field_encrypt.module

<?php
/**
 * Contains module hooks for field_encrypt
 */

/**
 * Implements hook_form_alter.
 *
 * Add a field to the field storage configuration forms to allow setting the encryption state.
 */
function field_encrypt_form_alter(&$form, \Drupal\Core\Form\FormStateInterface $form_state, $form_id) {

  // If this is the add or edit form for field_storage, we call our function.
  if (in_array($form_id, ['field_storage_add_form', 'field_storage_config_edit_form'])) {

    // Check permissions
    $user = \Drupal::currentUser();

    if ($user->hasPermission('administer field encryption')) {
      /**
       * @var $field \Drupal\field\Entity\FieldStorageConfig
       */
      $field = $form_state->getFormObject()->getEntity();

      // Add our encrypted field to the form.
      $form['encrypt'] = [
        '#type' => 'checkbox',
        '#title' => t('Encrypted'),
        '#description' => t('Makes the field storage encrypted.'),
        '#default_value' => $field->getThirdPartySetting('field_encrypt', 'encrypt', FALSE),
      ];

      // We add a function to process the form when it is saved.
      $form['#entity_builders'][] = 'field_encrypt_form_field_add_form_builder';
    }
  }
}

/**
 * Update the field storage configuration to set the encryption state.
 *
 * @param $entity_type
 * @param \Drupal\field\Entity\FieldStorageConfig $fieldStorageConfig
 * @param $form
 * @param \Drupal\Core\Form\FormStateInterface $form_state
 */
function field_encrypt_form_field_add_form_builder($entity_type, \Drupal\field\Entity\FieldStorageConfig $fieldStorageConfig, &$form, \Drupal\Core\Form\FormStateInterface $form_state) {

  $form_encryption = $form_state->getValue('encrypt');
  $original_encryption = $fieldStorageConfig->getThirdPartySetting('field_encrypt', 'encrypt');

  // If the form has the value, we set it.
  if ($form_encryption === 1) {
    $fieldStorageConfig->setThirdPartySetting('field_encrypt', 'encrypt', $form_encryption);
  }
  else {
    // If there is no value, remove.
    $fieldStorageConfig->unsetThirdPartySetting('field_encrypt', 'encrypt');
  }

  if ($original_encryption !== $fieldStorageConfig->getThirdPartySetting('field_encrypt', 'encrypt')) {
    // We need to process the field to either encrypt or decrypt the stored fields if the setting was changed.
    $field_name = $fieldStorageConfig->get('field_name');
    $field_entity_type = $fieldStorageConfig->get('entity_type');

    /**
     * @var $field_encrypt_process_entities \Drupal\field_encrypt\FieldEncryptProcessEntities
     */
    $field_encrypt_process_entities = \Drupal::service('field_encrypt.process_entities');
    if ($form_encryption === 1) {
      $field_encrypt_process_entities->encrypt_stored_field($field_entity_type, $field_name);
    }
    elseif ($form_encryption === 0) {
      $field_encrypt_process_entities->decrypt_stored_field($field_entity_type, $field_name);
    }
  }
}

/**
 * Encrypt fields before they are saved.
 *
 * @param \Drupal\Core\Entity\EntityInterface $entity
 */
function field_encrypt_entity_presave(\Drupal\Core\Entity\EntityInterface $entity) {
  if (!($entity instanceof Drupal\Core\Entity\ContentEntityInterface)) {return;}
  /**
   * @var $field_encrypt_process_entities \Drupal\field_encrypt\FieldEncryptProcessEntities
   */
  $field_encrypt_process_entities = \Drupal::service('field_encrypt.process_entities');
  $field_encrypt_process_entities->encrypt_entity($entity);
}

/**
 * Decrypt fields before they are rendered.
 *
 * @param $entities
 * @param $entity_type
 */
function field_encrypt_entity_load($entities, $entity_type) {
  /**
   * @var $field_encrypt_process_entities \Drupal\field_encrypt\FieldEncryptProcessEntities
   */
  $field_encrypt_process_entities = \Drupal::service('field_encrypt.process_entities');

  foreach($entities as &$entity) {
    if (!($entity instanceof Drupal\Core\Entity\ContentEntityInterface)) {continue;}
    $field_encrypt_process_entities->decrypt_entity($entity);
  }
}