Tenant attribute encryption

To encrypt attributes on the Tenant model, store them in custom columns and cast the attributes to 'encrypted', or your custom encryption cast.

For example, we'll encrypt the tenant's database credentials – tenancy_db_username and tenancy_db_password. We need to create custom columns for these attributes, because by default, they are stored in the virtual data column.

  • Add custom columns to the tenants table (we recommend making the string size at least 512 characters, so the string is capable of containing the encrypted data):

use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;

class CreateTenantsTable extends Migration
     * Run the migrations.
     * @return  void
    public function up(): void
        Schema::create('tenants', function (Blueprint $table) {

            // Your custom columns
            $table->string('tenancy_db_username', 512);
            $table->string('tenancy_db_password', 512);

  • Define the custom columns on the Tenant model:
public static function getCustomColumns(): array
    return [
protected $casts = [
    'tenancy_db_username' => 'encrypted',
    'tenancy_db_password' => 'encrypted',