Custom Token
This module allows administrators to define dynamic tokens directly from the Drupal backend without writing code or touching configuration files for sensitive values.
How it works:
Two-store model:
- Token keys are saved to config - run drush config:export to commit them to the repository.
- Token values are saved to State API and are never exported - set them independently on each environment.
Token keys (machine names such as general_email, events_email) are stored in Drupal's Config API. These are exported via drush config:export and committed to the repository, so the token structure is consistent across all environments.
Token values (the actual email addresses or other environment-specific strings) are stored in Drupal's State API. State values are never exported and never committed to the repository.
Each environment - development, QA, production - sets its own values independently through the admin UI at /admin/config/system/custom_token_items.
Tokens are available site-wide as [custom_token:key] and can be used in:
- Webform email handler fields (To, CC, BCC, options mapping)
- Email subject lines and body text
- Any other token-enabled field in Drupal
Why this approach:
Hardcoding client email addresses in webform configuration means they end up in the repository and get deployed to QA - creating a risk of test submissions reaching real recipients. This module eliminates that risk by keeping sensitive values out of the codebase entirely.