Secret Login Module Introduces Secure URL and Token-Based Access for Drupal

Secret Login is a new Drupal module developed by Vishal Kumar Yadav that allows site administrators and developers to bypass the standard login form using a secure URL or a one-time token. The module enables users to define a custom backdoor URL in the configuration. It automatically generates one-hour tokens for any user account, providing instant access without requiring usernames or passwords.

The module authenticates visitors as administrators or any assigned role when the secret URL is accessed, and a toggle in the admin interface enables or disables the one-time login feature. Tokens expire after one hour, and new ones are generated automatically, ensuring security while eliminating repetitive credential entry across development, staging and production environments.

Secret Login aims to streamline deployment workflows and reduce interruptions caused by session timeouts or forgotten passwords. Vishal describes it as a developer’s “magic key” to accessing Drupal without the usual login steps, highlighting its value for site administrators, testers and development teams.

Created on January 1, 2025, and updated to version 1.0.2 on June 22, 2025, Secret Login is classified under Administration tools and Developer tools on Drupal.org and is covered by the Drupal Security Team’s advisory policy. Initial reports indicate an increase in adoption across multiple live sites.

To install Secret Login, add it as a standard contributed module, then configure your secret URL and token settings via the Drupal administration interface. For complete documentation and source code, visit https://www.drupal.org/project/secret_login