Still on Drupal 7? Security support for Drupal 7 ended on 5 January 2025. Please visit our Drupal 7 End of Life resources page to review all of your options.This project is not covered by Drupal’s security advisory policy.
Provides the ability for the TFA module to support TOTP tokens using the HashiCorp Vault TOTP Secret Engine to generate, store, and validate tokens.
How does this differ from the TFA 'built-in' TOTP token support:
Secret Seeds for tokens are not stored inside of Drupal, instead the Vault instances stores them inside its protected storage where access is protected by the Vault security policies further protecting account security in case of site compromise.
Validation and replay prevention are centralized in the Vault.
Project information
- Module categories: Security, Access control
- Ecosystem: Vault for Drupal, Two-factor Authentication (TFA)
- Created by cmlara on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
