Allow creation of bookmarks from web vault settings

[graste]

Hi,

a few days ago I stumbled upon your project and thought, that it might be handy to be able to create bookmarkable URLs for the settings one uses for services.

This pull request adds a simple GET form and submit button with repopulation of query string parameter values onto the existing form input fields via javascript (apart from the passphrase inputs of course). The service name will be put into the URL as well and will be prepended to the page title to make bookmarking a bit easier for different service names.

The code uses querySelector to select the inputs. Mind you, I only changed the web/lib code and did not have a look at the chrome extension folder as I don't know what the status of that is.

Thanks for your effort. I'm really thinking about to use it... :+1:

Kind regards,

Steffen

[jcoglan]

I'm not going to merge this since it's not the long-term strategy of Vault to save settings in this way. We're looking into a cloud-based solution that both the web app and CLI can share. This implementation in particular has some problems:

• I adds a <form> to the page, allowing the user to send their settings to my server, which should absolutely never happen.
• By using bookmarks, those settings will appear in the machine's browser history, which is problematic in the main use case I have for this type of feature, which is using public machines when I don't have my laptop with me.

However, per the terms of this project you are allowed to host it wherever you like; it's just static files. So if you want this feature, you can fork the project and host your own copy somewhere, keeping the above risks in mind.

[graste]

You are correct, the PR was absolutely intended for self-hosting persons that are aware of the pros and cons. I can understand your reasoning to decline the PR for the project as is. I'm not sure what you're getting at with "cloud-based", but am somewhat wary of it as the beauty of a self-hosted, bookmarkable solution (for settings storage) is a big selling point for me. At least when one protects the static files via additional means (https + auth at least) and perhaps is able to handle or disable access logs. Thanks for your considered response especially with regards to public machines and browsing history (although I think that's a problem people should be aware of anyways). My main problem (and why I'm not using vault as is yet) is that it's browser based. That's the main pro and a big con as well given the state of nowadays browsers. Perhaps I'll give that shell based version a go. :-)