Acuity Encrypt 1.x-0.5.0 — initial beta
Field-level AES-256-GCM encryption for Backdrop, using PHP's built-in OpenSSL - no external libraries or key-management services required.
Highlights
- Encrypt any text field by selecting a widget - works on standard text, text_long, and text_with_summary fields. No custom field type, no data migration; switch an existing field's widget to Acuity Encrypt and it encrypts on next save.
- Permission-gated, fail-closed decryption - only users with view encrypted fields see plaintext; every other path (core formatters, Views raw output, tokens, search indexing) sees ciphertext. Display formatters render a mask, with an optional "hide completely" mode.
- Click-to-reveal formatters for authorised viewers, with no plaintext left in the page DOM or form cache for anyone without permission.
- Multi-slot key management - keys stored in settings.php, the private filesystem, or an external path (never in config or the database), each slot independent, with a live encrypted-entry count and status per slot.
- Hard key rotation - Batch API re-encryption across data and revision tables, with a completion recount that tells you when an old slot is safe to retire.
- Public API (acuity_encrypt_encrypt_with_key() / _decrypt_with_key() and slot helpers) for other modules.
- Storage-overflow guard - validates and caps plaintext length so encryption can't overflow a field's column and silently corrupt data.
Status: Beta. Core encryption, key management, and rotation are built and verified against a live site (32-assertion CLI harness). Please - back up your keys - data encrypted under a lost key is unrecoverable by design.
Requirements: Backdrop 1.x, PHP 8.0+.