Description of the need
We have a handful of contrib projects that store API Keys or other sensitive data. Some of these store the data in settings, some in state, and some in config.
I think the safest way to handle secure data would be to store it in the database (via the state system) but since these values often need to be deployed across environments, it would also be nice to be able to define them in settings.php.
Proposed solution
To make lives easier for our contributors, we should provide a FormAPI element that could be used on a normal admin form, that would check both of these two locations for a value, with settings overriding the database if it was provided. When the form is saved, the newly-provided value gets entered into the state system (if it was not initially pulled form settings).
To make lives easier on our site architects/administrators, the Form element should appear like a normal text field, but automatically provide description text explaining that the value within will not be saved in configuration, but that it can be included in the settings.php file (and maybe provide the example code right there, as well).
The FormAPI element should also have a property #hidden_value (or similar) that would give the module developer a choice of whether the value stored should be revealed to the site architect/administrator or not. When this property is set to TRUE placeholder text should be added automatically that reads Value hidden for safety (or similar).
Alternatives that have been considered
TBD
Additional information
TBD
Draft of feature description for Press Release (1 paragraph at most)
Backdrop now includes a new FormAPI element that will help administrators keep sensitive data safe. This element will not save its value in configuration files, which are often committed into Version Control Systems, but instead will store it in the more secure state system (the database), or it can pull the value from settings.php.
Recent comments
I don't have leaflet, but I have experienced random disappearances of the bar over the years. I quit spending time on it, but not before adjusting the css spacing, which did reduce the number of...
Disappearing administration bar. Is this a Leaflet or a Backdrop bug?
OK, @izmeez, well I have just created a Virtual Machine running Ubuntu 24 and installed the same Backdrop Site as is on the Laptop and It is working fine, so there must be something odd about...
Write Permission Problems on files, ../private and /tmp on my Laptop
Nope, SELinux is not installed. I am running Ubuntu with the KDE Plasma Desktop. Aparmour is enabled by default on both machines I have enabled another site on the Laptop and am...
Write Permission Problems on files, ../private and /tmp on my Laptop