Q1. What is the problem that you are trying to solve?
One of my colleagues deleted a entry, this was a mistake and he wanted to recover it. Unfortunately this wasn’t possible or we couldn’t find it.
Q2 - Who is impacted?
Every user who needs this entry/deleted a entry.
Q3 - Why is it important and/or urgent?
The entry which was deleted wasn’t very important but this of course could have been. So for future references this may be a good feature.
Q4 - What is your proposed solution? (optional)
For example, we have used KeePass in the past and there was an “Recycle Bin” which held the deleted items. It would be nice to have such a feature as well. Or atleast a feature which lets you recover deleted entries.
user stories. Examples: as a logged in user I receive an email notification when a password is changed.
test scenario in the “given, when, then” format
additional functional / non functional requirements.
screenshots/wireframes
Q5. Community support
People can vote for this idea to show traction:
Must have: this is critical for me to have this
Should have: this is important for me to have this
Could have: this could be nice to have
Won’t have: we should not schedule this (explain why)
Personally, I think a trash can feature with the option of automatic deletion after a certain number of days is essential. I am new to Passbolt and really like it. It’s open source, super easy to install with Docker and extremely secure. I also like that Passbolt hosts its cloud service model in the EU.
I have a lot of respect for everyone who works on this amazing project.
But I can’t recommend a password manager to friends and clients if it doesn’t support a recycling bin feature. I have heard the argument multiple times that a recycling bin isn’t added because Passbolt wants to ensure that deleted passwords cannot be restored.
While I understand their reasoning, I believe that it does not enhance the security of Passbolt; in fact, it makes it less secure. If people are worried that they or their group members might accidentally delete important passwords and lose them, they will start writing them down on paper or in a text file again. This is because of the (rightful) fear of losing passwords due to an accident possibly caused by team members. This completely defeats the purpose of using a password manager.
At the same time, I can’t call a password manager secure if you can delete an entire folder containing dozens of passwords with just a few clicks and can’t recover them. Security means more than just protecting passwords from unauthorised access; it also means protecting them from accidental loss.
For example, if you have a bank account that only you can access, but you sometimes lose all your money, calling that bank account ‘secure’ would be a bit misleading — true security also requires protection against accidental loss and reliable recovery mechanisms.
My idea: Add a ‘trash’ folder to store passwords for 30 days after they are deleted. These passwords should be referenced to the old folder, along with the access and permissions. This is necessary in case a group member is removed from the share/group after an item has been deleted; otherwise, they would be able to see the password in the recycling bin.
Ideally, Passbolt would add a trash can with auto-deletion after 30 days, or even better, a feature that allows you to set your own auto-deletion time. It would also be useful to have more permission and precicer settings for password folders. Then I could fully recommend this product to my clients. I’m sure many more businesses, especially European ones, would choose Passbolt over its competitors.
Must have: this is critical for me to have this
Should have: this is important for me to have this
Could have: this could be nice to have
Won’t have: we should not schedule this (explain why)