Sensitive Form Fields

Encrypt selected form submission fields at rest. Decrypt on read for authorized users only.

ISAPP

1.0.0

February 17th, 2026

New Per-field sensitive toggle on Text and Textarea fieldtypes in the form blueprint editor
New Sensitive field values are encrypted at rest using Laravel's Crypt with an enc:v1: prefix — no double encryption
New Fields are encrypted automatically on form submission via a SubmissionSaving listener
New Decryption on read via a DecryptingSubmissionRepository decorator — covers find(), whereForm(), all()
New Decryption on read via a DecryptingSubmissionQueryBuilder decorator — covers the CP submissions list (which uses query())
New Compatible with both Stache (flat-file) and Eloquent driver
New Addon setting to enable or disable encryption globally
New Addon setting to configure the mask string shown to unauthorized users
New PRO mode: permission-based access control and masking; activated automatically when the PRO addon is installed
New FREE mode: all CP users see decrypted values; data always encrypted at rest
New Translations (en) for field toggle, permission label, and settings
New PRO: sensitive-fields:encrypt-existing — bulk-encrypts plaintext sensitive field values in all existing submissions (idempotent, supports --form filter and --dry-run)
New PRO: sensitive-fields:decrypt-existing — bulk-decrypts encrypted sensitive field values in all existing submissions (idempotent, supports --form filter and --dry-run)
New Statamic Editions support — declare "editions": ["free", "pro"] in composer.json; PRO mode detected via Addon::edition() (set via config/statamic.php or the Statamic Marketplace)