#Using encrypted columns for database columns

I'm wondering how i can use columns that has encrypted data in the columns, in the show view i will check that athey user got access to view the encrypted data and in the edit form i will need to do the same check, i got a resource which has login details attached to it but only some users should have access to view or set it.
I've just installed filamentphp5 (or any version for that matter) in the hopes to speed up the developing of the admin panel in a pretty complex web app but right now i dont know much about filament but reading articles and watching youtube clips all the time but cant find any solution to the encryption problem.

So this is the first step im stuck at and hopefully someone can help me? Both in the create (should encrypt), edit(should decrypt in field but encrypt on save), view entity (should decrypt). Everything is related to the user has permissions to it. None of the info should be shown in the table list.

Have used casts() in the model and set the columns to 'encrypted', works fine outside filament.

Could it be handled by a policy? Not sure. Or I guess you could do a check in a ->getStateUsing() to show the correct value.

I would expect the cast to work

Does the cast respect authorization though?

Seems an odd use case to me though. Isn’t the entire point of encrypted data to never view it un-encrypted? 🤷

If the View/Edit is authorized and the data is not shown outside of it, that should be enough.

Right but it’s not about if the user can view or edit a record, the question was about the displayed value in a table column. I could be misreading it though.

Wouldn't the field roughly behave like a password? I guess if I was doing something like that the main unknown for me would be how the encrypted cast affects the state of the field

In the model:

    {
        return [
            'username' => 'encrypted',
            'password' => 'encrypted',
            'login_service' => 'encrypted',
            'status' => CityEnum::class
        ];
    }```
The cast-code work when used as regular in a livewire one component file.

The use case is that there are resources were user with certain roles have access to set the login details for the entity to another third party service but would need it to be encrypted if someone gets a hold of the DB we would want the data to be protected as much as possible (ofc if they get the key they will be able to devrypt but makes it one more layer they need to crack).

No not like a a password (salted with hash), it needs to be 2 way encryption so it can be decrypted for users with the correct access.

So the resource should show the information in show/create/edit for SOME users (usually i have checked this with

//assign data to properties} 
} else {
// Code that will display a message that they dont have access.
}```
This code is executed both in the logic code and in the blade file, but im very new to filament so dont really know how to approch it, my guess is as long as i can get the value decrypted i will find where to put the logic of what to show and not

Will not show the info in the table that list all resources,, you need to click to show the specific resource to see this details to not expose all that data in one view.
In edit form it should be displayed so it can be updataed.
In create .. hrm .. the input fields to enter the details could be shown so user with lesser access can enter the details but they still shoulnd't be able to view the info even if they created it themselves.
IF that creates more problems it works just as fine if only the user with viewing access is the only ones that can enter the details when creating the resource as well

Can everyone that can access the View/Edit page also see the secrets? Or do you need more fine grained control?

If you don’t: just use a policy and the rest should work.

No only some users (setting that up with spatie-permissions (permissions that are assigned to roles).

In my current admin that i started on before i wanted to test out filament cuz everyone talked so good about it and saving time and much of what i need to do in the dashboard are CRUD stuff then some special services i'll implement to talk with APIs/upload photos and display charts and statistics.
But i want a unified way for all the CRUD resources where i easily can change the design for the views in one or a few place and to not repeat more or less the same code over and over for all CRUD resouces

Right now i have a solution like this:

#[On('show-city-login')]
public function showCityLogin(): void
{
if (Auth::can('view city login')) {
$this->username = decrypt($this->city->username);
$this->password = decrypt($this->city->password);
$this->login_service = decrypt($this->city->login_service);
$this->dispatch($this->dispatchAction, id: $this->id);
}
}

oh decrypt() is around the value as well, was old code

In that case I would just clear the values in mutateDataBeforeFill() and hide the form fields when they don’t have permissions

but how do i get the data decrypted, when i view the resource in filament now i only get the encrypted value

tried stuff like:
TextEntry::make('login_service')->decrypt()
->placeholder('-'),

but didnt work

I thought the cast should handle that

yeah me too... idk why i need to encrypt and decrypt when i use casts

If the cast doesn’t work, you can use ->state(fn ($state) => decrypt($state)) and ->getStateUsing() for a form field.

since im new with livewire as well (have been away from programming for like 6 years so trying to catch up for lost time but so much new things to learn so going slow)

Is it maybe something that could be done in Pagies/ViewCity.php for example and grab and edit the info there?

AI said this, gonna try:

    ->label('Decrypted Key')
    ->getStateUsing(function (Model $record) {
        // Use try-catch in case decryption fails
        try {
            return Crypt::decrypt($record->secret_data);
        } catch (\Exception $e) {
            return 'Decryption failed';
        }
    })```'

I thought you don't need tables?

#1479659305773830154 message
👆🏽

For the edit form:
TextInput::make('login_service')->formatStateUsing(fn ($record) => $record->login_service ? Crypt::decrypt($record->login_service) : null),

For the view page:
TextEntry::make('login_service')
->getStateUsing(fn ($record) => $record->login_service ? Crypt::decrypt($record->login_service) : null),

seems to work

no not in the table but when viewing the details of the resouce

Now it all seems to work. now i just need to make sure all the contracts etc work so people can mess around in the ccode and get the data without the specific permissions.

Thanks a lot for the help @river topaz and others that commented!