Security is a paramount feature of any modern CMS. Drupal has a well defined authentication and RBAC (role based access control) system limiting the scope of what users can or cannot do. Soon we will even have PBAC (policy based access control) in Drupal core. But what about securing other things, like API tokens, SSL certificates or secrets that are used to authenticate with external services that enable features that require authorization?
PubDate