Idea: put generated passwords in a Vault kv store?

Question

Idea: put generated passwords in a Vault kv store?

Opened this issue 2 years ago · 1 comments

Love this. I generated passwords for a long time using </dev/urandom tr -dc 'A-Za-z0-9!"}?!*)' | head -c 32 that I ended up putting in a 😱 file.

I have moved them to a Vault instance at home, but I still need to generate them and grasp seems pretty cool.

I immediately thought about extending it to use the Vault API as a persistent secure storage.

creating:
phrase->grasp->generates secret password->puts it in vault
retrieving:
phrase->grasp->maps to kv key in vault->retrieves secret password

This way, the user would only need to remember the phrase and not the password.

Any thoughts?

Answer 1 · 2022-10-23T09:26:41.000Z

Thanks!
...and...great idea! ... maybe letting the user to choose whether to just print the password or copying it into clipboard or to store it in Vault.

Besides your idea just triggered me with some more abstract extension 😄 ...

What if we could try to implement something like hashicorp plugins using RPC in order to implement different backend destinations ... (terminal will be the default, but we can thing at Vault, clipboard, SQL, etc. etc.)