The Password Vault is a secure credential management system that allows users to store, organize, and share passwords and access credentials for various systems and services.
Overview The password vault provides:
Secure storage - Encrypted storage of passwords and credentialsSystem categorization - Organize credentials by system type (web, VPN, remote access, etc.)Sharing capabilities - Securely share credentials with other usersAccess control - View-only or edit permissions for shared credentialsFavorites - Mark frequently used credentials for quick accessAccess tracking - Monitor when credentials are viewedPassword generation - Built-in secure password generator
Access to the password vault requires the ver-clave permission. Additional permissions control create, edit, delete, and sharing capabilities.
Creating a New Credential
Navigate to Password Vault
Access the password vault from the main menu
Click Create New Password
Requires the crear-clave permission
Select system type
Choose from available categories:
web - Web applicationsvpn - VPN connectionsescritorio - Desktop applicationswindows - Windows systemscecoco - CECOCO systemanydesk, radmin - Remote access toolsbase_datos - Databasesemail, ftp, ssh - Network servicesrouter, servidor - Infrastructureotro - Other systems
Enter credential details
Complete the required fields:
System name - Descriptive name (e.g., “Production Database”)URL - Web address or connection string (optional)Username - Account username or emailPassword - The credential passwordNotes - Additional information or instructions
Add VPN details (if applicable)
For VPN credentials, include:
VPN Host - Server addressVPN Type - Connection protocolPre-shared Key - PSK for authentication
Mark as favorite (optional)
Toggle to add this credential to your favorites list
Save credential
The password is stored securely and associated with your user account
Code Example: Creating a Credential // PasswordVaultController.php:86-111 $validated = $request -> validate ([ 'system_name' => 'required|string|max:255' , 'system_type' => 'required|in:web,vpn,escritorio,windows,cecoco,dss,anydesk,radmin,policial,pg,personal,servidor,nms,router,remoto,base_datos,email,ftp,ssh,camara_interna,otro' , 'url' => 'nullable|max:500' , 'username' => 'required|string|max:255' , 'password' => 'nullable|string|min:1' , 'notes' => 'nullable|string' , 'favorite' => 'boolean' , 'vpn_host' => 'nullable|string|max:255' , 'vpn_type' => 'nullable|string|max:255' , 'vpn_preshared_key' => 'nullable|string|max:255' , ]); $validated [ 'user_id' ] = Auth :: id (); PasswordVault :: create ( $validated ); return redirect () -> route ( 'password-vault.index' ) -> with ( 'success' , 'Contraseña guardada exitosamente' );
Viewing Credentials The password list displays your owned credentials and those shared with you:
System Information Name, type, and URL
Username Account username or email
Password Hidden by default, click to reveal
Sharing Status Indicates if shared with you
Access Control The system checks multiple permission levels:
// PasswordVaultController.php:113-132 public function show ( PasswordVault $passwordVault ) { // Requires ver-clave permission if ( ! Auth :: user () -> can ( 'ver-clave' )) { abort ( 403 , 'No tienes permiso para ver contraseñas.' ); } // Verify ownership OR shared access $userId = Auth :: id (); $isOwner = $passwordVault -> user_id === $userId ; $isShared = $passwordVault -> shares () -> where ( 'shared_with_user_id' , $userId ) -> exists (); if ( ! $isOwner && ! $isShared ) { abort ( 403 , 'No tienes acceso a esta contraseña.' ); } // Record access for audit trail $passwordVault -> recordAccess (); return view ( 'password_vault.show' , compact ( 'passwordVault' )); }
Every time a credential is viewed, the system records the access timestamp for security auditing.
Searching and Filtering Find credentials quickly using multiple filters:
Filter Description Search Search by system name, username, or URL Type Filter by system type Favorites Show only favorite credentials
// PasswordVaultController.php:14-72 $query = PasswordVault :: where ( function ( $q ) use ( $userId , $sharedIds ) { $q -> where ( 'user_id' , $userId ) -> orWhereIn ( 'id' , $sharedIds ); }); // Search filter if ( $request -> filled ( 'search' )) { $search = $request -> search ; $query -> where ( function ( $q ) use ( $search ) { $q -> where ( 'system_name' , 'like' , '%' . $search . '%' ) -> orWhere ( 'username' , 'like' , '%' . $search . '%' ) -> orWhere ( 'url' , 'like' , '%' . $search . '%' ); }); } // Type filter if ( $request -> filled ( 'type' )) { $query -> where ( 'system_type' , $request -> type ); } // Favorites filter if ( $request -> filled ( 'favorites' ) && $request -> favorites == '1' ) { $query -> where ( 'favorite' , true ); } $passwords = $query -> orderBy ( 'favorite' , 'desc' ) -> orderBy ( 'system_name' ) -> paginate ( 15 );
Password Generator Use the built-in password generator to create strong, random passwords:
// PasswordVaultController.php:240-251 public function generatePassword () { $length = 16 ; $characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+-=[]{}|;:,.<>?' ; $password = '' ; for ( $i = 0 ; $i < $length ; $i ++ ) { $password .= $characters [ random_int ( 0 , strlen ( $characters ) - 1 )]; } return response () -> json ([ 'password' => $password ]); }
The generator creates 16-character passwords including:
Uppercase letters (A-Z)
Lowercase letters (a-z)
Numbers (0-9)
Special characters (!@#$%^&*, etc.)
