Skip to content
Snippets Groups Projects

Issue #3312553: Provide a way to limit encryption/decryption to specific entity bundles

Open Issue #3312553: Provide a way to limit encryption/decryption to specific entity bundles
issue/field_encrypt-3312553:3312553-document_api_in_readme into 3.0.x
Open Patrick Kenny requested to merge issue/field_encrypt-3312553:3312553-document_api_in_readme into 3.0.x
Compare
and
1 file
+ 16
5
Compare changes
  • Side-by-side
  • Inline
readme.md
+ 16
5
@@ -33,12 +33,13 @@ This module requires the following core and modules:
RECOMMENDED MODULES
-------------------
In order to encrypt configurable fields via the UI, Drupal core's Field UI
module must enabled.
module must be enabled.
This module requires at least one module that provides an encryption method. For
example:
* Sodium (https://www.drupal.org/project/sodium)
* Real AES (https://www.drupal.org/project/real_aes)
INSTALLATION
@@ -47,7 +48,7 @@ Install as you would normally install a contributed Drupal module. For example:
```shell script
composer require drupal/field_encrypt
```
See: https://www.drupal.org/node/1897420 for further information.
For more information: https://www.drupal.org/node/1897420
CONFIGURATION
@@ -126,7 +127,7 @@ Drupal and it's plugin system.
The main function of the ProcessEntities Service is to provide a way
to process entities.
In Drupal 8, it is recommended that all processing on fields be done at the
In Drupal 8+, it is recommended that all processing on fields be done at the
entity level. As such, the service primarily takes entities as inputs and
processes those fields in order to either decrypt encrypted fields or encrypt
fields before storage.
@@ -140,7 +141,7 @@ of the Encrypt module.
## Encrypt Field Storage Third Party Setting
In Drupal 8, the field storage settings are stored in configuration management
In Drupal 8+, the field storage settings are stored in configuration management
using a Configuration Entity. Extending configuration entities is done by
providing `Third Party Settings` and using the associated methods.
@@ -153,13 +154,23 @@ While this creates the setting, we need to modify the field storage form so that
we can set / change this value. We hook into the form system with
`hook_form_alter()` in our `.module` file.
## Preventing Encryption of Specific Entities
You may want to disallow encryption of specific entities. For example, you may
want to encrypt a field on one content type but not on another content type that
shares the same field.
We provide a hook to disallow encryption of arbitrary entities.
For details, see `field_encrypt.api.php` in the module root.
## Updating Stored Field Values
The field_encrypt module provides an EventSubscriber that reacts to
configuration changes (\Drupal\field_encrypt\EventSubscriber\ConfigSubscriber).
When the field storage config changes, we check if there was a change in the
field_encrypt settings. This way, when the setting is changed, we can queue
stored values to encrypt / decrypt to match the new setting. We use Drupal 8's
stored values to encrypt / decrypt to match the new setting. We use Drupal 8+'s
Queue API to queue this process. The actual encryption / decryption is handled
by resaving any entities and relying on the 'field_encrypt.process_entities'
service.