diff --git a/README.md b/README.md
index 0a41fe8a15..c075c8da22 100644
--- a/README.md
+++ b/README.md
@@ -23,15 +23,17 @@ addon | version | maintainers | summary
 --- | --- | --- | ---
 [auth_admin_passkey](auth_admin_passkey/) | 16.0.1.0.0 |  | Allows system administrator to authenticate with any account
 [auth_api_key](auth_api_key/) | 16.0.1.0.0 |  | Authenticate http requests from an API key
+[auth_api_key_group](auth_api_key_group/) | 16.0.1.0.0 | [![simahawk](https://github.com/simahawk.png?size=30px)](https://github.com/simahawk) | Allow grouping API keys together. Grouping per se does nothing. This feature is supposed to be used by other modules to limit access to services or records based on groups of keys.
 [auth_api_key_server_env](auth_api_key_server_env/) | 16.0.1.0.0 |  | Configure api keys via server env. This can be very useful to avoid mixing your keys between your various environments when restoring databases. All you have to do is to add a new section to your configuration file according to the following convention:
 [auth_jwt](auth_jwt/) | 16.0.1.1.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | JWT bearer token authentication.
 [auth_jwt_demo](auth_jwt_demo/) | 16.0.1.1.1 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Test/demo module for auth_jwt.
 [auth_jwt_server_env](auth_jwt_server_env/) | 16.0.1.0.0 |  | This addon adds auth.jwt.validator fields to server env
 [auth_ldaps](auth_ldaps/) | 16.0.1.0.0 |  | Allows to use LDAP over SSL authentication
+[auth_oauth_multi_token](auth_oauth_multi_token/) | 16.0.1.0.0 |  | Allow multiple connection with the same OAuth account
 [auth_oauth_ropc](auth_oauth_ropc/) | 16.0.1.0.0 |  | Allow to login with OAuth Resource Owner Password Credentials Grant
-[auth_oidc](auth_oidc/) | 16.0.1.0.2 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
+[auth_oidc](auth_oidc/) | 16.0.1.1.1 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
 [auth_oidc_environment](auth_oidc_environment/) | 16.0.1.0.0 |  | This module allows to use server env for OIDC configuration
-[auth_saml](auth_saml/) | 16.0.1.0.3 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication
+[auth_saml](auth_saml/) | 16.0.1.0.4 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication
 [auth_session_timeout](auth_session_timeout/) | 16.0.1.0.0 |  | This module disable all inactive sessions since a given delay
 [auth_signup_verify_email](auth_signup_verify_email/) | 16.0.1.0.0 |  | Force uninvited users to use a good email for signup
 [auth_user_case_insensitive](auth_user_case_insensitive/) | 16.0.1.0.0 |  | Makes the user login field case insensitive
@@ -41,6 +43,8 @@ addon | version | maintainers | summary
 [users_ldap_groups](users_ldap_groups/) | 16.0.1.0.0 |  | Adds user accounts to groups based on rules defined by the administrator.
 [users_ldap_mail](users_ldap_mail/) | 16.0.1.0.0 | [![joao-p-marques](https://github.com/joao-p-marques.png?size=30px)](https://github.com/joao-p-marques) | LDAP mapping for user name and e-mail
 [users_ldap_populate](users_ldap_populate/) | 16.0.1.0.0 | [![joao-p-marques](https://github.com/joao-p-marques.png?size=30px)](https://github.com/joao-p-marques) | LDAP Populate
+[vault](vault/) | 16.0.1.0.0 |  | Password vault integration in Odoo
+[vault_share](vault_share/) | 16.0.1.0.0 |  | Implementation of a mechanism to share secrets
 
 [//]: # (end addons)
 
diff --git a/auth_admin_passkey/i18n/it.po b/auth_admin_passkey/i18n/it.po
index 23262c5932..12d8de629a 100644
--- a/auth_admin_passkey/i18n/it.po
+++ b/auth_admin_passkey/i18n/it.po
@@ -9,15 +9,15 @@ msgstr ""
 "Project-Id-Version: Odoo Server 10.0\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2017-08-01 02:43+0000\n"
-"PO-Revision-Date: 2022-02-21 12:17+0000\n"
-"Last-Translator: Simone Rubino <simone.rubino@agilebg.com>\n"
+"PO-Revision-Date: 2024-01-03 14:33+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: Italian (https://www.transifex.com/oca/teams/23907/it/)\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 4.3.2\n"
+"X-Generator: Weblate 4.17\n"
 
