As an administrator I can create new secret types and define their associated input fields

Backlog
#1

Q1. What is the problem that you are trying to solve?
Currently passbolt only allow to stores passwords. It should allow administrator to create more complex types. For example let’s say I want to add the pin number to a site say this type of entry is for a “pin” with name and secret of type scalar.

Relates to: As an admin I should be able to select which fields are encrypted

Q2 - Who is impacted?
Administrators with authentication requirements that goes beyond passwords.

Q3 - Why is it important and/or urgent?
Passbolt should be flexible and not force a format for a given secret, considering that they are multiple ways to authenticate against other systems and not just passwords.

Q4 - What is your proposed solution? (optional)
The idea would be to allow admin to create any secret format by adding/removing the metadata (field name and types and validation rules). Passbolt will then present a workspace for each types to the end user as well as create / edit form based on the metadata. We will provide a few base types by default such as passwords (url, login, password), credit card (owner, card number, etc.), notes (textarea), and let admin create their own.

See also: As a logged in user I should be able to store secure notes
ref. https://github.com/passbolt/passbolt_api/issues/26

Q5. Community support
People can vote for this idea to show traction:

  • :ok_woman: Must have: this is critical for me to have this
  • :raising_hand_woman: Should have: this is important for me to have this
  • :tipping_hand_woman: Could have: this could be nice to have
  • :no_good_woman: Won’t have: we should not schedule this (explain why)

0 voters

Show results
As a logged in user I should be able to store secure notes
As an admin I should be able to select which fields are encrypted
Allow a user to add additional attributes/field pairs to the encrypted db
As a user I want to store passwordless informations
As a user I can create resources with encrypted file attachement
#2

Good idea, sometimes a password entry can have more than one password for one log-in site (so it must have one entry but has more than one password; say main password for a (sub-)organisation and one sub-passwort for a specific user).

#3

This would have the added benefit of also addressing the secure notes request. All admin needs to do is create a new secret textarea field and voila, secret notes! Two birds with one stone!

#4

@pixelrebel That’s right, either textarea (for like description) or a normal textfield (for normal password). Related to As an admin I should be able to select which fields are encrypted.

As a user I can add custom fields to password entries
Can I store file in place of the passwords?
Username is in plain text
#6

Hello,

does anyone know if this feature has been discussed in the development team? I think that would be a great improvement as we now mainly use password-less keys to connect to our servers.

#7

Hi @tmoulin,

Yes we have been actually actively developing a proposal for an open standard and a prototype for this feature in partnership with the fine people Mailvelope and Gnupg (peer reviewed by Cure53) that will allow anybody to define and capture data encrypted end to end using a new HTML component called “encrypted forms”. We’re still a long way to go before it’s included in Passbolt but a prototype will be available for Mailvelope in September or so.

Sneak peak in the specs if you are curious:

Prototype branch for mailvelope which passbolt team have been also working on:
https://github.com/mailvelope/mailvelope/tree/feature/encrypted-forms