Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). UI Patterns (SDC in Drupal UI) 2.0.18 Minor update available for module ui_patterns (2.0.18). Domain Path 2.0.1 Minor update available for module domain_path (2.0.1). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

Custom Token

No security coverage
View on drupal.org

This module allows administrators to define dynamic tokens directly from the Drupal backend without writing code or touching configuration files for sensitive values.

How it works:

Two-store model:

  1. Token keys are saved to config - run drush config:export to commit them to the repository.
  2. Token values are saved to State API and are never exported - set them independently on each environment.

Token keys (machine names such as general_email, events_email) are stored in Drupal's Config API. These are exported via drush config:export and committed to the repository, so the token structure is consistent across all environments.

Token values (the actual email addresses or other environment-specific strings) are stored in Drupal's State API. State values are never exported and never committed to the repository.
Each environment - development, QA, production - sets its own values independently through the admin UI at /admin/config/system/custom_token_items.

Tokens are available site-wide as [custom_token:key] and can be used in:

  • Webform email handler fields (To, CC, BCC, options mapping)
  • Email subject lines and body text
  • Any other token-enabled field in Drupal

Why this approach:

Hardcoding client email addresses in webform configuration means they end up in the repository and get deployed to QA - creating a risk of test submissions reaching real recipients. This module eliminates that risk by keeping sensitive values out of the codebase entirely.

Activity

Total releases
2
First release
Jul 2026
Latest release
1 hour ago
Releases (12 mo)
2 ▲ from 0
Maintenance
Active

Releases

Version Type Release date
1.0.0 Stable Jul 17, 2026
1.0.x-dev Dev Jul 17, 2026