sanitize_placeholder

Sanitize Placeholder tightens and enriches sanitized databases so they are safer and more useful for development, demos, and testing. It runs automatically after drush sql:sanitize, acting only on the fields that Drush actually sanitized and that match your configured rules. For anything else, you can run the provided Drush command on demand.

What it does

• Username cleanup: Shortens and normalizes overlong/invalid usernames created during sanitization (removes +, @, etc.; dots are normalized to underscores).
• Per-field fake data: Replaces configured fields with realistic placeholders (first name, last name, institution, domain, patterns, and more).
• Deterministic by default: The same entity receives consistent values across runs (ideal for repeatable tests).
• Max-length aware: Generated values are trimmed to each field’s configured length (and username cap when applicable).
• Extensible strategies: Pluggable strategy system. The sanitize_placeholder_extra submodule provides optional country-specific examples you can extend.

How it runs

• Automatic hook: Executes automatically after drush sql:sanitize and targets only fields Drush sanitized that also match your rules. It will also run after drush sql:sync --sanitize when that flow invokes sql:sanitize.
• On-demand Drush:
  • drush sp:fake (alias sp:fake-fields) — apply configured field replacement strategies. Supports --entity, --bundle, --field, --scope=all|empty|sanitized, --limit, and --seed.

Configuration

1. Go to Configuration → Development → Sanitize Placeholder (/admin/config/development/sanitize-placeholder).
2. Add rules for the fields you want to populate (pick entity, bundle, field, and strategy). You can also edit the username max length.
3. Scope (CLI):
   • Empty – only fill empty values.
   • Sanitized or empty – fill empty values and values that “look sanitized” (e.g. lorem ipsum, redacted).
   • All – replace regardless of the current value.

   Note: the automatic post-hook after sql:sanitize always runs with scope sanitized; the options above apply when you run drush sp:fake yourself.

4. Optionally enable deterministic mode and set a locale (see Faker section).
5. Save configuration. Run drush sql:sanitize to apply. You can also run drush sp:fake on demand.

Installation

composer require drupal/sanitize_placeholder drush en sanitize_placeholder -y # Optional strategies/examples: drush en sanitize_placeholder_extra -y 

Faker library (optional)

The module works with or without Faker:

• Without Faker: a lightweight, built-in generator covers the shipped strategies (first name, last name, username, domain, institution, patterns, and the extra examples). The “Faker locale” setting is ignored and the field is disabled in the UI.
• With Faker: you get a richer name/address vocabulary and proper locale support for strategies that use it (e.g. names/domains can better reflect fr_FR, de_DE, etc.). Determinism still applies when enabled or when you pass --seed.

To enable Faker-based generation, install it via Composer:

composer require fakerphp/faker

Use cases

• Create a safe dev database with believable data for UX, search, and demos.
• Keep usernames valid and short after sanitization (with dot-to-underscore normalization).
• Produce repeatable fixtures for Behat/Kernel tests with deterministic generation.

Compatibility & requirements

• Drupal 10/11 compatible.
• Faker is optional; install it only if you want locale-rich datasets.

Extensibility

• Provide your own strategies in custom code (implement Drupal\sanitize_placeholder\Strategy\StrategyInterface, tag the service, and it appears in the form). See the project README.md for a short example.
• Enable sanitize_placeholder_extra for country-specific examples and as a reference for building your own.

Security & scope

This module is designed for non-production environments and sanitized copies of production data. Always review your field rules and scope settings before applying replacements.