So I’m struggling to understand account recovery (Community Edition, self hosted) and the role that the private key file plays.
What is account recovery for, if the passphrase is a requirement fo recovering the account? Is that not like a forgot password tool asking for the current password in order to reset it?!
According to this doc, Passbolt Help | How to recover an account?, there should be a step where the user can enter a new passphrase, but in all my attempts, the recovery process always asks for the users passphrase, which is the reason for the recovery in the first place!
What am I missing here?
So we have two things called account recovery which is probably contributing to the confusion here.
One is more of a set up a new browser or log in on a new device. In that case you need the recovery kit(private GPG key) to set up the extension in the new browser or device. You need this recovery kit to decrypt the secrets stored in passbolt.
The other account recovery is a pro feature where it gives an admin of the instance the ability to set up an organization key and then users can have their recovery kits and passphrases encrypted with that and stored on the server so if they forget the passphrase or lose the key they can have an admin help them get back into their accounts.
Does that clear up what is happening?
Ah, so on the Community Edition, with no passphrase, its a delete and re-create jobby? Gotya!