Encrypt key value

Created on 17 June 2018, over 6 years ago
Updated 7 March 2023, almost 2 years ago

Currently if i choose the provider "Configuration" the key value is stored as plain text. It would be safer if the value was stored encrypted using an Encrypt profile. Suggestion to have a submodule that requires encrypt module and allows the stored value to be encrypted.

✨ Feature request
Status

RTBC

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States pookmish

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Merge request !3Issue #2980072: Encrypt key value β†’ (Open) created by akalam
  • πŸ‡§πŸ‡ͺBelgium tijsdeboeck Antwerp πŸ‡§πŸ‡ͺ πŸ‡ͺπŸ‡Ί 🌎

    Any update? Would be great to have this merged... Thanks!

  • Status changed to Needs work almost 2 years ago
  • πŸ‡ΊπŸ‡ΈUnited States rlhawk Seattle, Washington, United States

    I like the idea of encrypting keys. Here are my thoughts:

    • The dependencies would be more cleanly defined if the functionality were provided in a separate project rather than a submodule. It would also limit security issues to that project and would not affect Key. We may even want to expand this functionality to allow key values provided by any key provider to be encrypted.
    • The encrypted key value should be base64-encoded, so that it can be better managed in configuration files, and more easily overridden (in settings.php, for instance).
    • The key value should be obfuscated when editing the key, so it is never displayed in plaintext in the UI after it's been entered.

    I will wait a few days for feedback and then create a new project for this feature and we can address the other bullet points in that project's issue queue.

  • πŸ‡ΊπŸ‡ΈUnited States rlhawk Seattle, Washington, United States

    @pookmish - I don't want to ignore your offer to create the project, so if you're still willing to do it, please go ahead. I think the name you've already given the module, "Key Encrypt", is a good name for it, especially if we end up using it for encrypting key values more broadly, not just in configuration.

  • Open in Jenkins β†’ Open on Drupal.org β†’
    Core: 9.5.x + Environment: PHP 8.0 & MySQL 5.7
    last update about 1 year ago
    8 pass
  • πŸ‡§πŸ‡ͺBelgium tijsdeboeck Antwerp πŸ‡§πŸ‡ͺ πŸ‡ͺπŸ‡Ί 🌎

    I've made a small tweak so the code works for D10.

  • πŸ‡¨πŸ‡¦Canada joseph.olstad

    MR doesn't explicitly support D11

  • Status changed to Needs review 5 months ago
  • πŸ‡§πŸ‡ͺBelgium tijsdeboeck Antwerp πŸ‡§πŸ‡ͺ πŸ‡ͺπŸ‡Ί 🌎

    @joseph.olstad, I've updated the core_version_requirement to match the parent module, this adds support for D11.

  • Status changed to Postponed about 2 months ago
  • πŸ‡―πŸ‡΅Japan ptmkenny

    This MR will not be accepted as described in #24. Instead of updating the MR, a new module should be created.

  • πŸ‡ΊπŸ‡ΈUnited States rlhawk Seattle, Washington, United States

    I did create a module called Key Encrypt β†’ , but it's currently empty. Let's bring this work over there.

Production build 0.71.5 2024