(Feature Request) Option to add a password hint

[sptcguy]

Thank you for contributing this app, we use it all the time! On password protected secrets it would be nice to have the ability to display a password hint to the user opening the secret. This would be useful for indicating to a recipient that the password is a shared, known value. For example I could display "The name of our dog." The value would automatically be known to the recipient without me having to transmit it.

[theCalcaholic]

Thank you for the suggestion, I'll think about it. Although, it's not very likely that I will focus on this for two reasons:

1) The security model of Secrets doesn't really rely on the password protection (the "real" password is part of the URL and used to en- and decrypt the secret). The additional password is only there for cases where you strongly distrust your communication channel. 2) I intend to add a way to share secrets without a link with other Nextcloud users (while still using end-to-end encryption) which will hopefully cover most of your use cases.

[sptcguy]

Thanks for considering.

I intend to add a way to share secrets without a link with other Nextcloud users (while still using end-to-end encryption) which will hopefully cover most of your use cases.

We actually use this app primarily to securely hand-off account credentials and other secrets to clients who are non-registered users. This app is particularly useful to us because it considerably minimizes the risk of MiM and DARE exfiltration that can occur through email and SMS transit. Internal credential sharing is already handled through our credential management system.

It's when we are dealing with clients who are unwilling or incapable of setting up e2e encryption for mail that this app really shines. Having the ability to hint at a shared, known value would eliminate the need for us to transmit a password entirely in many cases.

Would you accept a pull request if I were to get some time approved to contribute the feature?