 #. module: auth_admin_passkey
 #. odoo-python
@@ -40,11 +40,20 @@ msgid ""
 "- Login date : %(login_date)s\n"
 "\n"
 msgstr ""
+"L'utente amministratore di sistemaha usato la sua passkey per accedere con "
+"%(login)s.\n"
+"\n"
+"\n"
+"\n"
+"Informazioni tecniche di seguito: \n"
+"\n"
+"- Data accesso : %(login_date)s\n"
+"\n"
 
 #. module: auth_admin_passkey
 #: model:ir.model,name:auth_admin_passkey.model_res_users
 msgid "User"
-msgstr ""
+msgstr "Utente"
 
 #, python-format
 #~ msgid "<pre>User with login '%s' has the same password as you.</pre>"
diff --git a/auth_api_key_group/README.rst b/auth_api_key_group/README.rst
new file mode 100644
index 0000000000..ed4520bd51
--- /dev/null
+++ b/auth_api_key_group/README.rst
@@ -0,0 +1,87 @@
+==================
+Auth API key group
+==================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:e231a34a3fe2c3a2a8c78305131ba9e90af3725f3cf0b0878d313439f511f6fe
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
+    :alt: License: LGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/16.0/auth_api_key_group
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_api_key_group
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=16.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+Allow grouping API keys together.
+
+Grouping per se does nothing. This feature is supposed to be used by other modules
+to limit access to services or records based on groups of keys.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_api_key_group%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Camptcamp
+
+Contributors
+~~~~~~~~~~~~
+
+* Simone Orsi <simone.orsi@camptocamp.com>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+.. |maintainer-simahawk| image:: https://github.com/simahawk.png?size=40px
+    :target: https://github.com/simahawk
+    :alt: simahawk
+
+Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:
+
+|maintainer-simahawk| 
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/16.0/auth_api_key_group>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/auth_api_key_group/__init__.py b/auth_api_key_group/__init__.py
new file mode 100644
index 0000000000..0650744f6b
--- /dev/null
+++ b/auth_api_key_group/__init__.py
@@ -0,0 +1 @@
+from . import models
diff --git a/auth_api_key_group/__manifest__.py b/auth_api_key_group/__manifest__.py
new file mode 100644
index 0000000000..8ac634aad9
--- /dev/null
+++ b/auth_api_key_group/__manifest__.py
@@ -0,0 +1,24 @@
+# Copyright 2021 Camptcamp SA
+# @author: Simone Orsi <simone.orsi@camptocamp.com>
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+{
+    "name": "Auth API key group",
+    "summary": """
+Allow grouping API keys together.
+
+Grouping per se does nothing. This feature is supposed to be used by other modules
+to limit access to services or records based on groups of keys.
+    """,
+    "version": "16.0.1.0.0",
+    "license": "LGPL-3",
+    "website": "https://github.com/OCA/server-auth",
+    "author": "Camptcamp,Odoo Community Association (OCA)",
+    "maintainers": ["simahawk"],
+    "depends": ["auth_api_key"],
+    "data": [
+        "security/ir.model.access.csv",
+        "views/auth_api_key_view.xml",
+        "views/auth_api_key_group_view.xml",
+    ],
+}
diff --git a/auth_api_key_group/i18n/auth_api_key_group.pot b/auth_api_key_group/i18n/auth_api_key_group.pot
new file mode 100644
index 0000000000..2aff7a6ef4
--- /dev/null
+++ b/auth_api_key_group/i18n/auth_api_key_group.pot
@@ -0,0 +1,85 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* auth_api_key_group
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: auth_api_key_group
+#: model:ir.model,name:auth_api_key_group.model_auth_api_key
+msgid "API Key"
+msgstr ""
+
+#. module: auth_api_key_group
+#: model:ir.model,name:auth_api_key_group.model_auth_api_key_group
+msgid "API Key auth group"
+msgstr ""
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__auth_api_key_ids
+msgid "API Keys"
+msgstr ""
+
+#. module: auth_api_key_group
+#: model:ir.actions.act_window,name:auth_api_key_group.auth_api_key_group_act_window
+#: model:ir.ui.menu,name:auth_api_key_group.auth_api_key_group_menu
+msgid "Auth Api Key Groups"
+msgstr ""
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key__auth_api_key_group_ids
+msgid "Auth Groups"
+msgstr ""
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__code
+msgid "Code"
+msgstr ""
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__create_uid
+msgid "Created by"
+msgstr ""
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__create_date
+msgid "Created on"
+msgstr ""
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__display_name
+msgid "Display Name"
+msgstr ""
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__id
+msgid "ID"
+msgstr ""
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group____last_update
+msgid "Last Modified on"
+msgstr ""
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__write_uid
+msgid "Last Updated by"
+msgstr ""
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__write_date
+msgid "Last Updated on"
+msgstr ""
+
+#. module: auth_api_key_group
