How to prevent decryption?

Created on 28 January 2023, almost 2 years ago

Hi,

On my dev site, I need to give full admin privileges to a developer, but I don't want him to be able to see the data stored in encrypted fields.

Is there a simple way to do this? I tried to simply delete the key file, or modify it, but it causes an error, even when the page isn't directly accessing the field content.

Drupal\encrypt\Exception\EncryptException: in Drupal\real_aes\Plugin\EncryptionMethod\RealAESEncryptionMethod->decrypt() (line 65 of modules/contrib/real_aes/src/Plugin/EncryptionMethod/RealAESEncryptionMethod.php).

πŸ’¬ Support request
Status

Active

Version

3.0

Component

Miscellaneous

Created by

πŸ‡¨πŸ‡¦Canada cemproduction

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @cemproduction
  • πŸ‡¬πŸ‡§United Kingdom alexpott πŸ‡ͺπŸ‡ΊπŸŒ

    @cemproduction the better way to do this is to only give the developer access to a database that does not have production data in. Drush has sanitise commands to do this but my preferred way to do this is to not have databases going anywhere and have developers install the site from configuration and use the default content module to provide any content that's needed.

  • πŸ‡·πŸ‡ΊRussia a.sinitsa

    I have the same problem too. Unfortunately, there is no way to prevent access to the prod server for developers and engineers

  • Use pubkey_encrpyt to encrypt the data, create a second role, e.g. "dev" and give full access to that role. Since the encrypted data is not tied to "dev" role, he can do all the maintenance without access to the sensitive data.

  • πŸ‡·πŸ‡ΊRussia a.sinitsa

    Thanks for the solution. But this option is not suitable because with ssh access you can easily log in as any user with any role.

  • πŸ‡―πŸ‡΅Japan ptmkenny

    With SSH access to the server, I don't think there's much you can do to restrict access to the key; even with something like the Lockr module β†’ , you can still poke around when you have command-line access.

    If developers must have production access, perhaps a next-best solution is to log all ssh sessions and audit what the developer is doing?

  • Status changed to Closed: duplicate 2 months ago
  • πŸ‡―πŸ‡΅Japan ptmkenny

    When πŸ› Fail gracefully when decrypt/encrypt fails Active is committed, you will be able to delete the key and decryption will fail but there will be no WSOD.

    So I'm going to close this in favor of πŸ› Fail gracefully when decrypt/encrypt fails Active .

Production build 0.71.5 2024