Core APIs for integrating Drupal with Hashicorp Vault or the Linux Foundation OpenBao.
What is Vault for Drupal?
Vault for Drupal is a tool for securely accessing secrets using the Hashicorp Vault API.
A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates.
What is Hashicorp Vault or The Linux Foundation OpenBao?
Hashicorp Vault is a source available (BSL license) project.
The Linux Foundation OpenBao is an open source (MPL 2.0 license) fork of Hashicorp Vault.
Both provide secure storage of secrets outside of Drupal.
Hashicorp Vault
The Linux Foundation OpenBao
Why Vault/OpenBao with Drupal?
Unparalleled Feature-Set
Vault and OpenBao have a significant range of features for storing secrets in a secure manner:
Some features include:
- Encrypted key/value storage
- Encryption-as-a-service
- Automatic rotation of credentials
- Revocation of credentials
- Audit logging for compliance and intrusion detection
Free and Open Source Software
The Drupal community has produced some excellent tooling to abstract secret storage and encryption. However there are issues with the ecosystem of tools which leverage these abstractions to perform the cryptographic functions.
- Most of the existing integrations are for commercial services
- The FOSS options are difficult to operate in a secure manner
Modules Integrating with Vault for Drupal
Authentication Strategies
Authentication strategies allow Drupal to securely authenticate with the secret storage.
Secret Engines
Secret engines provide a method for storing/retrieving static/dynamic secrets from the storage.
Encrypt-as-a-Service
Provides methods where encryption/decryption are performed by the secrets storage without revealing the cryptographic keys. Storage of the encrypted content is outside of the secrets server.
Supporting organizations:
Ongoing maintenance and feature development
Project information
- Project categories: Security
259 sites report using this module- Created by nicksanta on , updated
Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.