+#: model:ir.model.fields,field_description:auth_api_key_group.field_auth_api_key_group__name
+msgid "Name"
+msgstr ""
diff --git a/auth_api_key_group/models/__init__.py b/auth_api_key_group/models/__init__.py
new file mode 100644
index 0000000000..4f2457794f
--- /dev/null
+++ b/auth_api_key_group/models/__init__.py
@@ -0,0 +1,2 @@
+from . import auth_api_key
+from . import auth_api_key_group
diff --git a/auth_api_key_group/models/auth_api_key.py b/auth_api_key_group/models/auth_api_key.py
new file mode 100644
index 0000000000..661e3c1a41
--- /dev/null
+++ b/auth_api_key_group/models/auth_api_key.py
@@ -0,0 +1,19 @@
+# Copyright 2021 Camptcamp SA
+# @author: Simone Orsi <simone.orsi@camptocamp.com>
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+
+from odoo import fields, models
+
+
+class AuthApiKey(models.Model):
+
+    _inherit = "auth.api.key"
+
+    auth_api_key_group_ids = fields.Many2many(
+        comodel_name="auth.api.key.group",
+        relation="auth_api_key_group_rel",
+        column1="key_id",
+        column2="group_id",
+        string="Auth Groups",
+    )
diff --git a/auth_api_key_group/models/auth_api_key_group.py b/auth_api_key_group/models/auth_api_key_group.py
new file mode 100644
index 0000000000..28f34f5e85
--- /dev/null
+++ b/auth_api_key_group/models/auth_api_key_group.py
@@ -0,0 +1,23 @@
+# Copyright 2021 Camptcamp SA
+# @author: Simone Orsi <simone.orsi@camptocamp.com>
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+
+from odoo import fields, models
+
+
+class AuthApiKeyGroup(models.Model):
+    """Group API keys together."""
+
+    _name = "auth.api.key.group"
+    _description = "API Key auth group"
+
+    name = fields.Char(required=True)
+    code = fields.Char(required=True)
+    auth_api_key_ids = fields.Many2many(
+        comodel_name="auth.api.key",
+        relation="auth_api_key_group_rel",
+        column1="group_id",
+        column2="key_id",
+        string="API Keys",
+    )
diff --git a/auth_api_key_group/readme/CONTRIBUTORS.rst b/auth_api_key_group/readme/CONTRIBUTORS.rst
new file mode 100644
index 0000000000..f1c71bce18
--- /dev/null
+++ b/auth_api_key_group/readme/CONTRIBUTORS.rst
@@ -0,0 +1 @@
+* Simone Orsi <simone.orsi@camptocamp.com>
diff --git a/auth_api_key_group/readme/DESCRIPTION.rst b/auth_api_key_group/readme/DESCRIPTION.rst
new file mode 100644
index 0000000000..1becef6070
--- /dev/null
+++ b/auth_api_key_group/readme/DESCRIPTION.rst
@@ -0,0 +1,4 @@
+Allow grouping API keys together.
+
+Grouping per se does nothing. This feature is supposed to be used by other modules
+to limit access to services or records based on groups of keys.
diff --git a/auth_api_key_group/security/ir.model.access.csv b/auth_api_key_group/security/ir.model.access.csv
new file mode 100644
index 0000000000..d245cf24cf
--- /dev/null
+++ b/auth_api_key_group/security/ir.model.access.csv
@@ -0,0 +1,2 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_auth_api_key_group,access_auth_api_key_group,model_auth_api_key_group,base.group_system,1,1,1,1
diff --git a/auth_api_key_group/static/description/icon.png b/auth_api_key_group/static/description/icon.png
new file mode 100644
index 0000000000..3a0328b516
Binary files /dev/null and b/auth_api_key_group/static/description/icon.png differ
diff --git a/auth_api_key_group/static/description/index.html b/auth_api_key_group/static/description/index.html
new file mode 100644
index 0000000000..2a52d4df14
--- /dev/null
+++ b/auth_api_key_group/static/description/index.html
@@ -0,0 +1,424 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<meta name="generator" content="Docutils: https://docutils.sourceforge.io/" />
+<title>Auth API key group</title>
+<style type="text/css">
+
+/*
+:Author: David Goodger (goodger@python.org)
+:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
+:Copyright: This stylesheet has been placed in the public domain.
+
+Default cascading style sheet for the HTML output of Docutils.
+
+See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
+customize this style sheet.
+*/
+
+/* used to remove borders from tables and images */
+.borderless, table.borderless td, table.borderless th {
+  border: 0 }
+
+table.borderless td, table.borderless th {
+  /* Override padding for "table.docutils td" with "! important".
+     The right padding separates the table cells. */
+  padding: 0 0.5em 0 0 ! important }
+
+.first {
+  /* Override more specific margin styles with "! important". */
+  margin-top: 0 ! important }
+
+.last, .with-subtitle {
+  margin-bottom: 0 ! important }
+
+.hidden {
+  display: none }
+
+.subscript {
+  vertical-align: sub;
+  font-size: smaller }
+
+.superscript {
+  vertical-align: super;
+  font-size: smaller }
+
+a.toc-backref {
+  text-decoration: none ;
+  color: black }
+
+blockquote.epigraph {
+  margin: 2em 5em ; }
+
+dl.docutils dd {
+  margin-bottom: 0.5em }
+
+object[type="image/svg+xml"], object[type="application/x-shockwave-flash"] {
+  overflow: hidden;
+}
+
+/* Uncomment (and remove this text!) to get bold-faced definition list terms
+dl.docutils dt {
