DRUPAL SECURITY: OUR JOURNEY IN ENCRYPTION KEY MANAGEMENT
To many developers, encryption can be a scary thing. Thankfully, with the folks at Townsend Security and a dedicated community of contributors, we’ve taken great strides in making modules to encrypt Drupal sites easy and approachable for anyone to use.
First we developed “Encrypt,” built to provide much needed two-way Drupal encryption. But users still needed to manage the keys created through the two-way encryption. And with that “Key” was born. Lastly, we knew that getting keys off your server and into a secure place would be the gold standard in key management, yet most solutions were cost prohibitive to the everyday content management system. That led us to the final step in our journey to build “Lockr” to provide true encryption key management in Drupal.
Let’s look at how each of these pieces work.
DRUPAL ENCRYPTION WITH THE ENCRYPT MODULE
Creating a two-way encryption module for Drupal was an important first step in securing Drupal. The Encrypt module page explains it best:
“There is no way to do two-way encryption in Drupal. There is also not a very standard way of performing encryption in PHP without extensions. This module aims to make it easy for other modules to keep data secured in an extensible way that does not inherently require any other dependencies.”
Encrypt provides an “application programming interface (API) for performing two-way data encryption. It allows modules to encrypt data such that it can be decrypted using the same key that was used to encrypt data…useful for storing sensitive information.”
Encryption offers one level of security, but encryption also means encryption keys. That led us to the development of Key.
KEY: THE DRUPAL MODULE FOR ENCRYPTION KEY MANAGEMENT
Encryption is only as good as the key used in the process, and where it’s kept. Key is a module specifically built for key management.
It is a pluggable module that routes key requests to secure key storage. This empowers site developers to have the ability to define how and where keys are stored. Having control over key storage location, means the possibility of a higher level of security. That is, if you store your keys in a secure place.
A NOTE ON KEY MANAGEMENT BEST PRACTICES
While Encrypt and Key work well together to make stronger key management than no key management at all, there’s one final piece of the puzzle to make it the strongest and most secure.
THE PROBLEM WITH TAPING KEYS TO THE DOOR
Out of the box Key offers the ability to store keys within your database, like in the settings.php file—so it can be tracked for change using change management—or in a file that can reside anywhere in the system (preferably outside the site root). While the settings.php file or a file outside the site root are two “stronger” options than storing the keys in the database, they are still doing the proverbial “taping the key to the front door” (or leaving your keys in the lock). That is, once someone has access to your server, they have the keys to your data.
You can encrypt your data but unless you have a separate place to store your keys, they co-exist in the same space. From PCI DSS to HIPAA to government regulations worldwide, they all state that proper key management is critical to secure data and their recommendations state that for a key to be properly managed, it must reside in an environment physically separate from the one that is using it.
NEFARIOUS ACCESS TO YOUR CODEBASE AND DATABASE IS INEVITABLE
We do all we can to keep the perimeter secure, but we have to expect people will still get in. And when they do get in, without proper key management you are handing over the keys to unlock it all. I recently sat in a meeting with a Fortune 50 company security team and was told that they plan on the entire codebase and database being compromised—with a near limitless budget on perimeter security, they still understood access to the codebase and database was inevitable.
And that’s where Lockr comes in, pairing the Encrypt and Key modules with Lockr, the average Drupal website can obtain next-level key management.
STORE YOUR ENCRYPTION KEYS WITH LOCKR
With Encrypt paired with Key you have encrypted all your data and centralized your keys, the only step left is to store them separately and securely. Lockr is proper key management made easy. Instead of taping your key to the door, you’re keeping it in a secure location.
Lockr provides a simple-to-use plugin for the Key module which allows for offsite storage in a secure hosted server environment, away from your codebase and database. We developed a way to secure the communication and storage of the key without anything more than an email address. Even better you can start for free, our pricing is based on the volume of requests to Lockr and number of keys stored—the first key and 5,000 requests are free, then we sell each additional key and 5,000 requests for $5. And if you are an enterprise, agency or service provider requiring a dedicated hosting environment or ability to service multiple clients, we have plans for you as well.
This post shared a lot of specifics on encryption key security best practices in Drupal, but the truth is Lockr is good for more than that. It is perfectly suited to manage encryption keys in WordPress as well as API keys. Keep an eye out for more information on that in a later post. Do you have any questions about Drupal encryption key management or just want to talk? You can always reach us at support@lockr.io or on Twitter @keylockr.