Mailcoach supports encrypting personal information of subscribers through CipherSweet. You can enable this in the config file:
// config/mailcoach.php
'encryption' => [
'enabled' => true,
'key' => env('MAILCOACH_ENCRYPTION_KEY', env('APP_KEY')),
]
By default the APP_KEY is used, but you can set a separate MAILCOACH_ENCRYPTION_KEY environment variable.
To generate a new key, you can use the following command:
php artisan ciphersweet:generate-key
After you've changed the configuration, publish the CipherSweet migration and migrate the database:
php artisan vendor:publish --tag=ciphersweet-migrations
php artisan migrate
This will create the blind_indexes table that's needed to support searching and retrieving the subscribers.
Next, change the email, first_name and last_name columns to be text instead of string
Schema::table('mailcoach_subscribers', function (Blueprint $table): void {
$table->text('email')->change();
$table->text('first_name')->nullable()->change();
$table->text('last_name')->nullable()->change();
});
As a last step, you'll need to encrypt any existing subscribers, you can do this by calling the following Artisan command:
php artisan ciphersweet:encrypt \\Spatie\\Mailcoach\\Domain\\Audience\\Models\\Subscriber <your-encryption-key>
This can take a while, as encryption is a resource-intensive operation, the command can be restarted at any time and will only encrypt the rows that still need to be encrypted.