Lockr, a new key management service for content management systems, is now available for Drupal and WordPress. Lockr is a service that helps developers and CMS site owners better secure Web transactions by protecting encryption and API Keys. API key security has been a growing concern in recent years with a number of security issues involving API keys being reported. Earlier this month, ProgrammableWeb reported that developers had left API credentials in the Verizon Hum website source code. Early last year, it was reported that hackers created an algorithm that continuously searches GitHub for exposed Amazon Web Services (AWS) API keys. Lockr can help improve the security of CMS powered websites by preventing API keys and other credentials from being accidentally leaked.
Lockr is a new key management service for content management systems provided by Cellar Door Media that leverages enterprise-grade key management technology from Townsend Security. Lockr provides an off-site, hosted key management service that can help better secure Drupal and WordPress powered websites. Lockr can also help Drupal and WordPress powered websites meet PCI DSS, HIPAA and other security requirements.
ProgrammableWeb reached out to Chris Teitzel, founder and CEO of Cellar Door Media and creator of Lockr, and Tyler Pigott, VP of product at Lockr, who provided insight into the Lockr service. Teitzel and Pigott explained that the company is focusing on content management systems because they saw a gap in the market and observed that broad use of APIs in modern content management systems is increasing. The basic concept of Lockr is "key management made easy," providing a key management and security service for content management systems that can be used by developers as well as site owners who may not know how to code.
There are some similarities between Lockr and other key management systems such as AWS Key Management Service (KMS) and Microsoft Azure Key Vault. However, Teitzel and Pigott explained that Lockr is a "white glove service" that provides additional layers of security. Lockr is focusing on Drupal and WordPress because they both currently dominate the CMS market. The company does plan on looking at supporting the IBM Bluemix platform in the future however.
Teitzel and Pigott told ProgrammableWeb that Lockr can secure and manage any API key, secret key, and other types of credentials. Once enabled in the CMS, keys that entered are then sent over to the Lockr system fully encrypted and removed from the CMS code base. In addition, credentials sent from the CMS are unidentifiable and not stored on Lockr. Lockr not only manages and secures API keys, but also the keys of hosting provider partners. Lockr manages "keys per environment" which helps eliminate the problem of accidentally leaked credentials.
Teitzel and Pigott explained that the issue of accidental leaked API credentials needs to be emphasized and addressed. They are excited about providing the developer community as well as Drupal and WordPress site owners an easy way to manage API keys and other sensitive data.
Lockr is currently available for Drupal or WordPress and the service is being offered exclusively on Pantheon, a managed WordPress and Drupal hosting provider. However, other hosting providers will be announced in the near future.
For more information about the Lockr key management service for content management systems, visit https://lockr.io/.