Skip to content

Add Vault-style passphrase generation for record-add and record-updat…#205

Open
mtyagi-ks wants to merge 2 commits into
passphrase-addition-in-recordsfrom
passphrase-addition-in-records-int
Open

Add Vault-style passphrase generation for record-add and record-updat…#205
mtyagi-ks wants to merge 2 commits into
passphrase-addition-in-recordsfrom
passphrase-addition-in-records-int

Conversation

@mtyagi-ks

Copy link
Copy Markdown
Contributor

Add Vault-style passphrase generation for record-add and record-update via $GEN:passphrase

Introduce KeeperPassphraseGenerator and supporting parsing helpers in the SDK,
aligned with Commander and Keeper Vault behavior. Users can now generate
word-based passphrases when creating or updating records:

password=$GEN:passphrase[,word_count][,separator][,capitalize][,number]

SDK (generator.py):

  • Add KeeperPassphraseGenerator using the bundled diceware word list
  • Add parse_passphrase_gen_parameters, resolve_gen_password_algorithm, and
    related helpers for word count (5–9), separators, and boolean options
  • Support optional enterprise policy fields (passphrase-length, separator, etc.)
    via create_with_options / create_from_policy

CLI (record_edit.py):

  • Extend generate_password() to support the passphrase algorithm and return
    (password, error) for validation failures
  • Update $GEN syntax help to document passphrase
  • Fix key pair generation: abort on passphrase generation error when enc is
    requested instead of silently creating an unencrypted key

Tests:

  • Add unit_tests/test_passphrase_generator.py (19 tests)

class KeeperPassphraseGenerator(PasswordGenerator):
"""Vault-style passphrase generator using the bundled diceware word list.

Produces ordered word passphrases (not shuffled) matching Keeper Vault behavior:

@adeshmukh-ks adeshmukh-ks Jul 2, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove the non shuffled part as the words are selected randomly

if self.capitalize and word:
word = word[0].upper() + word[1:]
if self.append_number and first_word:
word += str(secrets.randbelow(10))

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this only for first word or after every word? check UI and ensure the implementations are in sync

passphrase = ''
first_word = True
for _ in range(self.word_count):
word = secrets.choice(self._vocabulary)

@adeshmukh-ks adeshmukh-ks Jul 2, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

secrets is secure random word/number selector?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants