Crazybus
commented
6 years ago Is there any update on this? The secret must be retrievable somehow, just not currently exposed via the API/cli yet.
Open F21 opened 7 years ago
Crazybus
commented
6 years ago Is there any update on this? The secret must be retrievable somehow, just not currently exposed via the API/cli yet.
vishalnayak
commented
6 years ago @Crazybus @F21 This is not on the roadmap currently. This is a reasonable ask for sure. If anyone is interested in tackling this, we'd be happy to provide guidance.
aviadeToroX
commented
5 years ago Hi @vishalnayak Can you assist with retrieving the totp secret?
calj
commented
4 years ago Hello
I made a PR to add the ability to export TOTP secrets: #9869 Please let me know if this is the correct approach.
RutledgePaulV
commented
2 years ago I found out the hard way that this doesn't exist and now I have to manually rotate 45 TOTP keys ðŸ˜. What's preventing this from making progress given there is already a PR?
Zetanova
commented
7 months ago Workaround: The totp key can be stored inside a write-only KV mount.
Vault's TOTP secret backend makes it easy to support 2FA in an application. However, the inability to retrieve the secret for a TOTP key means that it is impossible to migrate or move to a different system for TOTP in the future if needed.
It would be nice if the TOTP secret backend has a path to get the secret for a given key. This would enable it to be locked down to certain users and would allow migrating the TOTP system somewhere else if they need arises in the future, without causing disruption for users.