[PB-33631] As a logged in user I should be able to change my private/public key

Q1. What is the problem that you are trying to solve?
Currently there is no way to replace the key of a user if it has been compromised, lost or expired.

Q2 - Who is impacted?
Everyone, especially people that have set expiry date on gpg keys.

Q3 - Why is it important and/or urgent?
It is part of good key hygiene to rotate keys.

Q4 - What is your proposed solution? (optional)

Ref: As a logged in user I should be able to change my private/public key · Issue #170 · passbolt/passbolt_api · GitHub

Q5. Community support
People can vote for this idea to show traction:

  • :ok_woman: Must have: this is critical for me to have this
  • :raising_hand_woman: Should have: this is important for me to have this
  • :tipping_hand_woman: Could have: this could be nice to have
  • :no_good_woman: Won’t have: we should not schedule this (explain why)
0 voters

Here’s a current workaround:
In the meantime you could create another user and transfer your passwords to them and then switch to that user.

In order to change the private key passphrase you can export your private key, change the passphrase in another gpg compatible tool (gnupg command line tool for example), then do a recover and import the udpated key.

Must have for me.

Most (all ?) serious PKI setup expiry dates to the keys they deliver.
It could be hard to promote passbolt as a serious secret manager if it considers that a key never expires…


PS : I really like passbolt :slight_smile:

True. One could argue that Passbolt should have never been released without this feature, just because it kinda works. I’m still thankful they released PB. Still, this feature needs to come.