Mask Your Laravel App Eloquent Attributes on Retrieval
A Laravel package that automatically masks sensitive model attributes on retrieval. Supports email, phone, and text masking with highly configurable rules.
This is the Github Repository. https://github.com/irabbi360/laravel-attribute-mask
Features
- Automatic attribute masking on retrieval
- Email, phone, and text masking support
- Configurable mask character and visibility
- Global or per-attribute masking rules
- Auto-detection of phone fields by column name
Installation
composer require irabbi360/laravel-attribute-mask
Publish the config file:
php artisan vendor:publish --tag="attribute-mask-config"
Configuration
The default configuration (config/attribute-mask.php):
return [
'enabled' => true,
'mask_char' => '*',
'email_masking' => [
'show_domain' => true,
'show_start' => 1,
'show_end' => 1,
],
'phone_masking' => [
'show_start' => 3,
'show_end' => 2,
'patterns' => ['phone', 'phone_number', 'mobile', 'mobile_number', ...],
],
'text_masking' => [
'show_start' => 3,
'show_end' => 3,
],
];
Usage
Define Maskable Attributes
Add the HasMaskedAttributes trait and define maskable attributes using the maskables() method:
use Irabbi360\LaravelAttributeMask\Concern\HasMaskedAttributes;
use Illuminate\Database\Eloquent\Model;
class User extends Model
{
use HasMaskedAttributes;
/**
* Get the attributes that should be masked.
*/
protected function maskables(): array
{
return ['email', 'phone', 'phone_number', 'ssn'];
}
}
Alternatively, use the $maskable property:
class User extends Model
{
use HasMaskedAttributes;
protected array $maskable = ['email', 'phone', 'ssn'];
}
Masking Behavior
Attributes are automatically masked on retrieval:
$user = User::find(1);
$user->email; // t**t@example.com
$user->phone; // 123****90
$user->ssn; // 123***789
Retrieving Original Values
Get the unmasked value using getOriginal():
$user->getOriginal('email'); // test@example.com
Or temporarily disable masking:
config(['attribute-mask.enabled' => false]);
$original = $user->email;
config(['attribute-mask.enabled' => true]);
Email Masking
Configure email masking behavior:
'email_masking' => [
'show_domain' => true, // Show domain part
'show_start' => 2, // Show first 2 characters
'show_end' => 2, // Show last 2 characters
],
Examples:
-
test@example.com→te**t@example.com -
john.doe@example.com→jo**oe@example.com
Phone Masking
Phone fields are auto-detected by column name. Configure visibility:
'phone_masking' => [
'show_start' => 3,
'show_end' => 2,
],
Examples:
-
1234567890→123****90 -
+1-555-123-4567→+15-***-67
Add custom phone patterns:
'phone_masking' => [
'patterns' => ['phone', 'mobile', 'whatsapp', 'fax'],
],
Text Masking
For other text attributes:
'text_masking' => [
'show_start' => 3,
'show_end' => 3,
],
Examples:
-
secretpassword→sec********rd -
API_KEY_12345→API***345
Custom Mask Character
Change the mask character globally:
'mask_char' => '#',
// Result: test@example.com → t##t@example.com
Disable Masking
Disable globally:
'enabled' => false,
Or temporarily:
config(['attribute-mask.enabled' => false]);
$user->email; // Returns unmasked value
Testing
composer test
If you like this package give a star on Github
Top comments (0)