+  font-weight: bold }
+*/
+
+div.abstract {
+  margin: 2em 5em }
+
+div.abstract p.topic-title {
+  font-weight: bold ;
+  text-align: center }
+
+div.admonition, div.attention, div.caution, div.danger, div.error,
+div.hint, div.important, div.note, div.tip, div.warning {
+  margin: 2em ;
+  border: medium outset ;
+  padding: 1em }
+
+div.admonition p.admonition-title, div.hint p.admonition-title,
+div.important p.admonition-title, div.note p.admonition-title,
+div.tip p.admonition-title {
+  font-weight: bold ;
+  font-family: sans-serif }
+
+div.attention p.admonition-title, div.caution p.admonition-title,
+div.danger p.admonition-title, div.error p.admonition-title,
+div.warning p.admonition-title, .code .error {
+  color: red ;
+  font-weight: bold ;
+  font-family: sans-serif }
+
+/* Uncomment (and remove this text!) to get reduced vertical space in
+   compound paragraphs.
+div.compound .compound-first, div.compound .compound-middle {
+  margin-bottom: 0.5em }
+
+div.compound .compound-last, div.compound .compound-middle {
+  margin-top: 0.5em }
+*/
+
+div.dedication {
+  margin: 2em 5em ;
+  text-align: center ;
+  font-style: italic }
+
+div.dedication p.topic-title {
+  font-weight: bold ;
+  font-style: normal }
+
+div.figure {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+div.footer, div.header {
+  clear: both;
+  font-size: smaller }
+
+div.line-block {
+  display: block ;
+  margin-top: 1em ;
+  margin-bottom: 1em }
+
+div.line-block div.line-block {
+  margin-top: 0 ;
+  margin-bottom: 0 ;
+  margin-left: 1.5em }
+
+div.sidebar {
+  margin: 0 0 0.5em 1em ;
+  border: medium outset ;
+  padding: 1em ;
+  background-color: #ffffee ;
+  width: 40% ;
+  float: right ;
+  clear: right }
+
+div.sidebar p.rubric {
+  font-family: sans-serif ;
+  font-size: medium }
+
+div.system-messages {
+  margin: 5em }
+
+div.system-messages h1 {
+  color: red }
+
+div.system-message {
+  border: medium outset ;
+  padding: 1em }
+
+div.system-message p.system-message-title {
+  color: red ;
+  font-weight: bold }
+
+div.topic {
+  margin: 2em }
+
+h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
+h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
+  margin-top: 0.4em }
+
+h1.title {
+  text-align: center }
+
+h2.subtitle {
+  text-align: center }
+
+hr.docutils {
+  width: 75% }
+
+img.align-left, .figure.align-left, object.align-left, table.align-left {
+  clear: left ;
+  float: left ;
+  margin-right: 1em }
+
+img.align-right, .figure.align-right, object.align-right, table.align-right {
+  clear: right ;
+  float: right ;
+  margin-left: 1em }
+
+img.align-center, .figure.align-center, object.align-center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+table.align-center {
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.align-left {
+  text-align: left }
+
+.align-center {
+  clear: both ;
+  text-align: center }
+
+.align-right {
+  text-align: right }
+
+/* reset inner alignment in figures */
+div.align-right {
+  text-align: inherit }
+
+/* div.align-center * { */
+/*   text-align: left } */
+
+.align-top    {
+  vertical-align: top }
+
+.align-middle {
+  vertical-align: middle }
+
+.align-bottom {
+  vertical-align: bottom }
+
+ol.simple, ul.simple {
+  margin-bottom: 1em }
+
+ol.arabic {
+  list-style: decimal }
+
+ol.loweralpha {
+  list-style: lower-alpha }
+
+ol.upperalpha {
+  list-style: upper-alpha }
+
+ol.lowerroman {
+  list-style: lower-roman }
+
+ol.upperroman {
+  list-style: upper-roman }
+
+p.attribution {
+  text-align: right ;
+  margin-left: 50% }
+
+p.caption {
+  font-style: italic }
+
+p.credits {
+  font-style: italic ;
+  font-size: smaller }
+
+p.label {
+  white-space: nowrap }
+
+p.rubric {
+  font-weight: bold ;
+  font-size: larger ;
+  color: maroon ;
+  text-align: center }
+
+p.sidebar-title {
+  font-family: sans-serif ;
+  font-weight: bold ;
+  font-size: larger }
+
+p.sidebar-subtitle {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+p.topic-title {
+  font-weight: bold }
+
+pre.address {
+  margin-bottom: 0 ;
+  margin-top: 0 ;
+  font: inherit }
+
+pre.literal-block, pre.doctest-block, pre.math, pre.code {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+pre.code .ln { color: grey; } /* line numbers */
+pre.code, code { background-color: #eeeeee }
+pre.code .comment, code .comment { color: #5C6576 }
+pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
+pre.code .literal.string, code .literal.string { color: #0C5404 }
+pre.code .name.builtin, code .name.builtin { color: #352B84 }
+pre.code .deleted, code .deleted { background-color: #DEB0A1}
+pre.code .inserted, code .inserted { background-color: #A3D289}
+
+span.classifier {
+  font-family: sans-serif ;
+  font-style: oblique }
+
+span.classifier-delimiter {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+span.interpreted {
+  font-family: sans-serif }
+
+span.option {
+  white-space: nowrap }
+
+span.pre {
+  white-space: pre }
+
+span.problematic {
+  color: red }
+
+span.section-subtitle {
+  /* font-size relative to parent (h1..h6 element) */
+  font-size: 80% }
+
