Key provides the ability to improve Drupal security by managing sensitive keys (such as API and encryption keys). It gives site administrators the ability to define how and where keys are stored, which allows the option of a high level of security and allows sites to meet regulatory or compliance requirements.
Examples of the types of keys that could be managed with Key are:
- An API key for connecting to an external service, such as PayPal, MailChimp, Authorize.net, UPS, an SMTP mail server, or Amazon Web Services
- A key used for encrypting data using the encrypt module
Key provides an administration page where users with the "administer keys" permission can add, edit, and delete keys.
By using key, administrators can choose to store their keys in the following locations:
- Configuration (development only): The configuration key provider stores the key in Drupal’s database
- File (Better): The file key provider allows a key to be stored in a file, preferably outside of the webroot where it cannot be publicly accessed.
- External (Best): Use a key management solution external to Drupal. This allows your site to meet security best practices and compliance requirements. Lockr and Townsend Security’s Alliance Key Manager are currently two options with existing modules, however Key is extensible for any key storage provider.
- Maintenance status: Actively maintained
- Development status: Under active development
- Module categories: Security
- Reported installs: 1,488 sites currently report using this module. View usage statistics.
- Downloads: 28,938
- Automated tests: Enabled
- Last modified: February 22, 2017
- Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.