Protecting your intellectual property is a major concern when distributing Laravel applications to client servers. While PHP is an interpreted language, you can still protect your logic by encrypting your source code.

In this guide, we will use phpBolt and the Laravel Source Encrypter package to secure your application.

Prerequisites

  • A Laravel application (Version 8.x, 9.x, 10.x, or 11.x).
  • Access to the server where the code will run.
  • PHP 8.2 (or your specific version) installed.

Step 1: Install the phpBolt Extension

Before your server can read encrypted files, it needs the phpBolt "decoder."

  1. Download: Go to phpBolt.com and download the extension that matches your PHP version and OS.
  2. Locate Extension Dir: Find where your PHP extensions live by running:
  3. Bash

php -i | grep extension_dir

  1. Copy the File: Move the downloaded bolt.so (Linux) or bolt.dll (Windows) into that directory.
  2. Enable it: Create a configuration file (e.g., /etc/php/8.2/cli/conf.d/20-bolt.ini) and add:
  3. Ini, TOML
  • extension=bolt.so
  1. Verify: Run php -m | grep bolt. If you see "bolt," the decoder is active.

Step 2: Install Laravel Source Encrypter

To automate the encryption of your Laravel files, we use a dedicated wrapper for phpBolt.

  1. Install via Composer: Open your terminal in your project root and run:
  • composer require siavashbamshadnia/laravel-source-encrypter
  1. Publish Configuration (Optional): If you want to customize which folders are encrypted, publish the config:
  2. Bash
php artisan vendor:publish --provider="SiavashBamshadnia\LaravelSourceEncrypter\SourceEncrypterServiceProvider"

Step 3: Encrypting Your Code

The package provides a simple artisan command to handle the heavy lifting.

To encrypt your source code:

Bash

php artisan encrypt-source

What happens next?

  • The command will look through your directories (defined in the config).
  • It uses the phpBolt algorithm to scramble the PHP logic.
  • Your original readable code is replaced with encrypted strings that only a server with the bolt.so extension can interpret.

Pro Tip: Always run this on a copy of your project or as part of your deployment pipeline. Never encrypt your local development source code without a backup!

Step 4: Deployment and Running

Once encrypted, your files will look like a jumble of random characters. To run the app:

  • Upload the encrypted files to your production server.
  • Ensure the phpBolt extension is installed on the production server (see Step 1).
  • Restart your web service (php-fpm or apache).
  • Your Laravel app will now run normally, but the logic remains hidden from anyone browsing the files on the server.

Conclusion

By combining the power of phpBolt with the Laravel Source Encrypter package, you can confidently distribute your SaaS or enterprise software while keeping your source code private.

Resources: