anytech/silverstripe-secretfield

Masked secret form field with an admin-only reveal button for SilverStripe SiteConfig secrets (API keys, tokens).

Maintainers

Package info

github.com/anytech/silverstripe-secretfield

Type:silverstripe-vendormodule

pkg:composer/anytech/silverstripe-secretfield

Statistics

Installs: 15

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

dev-main 2026-06-15 22:54 UTC

Requires

MIT b343b781c834b80cdd996823470173479e54af08

silverstripemasksecretapi-keyform-field

This package is auto-updated.

Last update: 2026-06-15 22:54:42 UTC

README

A masked form field for SilverStripe SiteConfig secrets (API keys, tokens, service-account JSON). The stored value is never rendered into the page source; an admin-only reveal button fetches it on demand.

Requirements

  • SilverStripe ^6.1
  • PHP ^8.3

Installation

composer require anytech/silverstripe-secretfield

Usage

Use SecretField in place of TextField for any SiteConfig secret. That's all - no config to declare.

use Anytech\SecretField\SecretField;

SecretField::create('ApiKey', 'API key');
SecretField::create('ServiceAccountJSON', 'Service account JSON')->setMultiline(true);
  • The field shows a masked hint when a value is saved; leaving it blank on save keeps the stored value.
  • Reveal is restricted to ADMIN and CSRF-protected via the CMS security token.
  • A field is revealable only if it is declared as a SecretField on SiteConfig.
  • Works on disabled fields too (e.g. autofilled tokens) - reveal only reads.

License

MIT