tenancy-docs/source/docs/v3/tenant-attribute-encryption.blade.md

title	extends	section
Tenant attribute encryption	_layouts.documentation	content

Tenant attribute encryption

To encrypt the tenant attributes, store them in custom columns, and on the Tenant model, cast the attributes you want to encrypt to 'encrypted', or use your custom encryption cast.

For example, we'll encrypt the tenant's database credentials – tenancy_db_username and tenancy_db_password. We need to create custom columns for these attributes, because they are, by default, stored using virtual column.

• Add custom columns to the tenants migration (we recommend making the string size at least 512 characters, so the string is capable of containing the encrypted data):

<?php

use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;

class CreateTenantsTable extends Migration
{
    /**
     * Run the migrations.
     *
     * @return void
     */
    public function up(): void
    {
        Schema::create('tenants', function (Blueprint $table) {
            $table->string('id')->primary();

            // Your custom columns
            $table->string('tenancy_db_username', 512);
            $table->string('tenancy_db_password', 512);

            $table->timestamps();
            $table->json('data')->nullable();
        });
    }
}

• Define the custom columns on the Tenant model:

public static function getCustomColumns(): array
{
    return [
        'id',
        'tenancy_db_username',
        'tenancy_db_password',
    ];
}

• Then define casts for the attributes on the model (using Laravel's encrypted casts, or your custom casts):

protected $casts = [
    'tenancy_db_username' => 'encrypted',
    'tenancy_db_password' => 'encrypted',
];