This project is not covered by Drupal’s security advisory policy.

Sanitize is a Drush-integrated framework for performing sanitization and access-controlled distribution of Drupal databases. In addition to a stock sanitization procedure provided, developers are welcome and encouraged to write their own sanitization procedures for their own sites. For instance, Open Atrium
users may opt to sanitize private and unpublished spaces and related content before distributing their database to others.

What Does Sanitize... Sanitize?

As a framework, Sanitize can potentially perform any sanitization tasks achievable through PHP and MySQL, with the support of Drush and a full Drupal bootstrap.

Sanitize ships with SanitizeDefaultProcedure, which truncates the following (for which the relevant modules are enabled):

  • Session Data
  • Database Logs
  • Messages
  • Poll Results
  • Webform Submissions

Additionally, the following keys used by Drupal are rotated—once during sanitization, and once after (to prevent the database from using distributed keys).

  • drupal_private_key
  • cron_key
  • mimemail_key

Finally, the uid:1 password hash is reset to "admin" by default in the exported SQL, but not in the current database (again, to prevent exposing the site to defacement). It is possible to specify a different password using the --admin-pass flag for drush san.


drush sanls Provide a list of available sanitization procedures.

drush san exportname SanitizeDefaultProcedure Sanitize the current database using SanitizeDefaultProcedure (packaged with this module), and save it as a private file named exportname.sql, available at /sanitize/downloads to anyone with the appropriate permissions.

Similar Modules and Commands

The sql-sanitize Drush command is similar in spirit, and preferable for the scope of operations it covers when no additional sanitization or distribution is required. Because sanitization procedures are run within the context of Drush, it is possible to invoke these and other Drush commands within a sanitization procedure, as well as those that require a full Drupal bootstrap. This module also provides a plugin-based, hierarchical means of managing sanitization procedures used by multiple sites.


Development of Sanitize is sponsored by Stevens Institute of Technology.

Project Information