Better options for management of Access Grants and passwords

Access Grants and passwords are crucial.
While Access Grants can be re-established, losing passwords can prevent access to uploaded data forever. So a good management to retain access is required. This is even more true in a collaborative environment.

Here are some suggestions:

  1. Downloading Access Grants
    There is this new feature that makes downloading of Access Grants possible. This currently includes only the key.
    My suggestion would be to extend this functionality to make this an option to download a full blown json file with all relevant data for this Access Grant. These would be:
    key, duration, buckets, permissions maybe even optional the passphrase.
    It could look something like this
    "AccessGrantName": "NameOfAccessGrant",
    "Permissions": ["ListOfPermissions"],
    "Duration": ["StartingDate", "EndingDate", "Forever"],
    "Buckets": ["ListOfBuckets"],
    "Password": "SomeEncodedPasswordHere"
    "Key": "KeyHere"

  2. Importing Access Grants
    It would be a nice feature if there was an option to import downloaded Access Grants / Json-files like the above example.

  3. Exporting Passwords
    When creating passwords it would be a good option to have a feature to download them and store them as file like a token.

  4. Whenever a password has to be entered, it would be a good feature to have an optional upload feature that lets a user select either the token or the json file and have the password used that is stored in it.

I think these features would help users to organize passwords and Access Grants more easily.

1 Like

The problem is that we do not store a password anywhere… Even locally.
You have only root key and derived keys in the access grant.
I’m not sure that it is possible to recover a password from the key, derived from your password.

I cannot say what is technically possible. But I guess my idea is clear: Better options to organize, manage and store Access Grants and passwords to help users not to lose control over data or the data itself.