": "git+ssh://git@github.com/iskrisis/laravel-mix-jigsaw.git#7c81913bc5cb6f3c8ab238c97443f059182bce7f", + "integrity": "sha512-sC8G4X8zfRMXNuZGUhxRIkkIA/EXyIkXNk3V1aVasT1paoV6rLwUXqLSaRW/3Q08ZYQFtJTJrRfssywe8s8Zvw==", "dev": true, "from": "laravel-mix-jigsaw@github:iskrisis/laravel-mix-jigsaw", "requires": { diff --git a/source/docs/v3/configuration.blade.md b/source/docs/v3/configuration.blade.md index ba4d1aa..6912889 100644 --- a/source/docs/v3/configuration.blade.md +++ b/source/docs/v3/configuration.blade.md @@ -60,6 +60,7 @@ The list of domains that host your [central app]({{ $page->link('the-two-applica This config array lets you enable, disable or add your own [tenancy bootstrappers]({{ $page->link('tenancy-bootstrappers') }}). ### Database {#database} +> Note: If you're using [Laravel Sail](https://laravel.com/docs/9.x/sail), ensure that `DB_USERNAME` has the necessary permissions to create databases. You can grant access to users by running `grant create on *.* to 'sail'@'%';` in the MySQL console. `tenancy.database.*` diff --git a/source/docs/v3/quickstart.blade.md b/source/docs/v3/quickstart.blade.md index c95a833..9a1cbc3 100644 --- a/source/docs/v3/quickstart.blade.md +++ b/source/docs/v3/quickstart.blade.md @@ -176,6 +176,8 @@ To have users in tenant databases, let's move the `users` table migration (the f ## Creating tenants {#creating-tenants} +> Note: If you're using [Laravel Sail](https://laravel.com/docs/9.x/sail), ensure that `DB_USERNAME` has the necessary permissions to create databases. You can grant access to users by running `grant create on *.* to 'sail'@'%';` in the MySQL console. + For testing purposes, we'll create a tenant in `tinker` — no need to waste time creating controllers and views for now. ```php diff --git a/source/docs/v3/tenant-attribute-encryption.blade.md b/source/docs/v3/tenant-attribute-encryption.blade.md new file mode 100644 index 0000000..8eba1b1 --- /dev/null +++ b/source/docs/v3/tenant-attribute-encryption.blade.md @@ -0,0 +1,65 @@ +--- +title: Tenant attribute encryption +extends: _layouts.documentation +section: content +--- + +# Tenant attribute encryption {#encrypt} + +To encrypt attributes on the Tenant model, store them in [custom columns]({{ $page->link('tenants/#custom-columns') }}) and cast the attributes to `'encrypted'`, or your custom encryption cast. + +For example, we'll encrypt the tenant's database credentials – `tenancy_db_username` and `tenancy_db_password`. We need to create custom columns for these attributes, because by default, they are stored in the virtual `data` column. + +- Add custom columns to the tenants table (we recommend making the string size at least 512 characters, so the string is capable of containing the encrypted data): + +```php +string('id')->primary(); + + // Your custom columns + $table->string('tenancy_db_username', 512); + $table->string('tenancy_db_password', 512); + + $table->timestamps(); + $table->json('data')->nullable(); + }); + } +} +``` + +- Define the custom columns on the Tenant model: + +```php +public static function getCustomColumns(): array +{ + return [ + 'id', + 'tenancy_db_username', + 'tenancy_db_password', + ]; +} +``` + +- Then define casts for the attributes on the model (using [Laravel's encrypted casts](https://laravel.com/docs/9.x/eloquent-mutators#encrypted-casting), or your custom casts): + +```php +protected $casts = [ + 'tenancy_db_username' => 'encrypted', + 'tenancy_db_password' => 'encrypted', +]; +```