Q1. What is the problem that you are trying to solve?
Passbolt handles passwords well, but not other common secrets like API tokens or SSH keys.
So I will probably end up
-
storing them in separate tools, env files, or locally
-
losing central visibility and auditability
-
increasing security risk and tooling overhead
Solved when:
-
passwords and tokens/keys are managed in one place
-
same sharing, rotation, and audit workflows apply to all secrets
Q2. Who is impacted?
Mainly:
-
developers / DevOps
-
startups and SaaS teams
In practice: a large part of your target audience. I personally was looking for a tool that can do both, self hosted password management and function like a vault.
Q3. Why is it important and/or urgent?
Reduce tooling overhead.
Having password + token management in one app is a strong USP and highly relevant during tool evaluation (it was for me as well).
Q4. What is your proposed solution?
Leverage what already exists (secret types + API)
Add structured secret types:
-
API tokens (value + metadata like expiry, scope)
-
SSH keys (private key + optional passphrase)
-
generic key-value secrets
User stories:
-
store + share API token with expiry
-
store + share SSH private key
-
rotate tokens with audit trail
Example (given/when/then):
-
given I have access to a resource
-
when I create an “API token” secret
-
then I can store token + metadata and share it like a password
Requirements:
-
reuse existing encryption + ACL
-
support multiline secrets (SSH keys)
-
basic metadata (expiry, labels)
-
full API support