Contrib.social

Add a secrets store to Drupal core

Open on Drupal.org β†’
Created on 19 January 2021, about 4 years ago
Updated 17 February 2023, almost 2 years ago

Problem/Motivation

Drupal doesn't encourage best practice when storing secrets. For example:

  • Database passwords are stored in plain text in settings.php
  • API keys often end up in configuration which is stored in plaintext in the database and the file system when exported

Other frameworks have secret management baked into the core capabilities. For example, https://symfony.com/blog/new-in-symfony-4-4-encrypted-secrets-management

There is work in contrib, notably https://www.drupal.org/project/key β†’

Proposed resolution

We could follow Symfony's lead and leverage the fact that PHP since 7.2 ships with lib-sodium support so generating a public private key pair and encrypting/decrypting information no longer requires PHP extensions.

The plan could be:

  1. Leverage the dotenv symfony component and allow settings and config overrides to be set from the environment or a .env file.
  2. Add a secrets vault that is also checked for overrides (after the environment)

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

🌱 Plan
Status

Active

Version

10.1 ✨

Component
BaseΒ  β†’

Last updated about 5 hours ago

Created by

πŸ‡¬πŸ‡§United Kingdom alexpott πŸ‡ͺπŸ‡ΊπŸŒ

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment almost 2 years ago β†’
    πŸ‡¬πŸ‡§United Kingdom mcdruid πŸ‡¬πŸ‡§πŸ‡ͺπŸ‡Ί

    Sorry to add little more than a +1 but this is definitely a problem; I've seen a variety of secrets of varying degrees of sensitivity end up in public repos as a result of being stored in config that ends up being exported and committed.

    API keys for things like the recaptcha module are a frequent flyer; linking an issue about that which was closed some time ago but remains valid IMHO.

  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States DamienMcKenna NH, USA

    encrypted storage variables data API.

    (adding more keywords to make this more findable)

  • Comment 4 months ago β†’
    solideogloria

    I agree that this would be incredibly useful. Accidently committing keys is a concern, and developers with less experience are more likely to assume that the default is secure, when it's not.

  • Comment 4 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States pwolanin

    There are interesting ideas from symfony about what to support. Their style of key rotation doesn't seem great for us where values are likely in the database an prod rotation happens only on the live site.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024