What is a one sentence summary of your feature request?
Introduce a configuration option to prevent the creator of a seal from accessing the sealed password
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
For highly sensitive passwords (e.g., local domain admin), a feature is required to enhance security by preventing the seal’s creator from accessing the password.
This should be a configurable option when creating a seal.
As long as other designated individuals are authorized to unseal the password, the creator’s access can be restricted without compromising administrative control.
How do you currently solve the challenges you have by not having this feature?
We dont.