diff --git a/scripts/migrate_address_enc.php b/scripts/migrate_address_enc.php
new file mode 100644
index 00000000..f494c4b5
--- /dev/null
+++ b/scripts/migrate_address_enc.php
@@ -0,0 +1,61 @@
+<?php
+/**
+ * Encrypt m_patientaddress description, email, phone (tanpa bidx - hemat disk)
+ * Jalankan via: php scripts/migrate_address_enc.php
+ * Aman dijalankan berulang: skip row yang sudah ada _enc-nya
+ */
+
+define('BASEPATH', true);
+foreach (file(__DIR__ . '/../.env', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) as $l) {
+    if (strpos(trim($l), '#') === 0) continue;
+    [$k, $v] = array_map('trim', explode('=', $l, 2));
+    if ($k !== '') $_ENV[$k] = $v;
+}
+
+require __DIR__ . '/../application/libraries/Ibl_encryptor.php';
+$enc = new Ibl_encryptor();
+
+include __DIR__ . '/../application/config/database.php';
+$cfg = $db['default'];
+$pdo = new PDO(
+    "mysql:host={$cfg['hostname']};dbname={$cfg['database']};charset=utf8",
+    $cfg['username'], $cfg['password'],
+    [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
+);
+
+echo "=== Encrypt m_patientaddress ===\n";
+$total = 0;
+$batch = 500;
+
+$stmt = $pdo->prepare(
+    "UPDATE m_patientaddress SET
+        M_PatientAddressDescription_enc = ?,
+        M_PatientAddressEmail_enc       = ?,
+        M_PatientAddressPhone_enc       = ?
+     WHERE M_PatientAddressID = ?"
+);
+
+while (true) {
+    $rows = $pdo->query(
+        "SELECT M_PatientAddressID, M_PatientAddressDescription,
+                M_PatientAddressEmail, M_PatientAddressPhone
+         FROM m_patientaddress
+         WHERE M_PatientAddressDescription_enc IS NULL
+         LIMIT {$batch}"
+    )->fetchAll(PDO::FETCH_ASSOC);
+
+    if (empty($rows)) break;
+
+    foreach ($rows as $row) {
+        $stmt->execute([
+            $enc->encrypt((string)($row['M_PatientAddressDescription'] ?? '')),
+            $enc->encrypt((string)($row['M_PatientAddressEmail']       ?? '')),
+            $enc->encrypt((string)($row['M_PatientAddressPhone']       ?? '')),
+            $row['M_PatientAddressID'],
+        ]);
+        $total++;
+    }
+    echo "  {$total} rows...\n";
+}
+
+echo "Selesai: {$total} rows\n";
diff --git a/scripts/migrate_nik_bidx.php b/scripts/migrate_nik_bidx.php
new file mode 100644
index 00000000..79fd5f07
--- /dev/null
+++ b/scripts/migrate_nik_bidx.php
@@ -0,0 +1,56 @@
+<?php
+/**
+ * Populate M_PatientNIK_bidx dari M_PatientNIK_enc yang sudah ada
+ * Jalankan via: php scripts/migrate_nik_bidx.php
+ * Aman dijalankan berulang: skip row yang sudah ada bidx-nya
+ */
+
+define('BASEPATH', true);
+foreach (file(__DIR__ . '/../.env', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) as $l) {
+    if (strpos(trim($l), '#') === 0) continue;
+    [$k, $v] = array_map('trim', explode('=', $l, 2));
+    if ($k !== '') $_ENV[$k] = $v;
+}
+
+require __DIR__ . '/../application/libraries/Ibl_encryptor.php';
+$enc = new Ibl_encryptor();
+
+include __DIR__ . '/../application/config/database.php';
+$cfg = $db['default'];
+$pdo = new PDO(
+    "mysql:host={$cfg['hostname']};dbname={$cfg['database']};charset=utf8",
+    $cfg['username'], $cfg['password'],
+    [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
+);
+
+echo "=== Populate M_PatientNIK_bidx ===\n";
+$total = 0;
+$batch = 500;
+
+$stmt = $pdo->prepare(
+    "UPDATE m_patient SET M_PatientNIK_bidx = ? WHERE M_PatientID = ?"
+);
+
+while (true) {
+    $rows = $pdo->query(
+        "SELECT M_PatientID, M_PatientNIK_enc
+         FROM m_patient
+         WHERE M_PatientNIK_enc IS NOT NULL
+           AND M_PatientNIK_bidx IS NULL
+         LIMIT {$batch}"
+    )->fetchAll(PDO::FETCH_ASSOC);
+
+    if (empty($rows)) break;
+
+    foreach ($rows as $row) {
+        $nik = $enc->decrypt($row['M_PatientNIK_enc']);
+        $stmt->execute([
+            $enc->search_bidx((string)($nik ?? '')),
+            $row['M_PatientID'],
+        ]);
+        $total++;
+    }
+    echo "  {$total} rows...\n";
+}
+
+echo "Selesai: {$total} rows\n";