Secure the data of visitors on your Drupal website better

Open Source Drupal

Node Author
Joris Snoek
Business Dev

The Field encryption module ensures that the values stored in the Drupal database are encrypted. When the database ends up in the wrong hands, then nobody can read the data since this module has encrypted it. This way, you are prepared for a worse case scenario.

This contrib can come in handy if you are managing a Drupal website in which third party data is stored, such as a Drupal webshop, an online community or Ashley Madison ;-). The module is beta2,

This info was posted by Ted Bowman in the comments:

Nice, write up but I would probably put a stronger warning about this being a Beta module. For a lot modules it is probably not a big deal but the whole purpose this module is secure data. I posted the code and add some changes but didn't write the original as the project page.

It worked for the project I originally need it for. There some other maintainers but I am not sure if any of them feel confident enough to make a full release.


[2nd edit]
This info was posted by Rick Manelius in the comments:

An example of what Ted is getting at. Modules in beta technically don't get the same treatment by the Drupal Security team. So if someone filed an issue while this is in beta, it would move to the public issue queue immediately. That exposure may not be ideal for an early adopter, particularly for a security related module. See for more information.

[/2nd edit]

Installation and configuration

1) Installation

Download and install the following modules:

2) Configure the encryption

You can use the default Drupal encryption, which is supplied with the module.
But to secure things better we will add a new kind of encryption: AES encryption.

Go to /admin/config/system/encrypt and click ‘Add configuration’:

Add a name, for example ‘AES Test’. Select ‘Mcrypt AES 256’ under the tab ‘Encryption method settings’.

Key provider settings

This key is used to encrypt and decrypt data, so keep it as safe as possible. Also check this article for options.

To further improve the security, do not select here the standard Drupal Private Key but Drupal encrypt_drupal_variable_key variable.

To activate this option, you will first have to register the relevant variable (the key). Preferably in settings.php as is also indicated in the red text. I am placing the key at the bottom of settings.php:

$conf['encrypt_drupal_variable_key'] = 'u1xnyr5zFzGj92do6gZHL72IQjmF1Omqepmba7FwJNI';

Now I can activate the option:

Make AES default

Finally, I want to use this new encryption configuration by default. To do this, go back to /admin/config/system/encrypt and click ‘make default’:

3) Setting security per field

Whenever you are now configuring a field with a Drupal content type, you can choose to encrypt the field. For example the Drupal core field ‘Body’ with content type ‘Article’ /admin/structure/types/manage/page/fields/body:

Related modules

Webform encrypt
Encrypt fapi
Encrypted Files