As a logged in user on the password workspace I can click on a button to see a passwords value

Q1. What is the problem that you are trying to solve?
Currently, when a password is shared with another user, the only way for them to see the password is to copy it and then paste it somewhere else (text editor, for example). It would be great if users could select a password that was shared with them, and just view the password there.

Q2 - Who is impacted?
Users who do not have edit rights on a given password.

Q3 - Why is it important and/or urgent?
It can be usefull to communicate a password over the phone for example, or just to check the format.

Q4 - What is your proposed solution? (optional)
The idea would be to have an “eye” icon next to the passwords items in the grid, or in the sidebar to allow people to make such password visible. This would need to happen in a secure way (using iframe, etc.).

Q5. Community support
People can vote for this idea to show traction:

  • :ok_woman: Must have: this is critical for me to have this
  • :raising_hand_woman: Should have: this is important for me to have this
  • :tipping_hand_woman: Could have: this could be nice to have
  • :no_good_woman: Won’t have: we should not schedule this (explain why)

0 voters

Users should not be able to view password values unless they are admin or unless the admin checked a box or something similar that allow regular users to view password values. Otherwise it defeats the purpose of using a solution like PassBolt. If admins wanted to share the password values and only login access to company’s account they could do it in many other ways.

@benjamo there is no real secure way to enforce the behavior you are describing. It is not possible to allow to “only use and not view” a password. When you fill a password in a page or copy it to clipboard it is very easy to view it’s value (for example, in the browser debug console, by using the network tab to see the password in clear being sent, or changing the type of the input field from password to text).

I understand you would want to limit this, but I think you have a misplaced expectation in terms of the security passbolt (and other password managers) can provide here.

Released as part of v3.1. in march 2021.