Drupal is a registered trademark of Dries Buytaert
Search API Solr 4.3.12 Minor update available for module search_api_solr (4.3.12). Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). IntelligenceBank DAM Connector 4.1.4 Minor update available for module intelligencebank (4.1.4). IntelligenceBank DAM Connector 5.2.3 Minor update available for module intelligencebank (5.2.3). Soccerbet 1.1.14 Minor update available for module soccerbet (1.1.14). Mautic Audiences 1.0.0 Initial release available for module mautic_audiences (1.0.0)! Commerce Order Amend 1.0.0 Initial release available for module commerce_order_amend (1.0.0)! AI Provider moonshot (Kimi) 1.2.1 Minor update available for module ai_provider_moonshot (1.2.1). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Content Translation Redirect Module content_translation_redirect crossed 1,000 active installs.

Personal Data Vault (pdv) securely stores and encrypts user files and structured data. It allows users to grant explicit consent for sharing this data with internal workflows or external applications, with strong encryption protecting data even if the database is compromised.

Personal Data Vault (pdv) stores a user's files and structured data encrypted at rest and shares them with on-site workflows or external API consumers on a case-by-case basis, always under the user's own consent. Encryption keys are managed through the Key module under a three-tier key hierarchy, so a database dump or a stolen disk reveals nothing: bodies, metadata, and even on-disk filenames are encrypted or opaque.

What it does

  • Encryption at rest. Envelope encryption: a Master KEK wraps a per-user Subject KEK, which wraps a per-document key. New data is sealed with XChaCha20-Poly1305 (portable to every host); AES-256-GCM is supported as an explicit pinned-fleet choice. The Master KEK can also live in OpenBao or HashiCorp Vault (Transit), so the root key never reaches Drupal.
  • Owner consent. A consent ceremony where the owner approves exactly what a consumer may read or write, with per-user and per-kind trust and an optional "require explicit consent" preference. Read and write are independent scopes: holding one never grants the other.
  • Files and structured records. Store uploaded files or typed records described by reusable kinds, with translatable labels shown to each user in their own language.
  • Cross-site access. A separate Drupal site can read and write a vault over an OAuth-gated HTTP API, addressing one or several vaults.
  • Webform integration. A vault file and record element prefills from and saves back to the vault, whether the vault is local or remote, and can be switched off per user or site-wide.
  • Operator and lifecycle tools. A vault subjects report, Master KEK rotation (re-wrap at scale via cron, Batch, or drush), GDPR-aligned crypto-erase purge, a bounded cron garbage collector, and per-consumer flood limiting on the cross-site surfaces.

Modules

  • pdv: the vault itself (required).
  • pdv_vault: hold the Master KEK in OpenBao or HashiCorp Vault (Transit).
  • pdv_client_api, pdv_client, pdv_server_api: the cross-site contract, the consumer-side client, and the vault's HTTP surface.
  • pdv_webform: the Webform element and handler.
  • pdv_audit_trail, pdv_client_audit_trail: optional bridges into Audit Trail.
  • pdv_mail, pdv_message, pdv_eca: deliver vault notifications, as fixed email, editable Message templates, or no-code ECA rules respectively.
  • pdv_test_console: a development-only consumer simulator for the sharing flows.

Requirements

Drupal 11; PHP 8.2 or newer with the sodium extension; Key and Consumers. The cross-site API submodule also needs Simple OAuth, and the Webform element needs Webform.

API stability

The supported PHP API is the documented interfaces, value types, events, and SCOPE constants; the concrete service classes are marked internal and final, so depend on the interfaces and the container bindings rather than on those classes. The cross-site HTTP contract is described by the OpenAPI spec shipped with the module. Full documentation (concepts and the key hierarchy, owner and consumer guides, cross-site setup, and an API reference) lives in the module's docs directory and is available here.

Activity

Total releases
8
First release
Jun 2026
Latest release
2 weeks ago
Releases (12 mo)
8 ▲ from 0
Maintenance
Active

Release Timeline

Releases

Version Type Release date
1.0.0-alpha7 Pre-release Jul 2, 2026
1.0.0-alpha6 Pre-release Jun 20, 2026
1.0.0-alpha5 Pre-release Jun 11, 2026
1.0.0-alpha4 Pre-release Jun 10, 2026
1.0.0-alpha3 Pre-release Jun 7, 2026
1.0.0-alpha2 Pre-release Jun 3, 2026
1.0.0-alpha1 Pre-release Jun 3, 2026
1.x-dev Dev Jun 3, 2026