Sharing Credentials Share credentials with other users while controlling their access level.
Open credential detail
Navigate to the credential you want to share (must be owner)
Click Share
Opens the sharing modal showing current shares
Select user
Choose the user to share with from the dropdown
Set permissions
Choose access level:
View only - User can see the credentialCan edit - User can modify the credential
Confirm share
The user will now see this credential in their vault
Sharing Implementation // PasswordVaultController.php:306-348 public function share ( Request $request , PasswordVault $passwordVault ) { // Requires compartir-clave permission if ( ! Auth :: user () -> can ( 'compartir-clave' )) { abort ( 403 , 'No tienes permiso para compartir contraseñas.' ); } // Only owner can share if ( $passwordVault -> user_id !== Auth :: id ()) { abort ( 403 , 'Solo el dueño puede compartir esta contraseña.' ); } $request -> validate ([ 'shared_with_user_id' => [ 'required' , 'exists:users,id' , Rule :: notIn ([ Auth :: id ()]), Rule :: unique ( 'password_vault_shares' ) -> where ( function ( $query ) use ( $passwordVault , $sharedWithId ) { return $query -> where ( 'password_vault_id' , $passwordVault -> id ) -> where ( 'shared_with_user_id' , $sharedWithId ); }) ], 'can_edit' => 'boolean' , ]); PasswordVaultShare :: create ([ 'password_vault_id' => $passwordVault -> id , 'shared_with_user_id' => $sharedWithId , 'shared_by_user_id' => Auth :: id (), 'can_edit' => $request -> boolean ( 'can_edit' ), ]); return response () -> json ([ 'success' => true , 'message' => 'Contraseña compartida exitosamente.' ]); }
Viewing Shares Get the list of users a credential is shared with:
// PasswordVaultController.php:279-304 public function getShares ( PasswordVault $passwordVault ) { // Only owner can view shares if ( $passwordVault -> user_id !== Auth :: id ()) { abort ( 403 , 'Solo el dueño puede ver los compartidos.' ); } $shares = $passwordVault -> shares () -> with ( 'sharedWith' ) -> get (); $sharesData = $shares -> map ( function ( $share ) { return [ 'id' => $share -> id , 'shared_with_id' => $share -> shared_with_user_id , 'shared_with_name' => $share -> sharedWith -> name ?? 'Usuario Eliminado' , 'shared_with_email' => $share -> sharedWith -> email ?? 'N/A' , 'can_edit' => ( bool ) $share -> can_edit , ]; }); return response () -> json ([ 'shares' => $sharesData ]); }
Revoking Access Remove shared access to a credential:
Revoking access is immediate and cannot be undone. The user will lose access to the credential instantly.
