I have been wanting this feature since I started using Passbolt some three years ago. It would be great to be able to associate multiple URI’s with a password. This is useful for environments where you must authenticate with the same credentials on different services, as is common with LDAP-backed services. The user experience improvement is in that the quickaccess menu would show the password on all web pages that are associated with the password.
For inspiration, look at Bitwarden’s browser extension. It has this feature.
This feature would also be very useful when dealing with a lot of multi-site web solutions, where the username and password are the same, because its the same instance. It just have multiple entry points for the admin panel.
Bear with us, we are small team and we don’t have unlimited resources. We’re not ignoring requests, we just don’t have the capacity to do everything at once.
We just shipped the windows app and password expiry. We’re shipping ADFS next release.
Now we’ll move on to some new topics, which include performance improvements and new content types. Our goal is to squeeze the multi url support in that work package.
When it’s ready :). Seriously we don’t give ETA because it’s just something that frustrates everyone. When the developers manage to meet an ETA nobody notices and congratulates them for that. When they miss it however, because for example they had to work on something more important, like a security issue, or a feature that a customer is willing to financially sponsor, they get online hate. So we just stop giving ETA to keep everyone expectations in check.
Instead of multiple URL’s I miss the KeepassXC function of the references. It’s something similar, only you have single entries where username and password are a reference to another entry.
Is there any update to this feature? The continued lack of this feature makes passbolt users vunerable to phising site attack vectors. The current URI matching has been horrid in our companies experience with passbolt pro, and we’ve told our staff to “just search for the password by name” as it rareley matches with the login form with the amount of redirects, and especially with the growing popularity of two-stage login forms where you put in the username, then are redirected to a new page to then enter the password, with only a single URI you’re lucky to get a match with one of the two stages of login. This would be less of a problem if it was possible to add regex/wildcard domain matching objects to allow for greater uri matches, but compared to other password management solutions, this has been poor or extremely nonfunctional in our experience. I honestly think it’s only a matter of time before a passbolt user becomes victim to a phishing scam and passbolt is paraded around in the media the same way lastpass was due to the poor performance of the current shipped feature in the pro cloud release, and I can’t understand why this hasn’t been given priority to improve when so many less important features have been given priority.
I understand not giving an ETA, but as this is an open source project, is there a PR we can watch or contribute to, just so we can see work being done on it?
I would highly appreciate this feature, especially because many other password managers like 1Password have had this feature for years.
Another idea for this feature:
It should be possible to match not only subdomains but also paths in a URL. This way, we could differentiate between different logins on one domain or subdomain.
Example:
In Mailcow (mail server software), you have one subdomain like “mail.example.com” but multiple different services that you need to log in to, which are differentiated by paths such as:
Hello @MrFlathill and welcome to the forum!
What you are suggesting is possible. You just keep the domain in the URL field (example.com in your given examples) and will work in every subdomain and path related to that main domain
64 % of the voters above have voted for this feature as a “must have”. I still dont see this in the current stable release. This feature is available in most other password managers, even in completely free version (e.g. keepassxc).
As a paying customer of passbolt pro I really request this to be implemented soon. I am currently in the process of partly migrating data from keepassxc files to the passbolt online solution. In this context this is a functional regression, as password entries need to be duplicated with different URI settings when they are moved to passbolt.
Any update on this? This is a critical feature for me. I’m trying Passbolt to replace individual Bitwarden accounts and unify credential sharing among the team. However, for example, when importing one of our Bitwarden entries, there are 36 URIs for a single credential. This isn’t because they’re different sites using a common password, but because they’re different servers that all use the same credential store.
For us, these servers are hypervisors: HV01.domain.tld through HV36.domain.tld. You can log into any node and administer the entire stack, but most commonly, people use HV04 because that’s where the ISOs and CT templates are stored. They typically spawn off HV04 and then migrate to another node afterward. However, sometimes you have to log into individual nodes to fix a problem. Since all these nodes share a single credential management system, the login credentials are identical.
There are also issues when the URI string is complex. For example, it’s not just hv01.domain.tld but something like:
Well Fully agree.
I’m missing this feature on a day to day basis.
What would be great:
allowing domains and comma separated list of urls
What would be even better is, that when logging into to a url one can search for a password and tell passbolt to link the current url to an existing passbolt entry (it could just add the url to the comma separated list of urls.
Another option could be to create a new password entry (which could have its own title and description etc but instead of storing a password it would ‘symlink’ to another password entry.
In any case. sites with different urls based on the same AD authentication will greatly benefit from a solution.
and welcome to Passbolt community forum 
Must have: this is critical for me to have this
Should have: this is important for me to have this
Could have: this could be nice to have
Won’t have: we should not schedule this (explain why)
