Enhanced Access Control for Sensitive Information
2 votes
I would like to request the implementation of an enhanced security feature for specific entry types within the application.
Currently, when attempting to copy or view the password for entries under:
- Information > Secure Note
- Information > Other (custom)
- Credential Management > Secret
- Credential Management > Username and password
- Credential Management > Password list
- Credential Management > Custom
...there is no secondary authentication prompt.
I propose implementing an option that, when enabled for a specific entry, would require the user to re-authenticate before revealing or copying the password/secret. This secondary authentication could be either:
- The main application unlock password/passphrase.
- A separate, entry-specific password.
This feature would provide an additional layer of security for the most sensitive credentials stored within the application. I have thoroughly reviewed the existing properties for the entry types listed above and have not found this functionality. My apologies if this feature already exists and I was unable to locate it.
Thank you for your time and consideration of this feature request.
All Comments (5)
any news?
Hello,
Thank you for the request. We've had ideas similar to this in the past but never settled on a solution for exactly how we'd like to implement this. We've noted your interest in a feature like this and will monitor this thread for additional feedback.
Regards,
Hubert Mireault
Hello,
Thank you for the request. We've had ideas similar to this in the past but never settled on a solution for exactly how we'd like to implement this. We've noted your interest in a feature like this and will monitor this thread for additional feedback.
Regards,
@Hubert Mireault
Thank you very much!
I would like to be able to add protected information to this application.
Thank you very much!
We've discussed this internally and I wanted to give you some additional information.
We are planning to make a first step regarding this in our PAM functionalities. We are planning to allow, for example, prompting for the MFA before accessing a privileged account.
After this, we will have to come up with a solution that would be applicable for "regular" entries, which comes with its challenges, especially when we take into account having to validate the check server-side. All of this to say, we're making some steps in this direction but we don't have a clear path to this just yet.
Regards,
Hubert Mireault
Upvote from here as well! We're trying to add an additional layer of safety on certain accounts that live in user/PAM vaults and the inclusion of an MFA prompt or similar when accessing certain "flagged" items would definitely it for us.