The database is encrypted using the secret key held in the configuration directory.  However there is no way to rotate this key if we want to change it - such as after a Systems Administrator leaves the company.

It would be useful to have a utility that

* Generates a new secret key

* Decrypts the database and re-encrypts with the new secret key

This would allow us to rotate the key on a regular basis (say, yearly) to protect against loss of the master key.

Similarly, it would be good for individual users to be able to change their own private salt key and automatically re-key their existing records to this new key.

Hello Nils,

I would like to contribute to POEdit Catalan language. How can I do it?

Regards,

Eduard.

Maybe there is some issue in php code.

I'm writing an application where I getting all items from teampass through the API

I have a case where some folder have subfolder (and in those subfolder are items stored) and I need te get all the subfolder wsith only the ID of the main folder.

Is this possible or can it be made possible?

Please advise how to resolve such an issue. Thanks.

Hi, may you help me to understand how modify the default gray colour of background?

Thanks a lot!

I think it would be good
to add the functionality that passwords that were registered in
teampass, could be assigned to only be shown 50% of the password to a
specific role, the other 50% to another role and the total (100%) to another role.

as shown:
Master role: qazwsxedc123

Role 1: qazwsx ******
Rol2: ****** edc123

This would allow double custody for the password where users can not access 100% of the password to access with the user.

We have config snippets (JSON/XML), a bunch of license keys or multi line licenses.

So we need masked multi line fields for this.

The ability to restrict being able to view the password in an item, but not the rest of the information of that item would be a welcome addition.

In my use case, lower level technicians need to know information about a server, e.g. IP address, hostname, services, etc; but do not require to know the password itself to that server. I would like to be able to give them access to the auxiliary information without giving them the password.

Thank you,

It would be very helpful to have a Heira module to read secrets (including file attachments) from the TeamPass API.  This would allow us to manage passwords, secrets and certificates from puppet with them stored inside TeamPass, retrieving via the existing heira method.

As an example of how to do this with the Hashicorp Vault API, you can see here: https://github.com/jsok/hiera-vault .  It would probably be similar with TeamPass.

I suspect this may be something better produced and managed by the community, and that if provided you'd then have to provide something for Chef, Ansible, etc, but it's a very useful thing to provide