The "Key" to securing Drupal 8

Session speaker(s): cteitzel, rlhawk

With the release of Drupal 8, developers were challenged to think beyond just the island of Drupal. Core incorporated new outside libraries, and now Drupal can be the source of content for external applications in a "headless" setup right out of the box.

With Drupal now being the hub that content and connections are flowing in and out of, how do we keep it all secure? The best way to protect data at rest is to encrypt it, and the best way to secure your external connections are to protect the credentials used to authenticate.

Enter the Encrypt (https://www.drupal.org/project/encrypt) and Key (https://www.drupal.org/project/key) modules. In Drupal 8, all roads lead to the key module as a centralized location to store secure external API credentials and the keys necessary to encrypting data in Drupal. And thanks to configuration entities in Drupal 8, leveraging these modules are a few simple lines of code.

In this session we'll cover the basics of encryption and key management and then dive into ways to leverage them in standard workflows to lock down the data and integrations Drupal manages. By the end, module users and maintainers should be empowered to secure their sites and modules better to help keep the community safe as we venture off our Drupal island into the open waters beyond!

https://2016.badcamp.net/session/key-securing-drupal-8

Drupal is a registered trademark of Dries Buytaert.