The password expiry feature already exists actually (or maybe I misunderstood your point).
However, it exists in 2 variants mainly, the CE one and the PRO and requires your passbolt server to be at a minimum version of 4.5.0. The feature could be activated from the administration settings.
On the CE variant you can have 2 automatic workflows (you have either both of them or none of them):
automatic expiry: when a user looses a permissions on a resources that it read in the past, the resources is marked as expired
automatic update: when an expired resource has its secret changed, it’s marked a not expiring again
On the PRO variant, you have more granular options where:
you have the possibility to set the 2 previous automatic workflows (at the contrary of the CE you can choose if you want just 1 automatic workflow, the 2 of them or none of them)
you have the possibility to define a default expiration delay. For example, you can choose 60 days, and every new update or creation of a secret will have an expiration date set to 60 days in the future
you can also let the users override the expiration date such that they can manually set for each resources an expiration period or a precise date.
On both version once the feature is activated, you will see extra columns on the password grid with an expiration date and an “attention required” icon for resources that have expired. Plus you will find a new filter to display only the expired passwords.
About the point regarding sending an email n-days before the expiration of a secret. This is not yet available. We did a first try with it, but we encountered issues and put that part for later (no ETA that I know though).
Anyway, this feature would be part of the PRO version.
If you want to know a bit more about it, there was a community forum post regarding the release of the 4.5.0 of the API New Release: v4.5.0 ~ Summer is Ending also you will there pages linked as well:
I have now enabled the password expiry feature and I can see the expiry column.
I cannot change it though because I am running the community edition and that’s understood.
However, I also wish to be able to see which secrets have an expiration date in the near future, for example in a few days (as user input), to start making preparations for secrets rotation before the secrets expire.