Drupal is a registered trademark of Dries Buytaert
cms 2.1.3 Update released for Drupal core (2.1.3)! drupal 10.5.11 Update released for Drupal core (10.5.11)! drupal 11.3.11 Update released for Drupal core (11.3.11)! drupal 11.2.13 Update released for Drupal core (11.2.13)! drupal 10.6.10 Update released for Drupal core (10.6.10)! cms 2.1.2 Update released for Drupal core (2.1.2)! drupal 11.1.10 Update released for Drupal core (11.1.10)! drupal 10.5.10 Update released for Drupal core (10.5.10)! drupal 10.4.10 Update released for Drupal core (10.4.10)! drupal 11.2.12 Update released for Drupal core (11.2.12)! drupal 11.3.10 Update released for Drupal core (11.3.10)! drupal 10.6.9 Update released for Drupal core (10.6.9)! drupal 10.6.8 Update released for Drupal core (10.6.8)! drupal 11.3.9 Update released for Drupal core (11.3.9)! drupal 11.3.8 Update released for Drupal core (11.3.8)! drupal 11.3.7 Update released for Drupal core (11.3.7)! drupal 11.2.11 Update released for Drupal core (11.2.11)! drupal 10.6.7 Update released for Drupal core (10.6.7)! drupal 10.5.9 Update released for Drupal core (10.5.9)! cms 2.1.1 Update released for Drupal core (2.1.1)!
← All modules

pdv

No security coverage
View on drupal.org

Personal Data Vault (pdv) stores a user's files and structured data encrypted at rest and shares them with on-site workflows or external API consumers on a case-by-case basis, always under the user's own consent. Encryption keys are managed through the Key module under a three-tier key hierarchy, so a database dump or a stolen disk reveals nothing: bodies, metadata, and even on-disk filenames are encrypted or opaque.

What it does

  • Encryption at rest. Envelope encryption: a Master KEK wraps a per-user Subject KEK, which wraps a per-document key. New data is sealed with XChaCha20-Poly1305 (portable to every host); AES-256-GCM is supported as an explicit pinned-fleet choice.
  • Owner consent. A consent ceremony where the owner approves exactly what a consumer may read or write, with per-user and per-kind trust and an optional "require explicit consent" preference. Read and write are independent scopes: holding one never grants the other.
  • Files and structured records. Store uploaded files or typed records described by reusable kinds, with translatable labels shown to each user in their own language.
  • Cross-site access. A separate Drupal site can read and write a vault over an OAuth-gated HTTP API, addressing one or several vaults.
  • Webform integration. A vault file and record element prefills from and saves back to the vault, whether the vault is local or remote, and can be switched off per user or site-wide.
  • Operator and lifecycle tools. A vault subjects report, Master KEK rotation (re-wrap at scale via cron, Batch, or drush), GDPR-aligned crypto-erase purge, a bounded cron garbage collector, and per-consumer flood limiting on the cross-site surfaces.

Modules

  • pdv: the vault itself (required).
  • pdv_client_api, pdv_client, pdv_server_api: the cross-site contract, the consumer-side client, and the vault's HTTP surface.
  • pdv_webform: the Webform element and handler.
  • pdv_audit_trail, pdv_client_audit_trail: optional bridges into Audit Trail.

Requirements

Drupal 11; PHP 8.2 or newer with the sodium extension; Key and Consumers. The cross-site API submodule also needs Simple OAuth, and the Webform element needs Webform.

API stability

The supported PHP API is the documented interfaces, value types, events, and SCOPE constants; the concrete service classes are marked internal and final, so depend on the interfaces and the container bindings rather than on those classes. The cross-site HTTP contract is described by the OpenAPI spec shipped with the module. Full documentation (concepts and the key hierarchy, owner and consumer guides, cross-site setup, and an API reference) lives in the module's docs directory.

Activity

Total releases
2
First release
Jun 2026
Latest release
10 hours ago
Release cadence
0 days
Stability
0% stable

Releases

Version Type Release date
1.0.0-alpha1 Pre-release Jun 3, 2026
1.x-dev Dev Jun 3, 2026