Encryption & Key Management for Drupal

Encryption & Key Management for Drupal

Key Connection for Drupal Module

Drupal developers who need to protect sensitive data know that storing their encryption keys within the content management system (CMS) puts their data at risk for a breach.  With Key Connection for Drupal, administrators are now able to keep their encryption keys secure by storing them remotely and only using them when the encryption/decryption happens.

Your Users Expect Their Data Is Protected
Data breaches are not a matter of if, but when.  When it comes to protecting sensitive information and meeting security compliance regulations, we don’t believe anything should get in the way of offering your users the best data security tools available.


Protect Private API Keys
Proper key management is essential to securing critical API connections.  Private API keys are used very widely within Drupal by services like Amazon AWS, Authorize.net, PayPal, and MailChimp and stored in the clear.  If your site gets hacked, so does access to the services that you have integrated into your site.  

Solving the Drupal Encryption Problem
Within the Drupal CMS there is no secure method for managing your encryption keys without expensive, custom solutions.  Users who are currently encrypting sensitive data are storing the encryption key locally in either a file protected on the server, in the database, or in Drupal’s settings file.  None of these methods meet data security best practices or compliance regulations such as PCI DSS, HIPAA/HITECH, state privacy laws, etc.


Who Needs Encryption and Key Management?
Today almost every business must adhere to data security regulations set forth by industry standards groups.  Anyone who is using Drupal to collect and store sensitive data (personally identifiable information, work/school applications, e-commerce checkout process, etc.) needs to make sure this data is held safely.  Key Connection for Drupal keeps the encryption keys on a separate server from the data they protect, allowing administrators to line up with compliance and security best practices.


Encryption and Key Management Simplified
Complexity is usually the largest concern in integrating encryption services into any environment such as Drupal.  The Key Connection module provides a simple configuration UI to get connected quickly and effortlessly.  By installing the Key Connection module into Drupal, administrators can easily encrypt sensitive data and manage the encryption keys with a FIPS 140-2 compliant encryption key manager.


NIST Compliant Encryption
In addition to retrieving keys, the Key Connection module creates a NIST compliant encryption option by using on-board encryption on the Alliance Key Manager.  For organizations that need to meet compliance requirements, NIST compliant AES encryption and key management means you are provably meeting industry standards and best practices.


An Affordable Encryption Key Manager
With subscription and perpetual licensed options for the Alliance Key Manager server, we have an encryption key management solution to fit your budget.  Additionally, Alliance Key Manager is offered as physical hardware security module (HSM) in your data center, as a cloud HSM, or as a virtual appliance in the cloud.


Module Integration
Townsend Security recognizes the strength of community standards, which is why the Key Connection module is built upon Drupal’s Encrypt API. As an extension to this API, the Key Connection module provides Encrypt (and any other module in Drupal) with a universal ability to securely retrieve and use remote encryption keys.


Additionally, Townsend Security is helping the community by helping sponsor a suite of modules that integrate with Key Connection and include: KeyEncrypt UserEncrypt Form APIEncrypted FilesField EncryptionEncrypt Password, and Webform Encrypt.


Encryption & Key Management in Drupal


Townsend Security has partnered with Cellar Door Media as the premier provider of encryption key management integration within Drupal. For more information on how they can help integrate encryption and key management into your next project, contact either Townsend Security or Cellar Door Media.

Certifications and Validations

NIST AES compliance (ECB and CBC modes of encryption)

NIST SHA validation

NIST RNG validation (x9.31)

NIST HMAC validation

NIST FIPS 140-2, level 1


TLS authenticated secure communications

GUI console for key management

Secure web application for server management

Key Sizes

AES 128, 192, 256 bit symmetric keys

RSA 1024,2048, 3072, 4096 bit asymmetric keys

Solution Briefs

Meeting Data Privacy Compliance within Drupal

This document is designed for Drupal administrators as a guide to encryption and key management requirements and recommendations put forth by the various data privacy compliance regulations. 


Modules for Securing Data in Drupal

Townsend Security is helping the community by sponsoring a suite of modules that allow developers to meet compliance (PCI DSS, HIPAA, FISMA, etc.), manage risk of a data breach, as well as protect sensitive API keys.