gdo.sh federated Odoo development infrastructure
Request Access

Not for sale yet.

Drop your email and we'll let you know the moment it goes live.

SecretSwap Passwords · Harrison Consulting
ODOO MODULE · PASSWORD VAULT

A password vault that lives inside Odoo.

Logins, secure notes, cards, identities, and SSH keys — encrypted by SecretSwap Core, organized into collections and folders, and shareable with the team you already manage in Odoo.

See how it works Talk to us →

Why

Most teams already store passwords somewhere they shouldn't — a shared spreadsheet, a chat pin, a sticky note. The pitch for a separate vault is real, but it adds another login, another bill, another permission system to keep in sync with Odoo. Passwords moves the vault into the place where the users, partners, and audit trails already live.

How it works

  1. Create a collection
    A collection is the unit of sharing — personal by default, sharable with users, partners, or groups at read, edit, or manage permission.
  2. Add items
    Logins, secure notes, payment cards, identities, SSH keys. Passwords and hidden fields are encrypted at write; the form shows a reveal control.
  3. Organize with folders and favorites
    Folders are personal and nestable; favorites pin items to the top of the list.
  4. Turn on TOTP and breach checks
    Generate 2FA codes from the same form; a scheduled job checks every login against HaveIBeenPwned's k-anonymity range API.
  5. Read the audit log
    Every reveal, edit, share, and breach hit lands in the SecretSwap audit log with user, IP, and item context.

What's in the box

Five item types

Logins, secure notes, payment cards, identities, and SSH keys — each with type-specific fields and the same encryption envelope.

Collections with three permission levels

Read, edit, or manage — granted directly to a partner or to a group. When access overlaps, the highest permission wins.

TOTP, generated in place

Scan or paste an OTP secret on the login item; the form displays a rotating six-digit code without a separate authenticator app.

Breach detection

A scheduled cron checks every stored password against HaveIBeenPwned using SHA-1 k-anonymity, and flags hits on the item.

Password strength and reuse

zxcvbn rates strength as items are created; SHA-256 hashes detect when the same password is reused across the vault.

Generator and history

A wizard generates passwords with configurable rules. Every change keeps an encrypted history record with reason and timestamp.

Compatibility

Odoo 19.0 secretswap_core pyotp

Depends on secretswap_core, base, web, and mail. pyotp is required for TOTP. Install secretswap_warden to let Bitwarden clients use this vault, or secretswap_passwords_swaps to share items as Swap links.