G
Gigantic Prawn
I want to allow an API key to access metadata about
asset_passwords
without accessing the
password
or
otp_secret
fields themselves. For my purposes, the
username
and
login_url
could also be excluded.
This could be accomplished with either a new permission under "Key can perform the following actions" or a new endpoint.
The goal would be to allow an API key to check when a specific
asset_password
was created or updated, if it's archived, the company ID and password folder, and be searchable by all the same options as the current endpoint, _without_ having access to the actual credentials.