Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.- I encrypted a field with a role profile.
- I deleted the role.
- I attempted to view the data.
Here's what happened:
TypeError: Argument 5 passed to Drupal\field_encrypt\FieldEncryptProcessEntities::processValue() must implement interface Drupal\encrypt\EncryptionProfileInterface, null given, called in /path/to/drupal/modules/contrib/field_encrypt/src/FieldEncryptProcessEntities.php on line 206 in Drupal\field_encrypt\FieldEncryptProcessEntities->processValue() (line 271 of modules/contrib/field_encrypt/src/FieldEncryptProcessEntities.php).
Backtrace:
Drupal\field_encrypt\FieldEncryptProcessEntities->processValue(Object, Object, 0, 'value', NULL, '[ENCRYPTED]', 'decrypt') (Line: 206)
Drupal\field_encrypt\FieldEncryptProcessEntities->processField(Object, Object, 'decrypt') (Line: 142)
Drupal\field_encrypt\FieldEncryptProcessEntities->processEntity(Object, 'decrypt') (Line: 118)
Drupal\field_encrypt\FieldEncryptProcessEntities->decryptEntity(Object) (Line: 196)
field_encrypt_entity_storage_load(Array, 'node') (Line: 388)
Drupal\Core\Entity\ContentEntityStorageBase->invokeStorageLoadHook(Array) (Line: 400)
Drupal\Core\Entity\Sql\SqlContentEntityStorage->doLoadMultiple(Array) (Line: 242)
Drupal\Core\Entity\EntityStorageBase->loadMultiple(Array) (Line: 188)
entity_load_multiple('node', Array) (Line: 1521)
Drupal\views\Plugin\views\query\Sql->loadEntities(Array) (Line: 1444)
Drupal\views\Plugin\views\query\Sql->execute(Object) (Line: 1412)
Drupal\views\ViewExecutable->execute(NULL) (Line: 1440)
Drupal\views\ViewExecutable->render() (Line: 170)
Drupal\views\Plugin\views\display\Page->execute() (Line: 1615)
Drupal\views\ViewExecutable->executeDisplay('page_1', Array) (Line: 78)
Drupal\views\Element\View::preRenderViewElement(Array)
call_user_func(Array, Array) (Line: 381)
Drupal\Core\Render\Renderer->doRender(Array, ) (Line: 195)
Drupal\Core\Render\Renderer->render(Array, ) (Line: 226)
Drupal\Core\Render\MainContent\HtmlRenderer->Drupal\Core\Render\MainContent\{closure}() (Line: 574)
Drupal\Core\Render\Renderer->executeInRenderContext(Object, Object) (Line: 227)
Drupal\Core\Render\MainContent\HtmlRenderer->prepare(Array, Object, Object) (Line: 117)
Drupal\Core\Render\MainContent\HtmlRenderer->renderResponse(Array, Object, Object) (Line: 90)
Drupal\Core\EventSubscriber\MainContentViewSubscriber->onViewRenderArray(Object, 'kernel.view', Object) (Line: 111)
Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch('kernel.view', Object) (Line: 144)
Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object, 1) (Line: 62)
Symfony\Component\HttpKernel\HttpKernel->handle(Object, 1, 1) (Line: 57)
Drupal\Core\StackMiddleware\Session->handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object, 1, 1) (Line: 98)
Drupal\page_cache\StackMiddleware\PageCache->pass(Object, 1, 1) (Line: 77)
Drupal\page_cache\StackMiddleware\PageCache->handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object, 1, 1) (Line: 50)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object, 1, 1) (Line: 23)
Stack\StackedHttpKernel->handle(Object, 1, 1) (Line: 628)
Drupal\Core\DrupalKernel->handle(Object) (Line: 19)
Comments
Comment #2
colanIf there's a way to make it work, one solution would be to prevent a role from being deleted if anything's encrypted with its profile. The data would need to be decrypted first.
Comment #3
talhaparacha commentedThe issue exists because deletion of a role triggers the deletion of corresponding Encryption Profile. And decrypting data with a non-existant Encryption Profile is not possible.
In reply to #2, I don't think there exists a feasible way to do that atm. Consider the scenario that a user encrypts data with an encryption profile using the Encrypt API i.e. Drupal::service('encryption')->encrypt($string, $encryption_profile);. But once the data gets encrypted, there does not seem any way to figure out which Encryption Profile was used for encrypting that data.
I think this issue should be moved to Encrypt module, because it is relevant to any Encryption Profile and not only to the ones generated by Pubkey Encrypt.
For now, we can add a warning message in the README of Pubkey Encrypt about this issue. Thoughts?
Comment #4
colanMakes sense to me.
Comment #5
talhaparacha commentedI've created an issue in Encrypt as per the above discussion #2795231: Stop deletion of an Encryption Profile if encrypted data present in the website.
Any suggestions for the warning notice to put in the module README?
Comment #6
pozzo-balbi commentedThe encountered error is more or less by design. The role holds the decryption key, hence deleting the role deletes the decryption key.