+table.citation {
+  border-left: solid 1px gray;
+  margin-left: 1px }
+
+table.docinfo {
+  margin: 2em 4em }
+
+table.docutils {
+  margin-top: 0.5em ;
+  margin-bottom: 0.5em }
+
+table.footnote {
+  border-left: solid 1px black;
+  margin-left: 1px }
+
+table.docutils td, table.docutils th,
+table.docinfo td, table.docinfo th {
+  padding-left: 0.5em ;
+  padding-right: 0.5em ;
+  vertical-align: top }
+
+table.docutils th.field-name, table.docinfo th.docinfo-name {
+  font-weight: bold ;
+  text-align: left ;
+  white-space: nowrap ;
+  padding-left: 0 }
+
+/* "booktabs" style (no vertical lines) */
+table.docutils.booktabs {
+  border: 0px;
+  border-top: 2px solid;
+  border-bottom: 2px solid;
+  border-collapse: collapse;
+}
+table.docutils.booktabs * {
+  border: 0px;
+}
+table.docutils.booktabs th {
+  border-bottom: thin solid;
+  text-align: left;
+}
+
+h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
+h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
+  font-size: 100% }
+
+ul.auto-toc {
+  list-style-type: none }
+
+</style>
+</head>
+<body>
+<div class="document" id="auth-api-key-group">
+<h1 class="title">Auth API key group</h1>
+
+<!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! This file is generated by oca-gen-addon-readme !!
+!! changes will be overwritten.                   !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! source digest: sha256:e231a34a3fe2c3a2a8c78305131ba9e90af3725f3cf0b0878d313439f511f6fe
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/lgpl-3.0-standalone.html"><img alt="License: LGPL-3" src="https://img.shields.io/badge/licence-LGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/16.0/auth_api_key_group"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_api_key_group"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
+<p>Allow grouping API keys together.</p>
+<p>Grouping per se does nothing. This feature is supposed to be used by other modules
+to limit access to services or records based on groups of keys.</p>
+<p><strong>Table of contents</strong></p>
+<div class="contents local topic" id="contents">
+<ul class="simple">
+<li><a class="reference internal" href="#bug-tracker" id="toc-entry-1">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="toc-entry-2">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="toc-entry-3">Authors</a></li>
+<li><a class="reference internal" href="#contributors" id="toc-entry-4">Contributors</a></li>
+<li><a class="reference internal" href="#maintainers" id="toc-entry-5">Maintainers</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="section" id="bug-tracker">
+<h1><a class="toc-backref" href="#toc-entry-1">Bug Tracker</a></h1>
+<p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/server-auth/issues">GitHub Issues</a>.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+<a class="reference external" href="https://github.com/OCA/server-auth/issues/new?body=module:%20auth_api_key_group%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+<p>Do not contact contributors directly about support or help with technical issues.</p>
+</div>
+<div class="section" id="credits">
+<h1><a class="toc-backref" href="#toc-entry-2">Credits</a></h1>
+<div class="section" id="authors">
+<h2><a class="toc-backref" href="#toc-entry-3">Authors</a></h2>
+<ul class="simple">
+<li>Camptcamp</li>
+</ul>
+</div>
+<div class="section" id="contributors">
+<h2><a class="toc-backref" href="#toc-entry-4">Contributors</a></h2>
+<ul class="simple">
+<li>Simone Orsi &lt;<a class="reference external" href="mailto:simone.orsi&#64;camptocamp.com">simone.orsi&#64;camptocamp.com</a>&gt;</li>
+</ul>
+</div>
+<div class="section" id="maintainers">
+<h2><a class="toc-backref" href="#toc-entry-5">Maintainers</a></h2>
+<p>This module is maintained by the OCA.</p>
+<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
+<p>OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.</p>
+<p>Current <a class="reference external" href="https://odoo-community.org/page/maintainer-role">maintainer</a>:</p>
+<p><a class="reference external image-reference" href="https://github.com/simahawk"><img alt="simahawk" src="https://github.com/simahawk.png?size=40px" /></a></p>
+<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-auth/tree/16.0/auth_api_key_group">OCA/server-auth</a> project on GitHub.</p>
+<p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
+</div>
+</div>
+</div>
+</body>
+</html>
diff --git a/auth_api_key_group/tests/__init__.py b/auth_api_key_group/tests/__init__.py
new file mode 100644
index 0000000000..f831d70c99
--- /dev/null
+++ b/auth_api_key_group/tests/__init__.py
@@ -0,0 +1 @@
+from . import test_auth_api_key_group
diff --git a/auth_api_key_group/tests/test_auth_api_key_group.py b/auth_api_key_group/tests/test_auth_api_key_group.py
new file mode 100644
index 0000000000..75581bbf16
--- /dev/null
+++ b/auth_api_key_group/tests/test_auth_api_key_group.py
@@ -0,0 +1,46 @@
+# Copyright 2021 Camptcamp SA
+# @author: Simone Orsi <simone.orsi@camptocamp.com>
+# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
+
+
