You are viewing the legacy version of AdonisJS. Visit for newer docs. This version will receive security patches until the end of 2021.

Encryption and Hashing

Table of Contents

AdonisJs comes with a couple of providers for hashing values and encrypting data. Hashing values are different from encryption since hashed values cannot be decrypted once encrypted that is not the case with encryption.

Encrypting Data

AdonisJs encryption provider makes use of Node.js crypto module to encrypt and decrypt values.

Make sure that appKey inside config/app.js is defined before you can encrypt values.


const Encryption = use('Encryption')
const encrypted = Encryption.encrypt('hello world')


const Encryption = use('Encryption')
const decrypted = Encryption.decrypt('encrypted value')

Hashing Values

AdonisJs hash provider makes use of bcrypt to hash values, which is a slow algorithm to hash/verify a value.

Bcrypt is commonly used to hash passwords, and since it is a slow algorithm, it makes it expensive(if not impossible) for attackers to crack a password. The slowness of the algorithm is based upon the number of rounds to be executed before returning the hashed value.

make(value, [rounds=10])

const Hash = use('Hash')
const safePassword = await Hash.make(request.input('password'))

// or
const safePassword = await Hash.make(request.input('password'), 20)

verify(value, hashedValue)

Since you cannot decrypt a hash, you can verify the user input against the previously hashed value.

const Hash = use('Hash')
const isSame = await Hash.verify('plain-value', 'hashed-value')

if (isSame) {
  // ...