// PasswordVaultController.php:350-371 public function revokeShare ( PasswordVaultShare $share ) { // Requires compartir-clave permission if ( ! Auth :: user () -> can ( 'compartir-clave' )) { abort ( 403 , 'No tienes permiso para gestionar compartidos.' ); } $passwordVault = $share -> vault ; // Only owner can revoke if ( $passwordVault -> user_id !== Auth :: id ()) { abort ( 403 , 'Solo el dueño puede revocar accesos.' ); } $share -> delete (); return response () -> json ([ 'success' => true ]); }
Editing Credentials Update credential information with appropriate permissions:
Credentials can be edited by:
The owner (with editar-clave permission)
Users with shared edit access (with editar-clave permission)
// PasswordVaultController.php:157-197 public function update ( Request $request , PasswordVault $passwordVault ) { // Verify permission if ( ! Auth :: user () -> can ( 'editar-clave' )) { abort ( 403 , 'No tienes permiso para editar contraseñas.' ); } // Check ownership or edit permission $userId = Auth :: id (); $isOwner = $passwordVault -> user_id === $userId ; $share = $passwordVault -> shares () -> where ( 'shared_with_user_id' , $userId ) -> first (); $canEdit = $share && $share -> can_edit ; if ( ! $isOwner && ! $canEdit ) { abort ( 403 , 'No tienes permiso para editar esta contraseña.' ); } $validated = $request -> validate ([ 'system_name' => 'required|string|max:255' , 'system_type' => 'required|in:web,vpn,escritorio,windows,...' , 'username' => 'required|string|max:255' , 'password' => 'nullable|string|min:1' , // ... other fields ]); // Only update password if new one provided if ( empty ( $validated [ 'password' ])) { unset ( $validated [ 'password' ]); } $passwordVault -> update ( $validated ); return redirect () -> route ( 'password-vault.index' ) -> with ( 'success' , 'Contraseña actualizada exitosamente' ); }
Deleting Credentials Remove credentials from the vault:
Only the credential owner can delete it. This action is permanent and cannot be undone. All shares will also be deleted.
// PasswordVaultController.php:199-215 public function destroy ( PasswordVault $passwordVault ) { // Requires borrar-clave permission if ( ! Auth :: user () -> can ( 'borrar-clave' )) { abort ( 403 , 'No tienes permiso para eliminar contraseñas.' ); } // Only owner can delete if ( $passwordVault -> user_id !== Auth :: id ()) { abort ( 403 , 'Solo el dueño puede eliminar esta contraseña.' ); } $passwordVault -> delete (); return redirect () -> route ( 'password-vault.index' ) -> with ( 'success' , 'Contraseña eliminada exitosamente' ); }
Favorites Mark frequently used credentials as favorites for quick access:
// PasswordVaultController.php:253-277 public function toggleFavorite ( PasswordVault $passwordVault ) { // Requires editar-clave permission if ( ! Auth :: user () -> can ( 'editar-clave' )) { abort ( 403 , 'No tienes permiso para editar contraseñas.' ); } // Check ownership or edit permission $userId = Auth :: id (); $isOwner = $passwordVault -> user_id === $userId ; $share = $passwordVault -> shares () -> where ( 'shared_with_user_id' , $userId ) -> first (); $canEdit = $share && $share -> can_edit ; if ( ! $isOwner && ! $canEdit ) { return response () -> json ([ 'error' => 'No tienes permiso para editar esta contraseña.' ], 403 ); } $passwordVault -> update ([ 'favorite' => ! $passwordVault -> favorite ]); return response () -> json ([ 'success' => true , 'favorite' => $passwordVault -> favorite ]); }
Favorites appear at the top of the credential list for easy access.
API Endpoints The password vault includes API endpoints for AJAX operations:
Endpoint Method Purpose /password-vaultGET List credentials /password-vault/createGET Show creation form /password-vaultPOST Store new credential /password-vault/{id}GET View credential details /password-vault/{id}/editGET Show edit form /password-vault/{id}PUT/PATCH Update credential /password-vault/{id}DELETE Delete credential /password-vault-generateGET Generate random password /password-vault/{id}/toggle-favoritePOST Toggle favorite status /password-vault/{id}/get-passwordGET Get password (API) /password-vault/{id}/sharePOST Share credential /password-vault/{id}/sharesGET List shares /password-shares/{share}/revokeDELETE Revoke share
Permissions The password vault uses role-based permissions:
ver-clave - View credentials (required for all operations)crear-clave - Create new credentialseditar-clave - Edit credentialsborrar-clave - Delete credentialscompartir-clave - Share credentials and manage shares
Permissions are checked in the controller, not at the route level, allowing for fine-grained access control.
Best Practices
Use descriptive names - Make system names clear and searchableInclude URLs - Add web addresses or connection strings for quick accessAdd notes - Document special requirements or access proceduresOrganize by type - Use appropriate system types for easy filteringReview shares regularly - Audit who has access to your credentialsUse password generator - Create strong, random passwordsMark favorites wisely - Only favorite your most-used credentialsUpdate promptly - Change credentials in the vault when they’re updated in the actual systemShare responsibly - Only grant edit access when necessaryRegular cleanup - Remove outdated or unused credentials
Security Considerations The password vault stores sensitive credentials. Always:
Use strong authentication
Log out when finished
Never share your account
Report suspicious access
Review access logs periodically
User Management Manage user accounts and permissions
Role Management Configure role-based access control