+from odoo.tests.common import TransactionCase
+
+
+class TestAuthApiKey(TransactionCase):
+    @classmethod
+    def setUpClass(cls, *args, **kwargs):
+        super().setUpClass(*args, **kwargs)
+        cls.AuthApiKey = cls.env["auth.api.key"]
+        cls.AuthApiKeyGroup = cls.env["auth.api.key.group"]
+        cls.demo_user = cls.env.ref("base.user_demo")
+        cls.api_key1 = cls.AuthApiKey.create(
+            {"name": "One", "user_id": cls.demo_user.id, "key": "one"}
+        )
+        cls.api_key2 = cls.AuthApiKey.create(
+            {"name": "Two", "user_id": cls.demo_user.id, "key": "two"}
+        )
+        cls.api_key3 = cls.AuthApiKey.create(
+            {"name": "Three", "user_id": cls.demo_user.id, "key": "three"}
+        )
+        cls.api_key_group1 = cls.AuthApiKeyGroup.create(
+            {
+                "name": "G One",
+                "code": "g-one",
+                "auth_api_key_ids": [(6, 0, (cls.api_key1 + cls.api_key2).ids)],
+            }
+        )
+        cls.api_key_group2 = cls.AuthApiKeyGroup.create(
+            {
+                "name": "G Two",
+                "code": "g-two",
+                "auth_api_key_ids": [(6, 0, cls.api_key3.ids)],
+            }
+        )
+
+    def test_relations(self):
+        self.assertIn(self.api_key_group1, self.api_key1.auth_api_key_group_ids)
+        self.assertIn(self.api_key_group1, self.api_key2.auth_api_key_group_ids)
+        self.assertNotIn(self.api_key_group1, self.api_key3.auth_api_key_group_ids)
+        self.assertIn(self.api_key_group2, self.api_key3.auth_api_key_group_ids)
+        self.assertNotIn(self.api_key_group2, self.api_key1.auth_api_key_group_ids)
+        self.assertNotIn(self.api_key_group2, self.api_key1.auth_api_key_group_ids)
diff --git a/auth_api_key_group/views/auth_api_key_group_view.xml b/auth_api_key_group/views/auth_api_key_group_view.xml
new file mode 100644
index 0000000000..267284d851
--- /dev/null
+++ b/auth_api_key_group/views/auth_api_key_group_view.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo>
+    <record model="ir.ui.view" id="auth_api_key_group_form_view">
+        <field name="name">auth.api.key.group.form (in auth_api_key_group)</field>
+        <field name="model">auth.api.key.group</field>
+        <field name="arch" type="xml">
+            <form>
+                <sheet>
+                    <label for="name" class="oe_edit_only" />
+                    <h1>
+                        <field name="name" class="oe_inline" />
+                    </h1>
+                    <group name="config" colspan="4" col="4">
+                        <field name="code" colspan="4" />
+                        <field name="auth_api_key_ids" colspan="4" />
+                    </group>
+                </sheet>
+            </form>
+        </field>
+    </record>
+    <record model="ir.ui.view" id="auth_api_key_group_tree_view">
+        <field name="name">auth.api.key.group.tree (in auth_api_key_group)</field>
+        <field name="model">auth.api.key.group</field>
+        <field name="arch" type="xml">
+            <tree>
+                <field name="name" />
+                <field name="code" />
+            </tree>
+        </field>
+    </record>
+    <record model="ir.actions.act_window" id="auth_api_key_group_act_window">
+        <field name="name">Auth Api Key Groups</field>
+        <field name="res_model">auth.api.key.group</field>
+        <field name="view_mode">tree,form</field>
+        <field name="domain">[]</field>
+        <field name="context">{}</field>
+    </record>
+    <record model="ir.ui.menu" id="auth_api_key_group_menu">
+        <field name="name">Auth Api Key Groups</field>
+        <field name="parent_id" ref="base.menu_custom" />
+        <field name="action" ref="auth_api_key_group_act_window" />
+        <field name="sequence" eval="100" />
+    </record>
+</odoo>
diff --git a/auth_api_key_group/views/auth_api_key_view.xml b/auth_api_key_group/views/auth_api_key_view.xml
new file mode 100644
index 0000000000..a7c7192f29
--- /dev/null
+++ b/auth_api_key_group/views/auth_api_key_view.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo>
+    <record model="ir.ui.view" id="auth_api_key_form_view">
+        <field name="model">auth.api.key</field>
+        <field name="inherit_id" ref="auth_api_key.auth_api_key_form_view" />
+        <field name="arch" type="xml">
+            <group name="config" position="inside">
+                <field name="auth_api_key_group_ids" colspan="4" />
+            </group>
+        </field>
+    </record>
+</odoo>
diff --git a/auth_api_key_server_env/i18n/it.po b/auth_api_key_server_env/i18n/it.po
index d89bdd12d3..35b514e0af 100644
--- a/auth_api_key_server_env/i18n/it.po
+++ b/auth_api_key_server_env/i18n/it.po
@@ -6,30 +6,32 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Odoo Server 16.0\n"
 "Report-Msgid-Bugs-To: \n"
-"Last-Translator: Automatically generated\n"
+"PO-Revision-Date: 2024-01-03 14:33+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: none\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
 
