- User interface
permet le stockage de clé d'api ou d'encryption sécurisé par fichier ou variable d'environnement
Covered by Drupal's security advisory policy
Key provides the ability to improve Drupal security by managing sensitive keys (such as API and encryption keys). It gives site administrators the ability to define how and where keys are stored, which allows the option of a high level of security and allows sites to meet regulatory or compliance requirements.
Examples of the types of keys that could be managed with Key are:
- An API key for connecting to an external service, such as PayPal, MailChimp, Authorize.net, UPS, an SMTP mail server, or Amazon Web Services
- A key used for encrypting data using the encrypt module
Key provides an administration page where users with the "administer keys" permission can add, edit, and delete keys.
By using key, administrators can choose to store their keys in the following locations:
- Configuration (development only): The Configuration key provider stores the key in Drupal’s database
- File (Better): The File key provider allows a key to be stored in a file, preferably outside of the webroot where it cannot be publicly accessed.
- Environment (Better): The Environment key provider allows a key to be stored in an environmental variable.
- External (Best): Use a key management solution external to Drupal. This allows your site to meet security best practices and compliance requirements. Lockr and Townsend Security’s Alliance Key Manager are currently two options with existing modules, however Key is extensible for any key storage provider.
A full list of modules that extend Key for various storage methods can be found here .
Generating a Random Encryption Key
An easy way to generate a random encryption key in a Unix environment is to enter the following command (changing the path and file name to suit your needs):
dd if=/dev/urandom bs=32 count=1 > /path/to/secret.key
This will create a binary file with a random 256-bit key. For a 128-bit key, change the 32 to 16 in the command.
The Drupal 8 version of Key provides the ability to override any configuration value with a key. This allows site administrators to store configuration values in a more secure method than in the database or in settings.php.
Key configuration overrides can be created at /admin/config/development/configuration/key-overrides/add.
- Enter a name for the override
- Select the specific configuration item you wish to override
- Select an existing key that provides the value to be used; if the key doesn't exist, you'll need to create it
- Check "Clear overridden value" to clear any existing value for the overridden configuration item; this is important to make sure potentially sensitive data is removed from the configuration; if for some reason, you don't want to clear the value, uncheck this field
- Click "Save"
Toutes les informations proviennent du site drupal.org