Hi I'm creating a Drupal 9 custom module, and the module uses a 3rd party API key that the site admin will obtain and enter on the settings page. What's the best practice for storing this data? Is it as a custom configuration entity item? The API key is necessary for the module but that doesn't seem quite right since its not really config. Thank you!
Asked
Active
Viewed 196 times
1 Answers
1
The best way to approach this is by using the Key module.
It allows you to store your keys in config or files. See also the official Drupal documentation on the module at https://www.drupal.org/docs/contributed-modules/key. Quoted from the project page:
Key provides the ability to improve Drupal security by managing sensitive keys (such as API and encryption keys). It gives site administrators the ability to define how and where keys are stored, which allows the option of a high level of security and allows sites to meet regulatory or compliance requirements.
baikho
- 5,203
- 4
- 40
- 47