Initial commit: OCA Server Auth packages (29 packages)

odoo-bringout-oca-server-auth-vault/vault/readme/CONTRIBUTORS.rst

@@ -0,0 +1,4 @@
+* Florian Kantelberg <florian.kantelberg@initos.com>
+* `Tecnativa <https://www.tecnativa.com>`_:
+
+  * Carlos Roca

odoo-bringout-oca-server-auth-vault/vault/readme/DESCRIPTION.rst

@@ -0,0 +1,7 @@
+This module implements a vault for secrets and files using end-to-end-encryption. The encryption and decryption happens in the browser using a vault specific shared master key. The master keys are encrypted using asymmetrically. For this the user has to enter a second password on the first login or if he needs to access data in a vault. The asymmetric keys are stored for a certain time in the browser storage.
+
+The server can never access the secrets with the information available. Only people registered in the vault can decrypt or encrypt values in a vault. The meta data isn't encrypted to be able to search/filter for entries more easily.
+
+This modules requires a secure context for the browser to work properly and therefore HTTPS support is required.
+
+The `vault-recovery <https://github.com/fkantelberg/vault-recovery>`_ project focuses on disaster recovery in case of an incident to recover secrets from old database backups or old exports.

odoo-bringout-oca-server-auth-vault/vault/readme/ROADMAP.rst

@@ -0,0 +1,14 @@
+* Field and file history for restoration
+
+* Import improvement
+
+ * Support challenge-response/FIDO2
+ * Support for argon2 and kdbx v4
+
+* When changing an entry from one vault to another existing vault, the values added on
+  this entry cannot be accessed, so the field vault is going to be readonly when it
+  is defined.
+
+  If you want to move entries between vaults you can use the export -> import option.
+
+* HTTPS or localhost (secure browser context) is required for the client side encryption