Every Drupal application has its secrets - and I don’t mean that dodgy code you wrote during an all-nighter. Database credentials, API keys, personally identifiable information - a secret is any data which could cause harm to your organisation if exposed.
This session will introduce the concepts of secrets and secret management, before moving onto practical examples of securely storing secrets in Drupal.
Video
Unfortunately the recording doesn’t include the slides, see below if you would like to reference them.
Slides
Resources
Recipe 1 - Store API Tokens in Lockr
Check out the full tutorial I wrote over at PreviousNext’s blog.
- Services
- Modules
Recipe 2 - Encrypt Fields with KMS
- Requirements
- Amazon Web Services account
- KMS Key
- IAM Credentials that have
kms:decryptandkms:encryptpermissions.
- Modules
- Key - Ensure you use v1.5 or later
- Encrypt
- Field Encrypt
- Encrypt KMS
Recipe 3 - Dynamic DB Credentials with HashiCorp Vault
settings.php.ctmpl Template
<?php
{{ with secret "database/creds/drupal" }}
$databases['default']['default'] = [
'driver' => 'mysql',
'host' => '127.0.0.1',
'database' => 'local',
'namespace' => 'Drupal\\Core\\Database\\Driver\\mysql',
'driver' => 'mysql',
// Dynamic credentials generated by Vault - {{ timestamp }}
'username' => '{{ .Data.username }}',
'password' => '{{ .Data.password }}',
];
{{ end }}
Consul Template Command
consul-template -template consul-template/settings.php.ctmpl:app/sites/default/vault.settings.php
