Vault's TOTP secret backend makes it easy to support 2FA in an application. However, the inability to retrieve the secret for a TOTP key means that it is impossible to migrate or move to a different system for TOTP in the future if needed.
It would be nice if the TOTP secret backend has a path to get the secret for a given key. This would enable it to be locked down to certain users and would allow migrating the TOTP system somewhere else if they need arises in the future, without causing disruption for users.
F21
All 4 comments
Is there any update on this? The secret must be retrievable somehow, just not currently exposed via the API/cli yet.
Crazybus
on 19 Apr 2018
@Crazybus @F21 This is not on the roadmap currently. This is a reasonable ask for sure. If anyone is interested in tackling this, we'd be happy to provide guidance.
vishalnayak
on 19 Apr 2018
Hi @vishalnayak Can you assist with retrieving the totp secret?
aviadeToroX
on 29 Apr 2019
Hello
I made a PR to add the ability to export TOTP secrets: #9869
Please let me know if this is the correct approach.
calj
on 1 Sep 2020
Related issues
dwdraju
路
3Comments
singuliere
路
3Comments
gtmtech
路
3Comments
gtmtech
路
3Comments
Wonder007
路
3Comments
Most helpful comment
Hello
I made a PR to add the ability to export TOTP secrets: #9869
Please let me know if this is the correct approach.