 #. module: auth_api_key_server_env
 #: model:ir.model,name:auth_api_key_server_env.model_auth_api_key
 msgid "API Key"
-msgstr ""
+msgstr "Chiave API"
 
 #. module: auth_api_key_server_env
 #: model:ir.model.fields,field_description:auth_api_key_server_env.field_auth_api_key__server_env_defaults
 msgid "Server Env Defaults"
-msgstr ""
+msgstr "Server ambiente predefinito"
 
 #. module: auth_api_key_server_env
 #: model:ir.model.fields,field_description:auth_api_key_server_env.field_auth_api_key__tech_name
 msgid "Tech Name"
-msgstr ""
+msgstr "Nome tecnico"
 
 #. module: auth_api_key_server_env
 #: model:ir.model.fields,help:auth_api_key_server_env.field_auth_api_key__tech_name
 msgid "Unique name for technical purposes. Eg: server env keys."
-msgstr ""
+msgstr "Nome univoco per motivi tecnici. Es: chiavi server ambiente."
diff --git a/auth_jwt/i18n/it.po b/auth_jwt/i18n/it.po
index 9336d05128..9d3c3da001 100644
--- a/auth_jwt/i18n/it.po
+++ b/auth_jwt/i18n/it.po
@@ -6,8 +6,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Odoo Server 16.0\n"
 "Report-Msgid-Bugs-To: \n"
-"PO-Revision-Date: 2023-12-15 13:34+0000\n"
-"Last-Translator: Riccardo Bellanova <bellanova@webmonks.it>\n"
+"PO-Revision-Date: 2024-01-29 11:35+0000\n"
+"Last-Translator: Francesco Foresti <francesco.foresti@ooops404.com>\n"
 "Language-Team: none\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
@@ -80,9 +80,8 @@ msgstr "Path cookie"
 
 #. module: auth_jwt
 #: model:ir.model.fields,field_description:auth_jwt.field_auth_jwt_validator__cookie_secure
-#, fuzzy
 msgid "Cookie Secure"
-msgstr "Cookie Secure"
+msgstr "Cookie secure"
 
 #. module: auth_jwt
 #: model:ir.model.fields,field_description:auth_jwt.field_auth_jwt_validator__create_uid
@@ -121,9 +120,8 @@ msgstr "ES512 - ECDSA usando SHA-512"
 
 #. module: auth_jwt
 #: model:ir.model.fields.selection,name:auth_jwt.selection__auth_jwt_validator__partner_id_strategy__email
-#, fuzzy
 msgid "From email claim"
-msgstr "Dalla richiesta email"
+msgstr "Da richiesta e-mail"
 
 #. module: auth_jwt
 #: model_terms:ir.ui.view,arch_db:auth_jwt.view_auth_jwt_validator_form
@@ -152,21 +150,18 @@ msgstr "Instradamento HTTP"
 
 #. module: auth_jwt
 #: model:ir.model.fields,field_description:auth_jwt.field_auth_jwt_validator__id
-#, fuzzy
 msgid "ID"
 msgstr "ID"
 
 #. module: auth_jwt
 #: model:ir.model.fields,field_description:auth_jwt.field_auth_jwt_validator__issuer
-#, fuzzy
 msgid "Issuer"
-msgstr "Issuer"
+msgstr "Segnalatore"
 
 #. module: auth_jwt
 #: model_terms:ir.ui.view,arch_db:auth_jwt.view_auth_jwt_validator_form
-#, fuzzy
 msgid "JWK URI"
-msgstr "JWK URI"
+msgstr "URI JWK"
 
 #. module: auth_jwt
 #: model:ir.model,name:auth_jwt.model_auth_jwt_validator
@@ -197,7 +192,7 @@ msgstr "Ultima modifica il"
 #. module: auth_jwt
 #: model:ir.model.fields,field_description:auth_jwt.field_auth_jwt_validator__write_uid
 msgid "Last Updated by"
-msgstr "Ultimo aggiornamento da"
+msgstr "Ultimo aggiornamento di"
 
 #. module: auth_jwt
 #: model:ir.model.fields,field_description:auth_jwt.field_auth_jwt_validator__write_date
@@ -248,7 +243,6 @@ msgstr "PS512 - RSASSA-PSS usando SHA-512 e padding MGF1 con SHA-512"
 
 #. module: auth_jwt
 #: model_terms:ir.ui.view,arch_db:auth_jwt.view_auth_jwt_validator_form
-#, fuzzy
 msgid "Partner"
 msgstr "Partner"
 
@@ -356,6 +350,5 @@ msgstr "I validatori non devono creare una catena chiusa: {}."
 
 #. module: auth_jwt
 #: model_terms:ir.ui.view,arch_db:auth_jwt.view_auth_jwt_validator_form
-#, fuzzy
 msgid "arch"
 msgstr "arch"
diff --git a/auth_jwt_server_env/i18n/it.po b/auth_jwt_server_env/i18n/it.po
index 3c74fdbbf2..5d664490e7 100644
--- a/auth_jwt_server_env/i18n/it.po
+++ b/auth_jwt_server_env/i18n/it.po
@@ -6,20 +6,22 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Odoo Server 16.0\n"
 "Report-Msgid-Bugs-To: \n"
-"Last-Translator: Automatically generated\n"
+"PO-Revision-Date: 2024-01-03 14:33+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: none\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
 
 #. module: auth_jwt_server_env
 #: model:ir.model,name:auth_jwt_server_env.model_auth_jwt_validator
 msgid "JWT Validator Configuration"
-msgstr ""
+msgstr "Configurazione validatore JWT"
 
 #. module: auth_jwt_server_env
 #: model:ir.model.fields,field_description:auth_jwt_server_env.field_auth_jwt_validator__server_env_defaults
 msgid "Server Env Defaults"
-msgstr ""
+msgstr "Server ambiente predefinito"
diff --git a/auth_oauth_multi_token/README.rst b/auth_oauth_multi_token/README.rst
new file mode 100644
index 0000000000..c7090d1287
--- /dev/null
+++ b/auth_oauth_multi_token/README.rst
@@ -0,0 +1,94 @@
+=================
+OAuth Multi Token
+=================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:5d69848be1a2005788b0912d52d59e788ed05ce24855822272fcdb20489ad6cc
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/16.0/auth_oauth_multi_token
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_oauth_multi_token
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=16.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module adds the possibility to connect with the same account
+on more than one device at the same time.
+
+All providers are supported (Google, Facebook, Odoo, etc).
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Usage
+=====
+
+Nothing changes on login action: just select your provider and try to log in.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_oauth_multi_token%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Florent de Labarre
+* Camptocamp
+
+Contributors
+~~~~~~~~~~~~
+
+* Florent de Labarre <florent.mirieu@gmail.com>
+* Simone Orsi <simone.orsi@camptocamp.com>
+* `Tecnativa <https://www.tecnativa.com/>`__:
+
+  * Jairo Llopis
+  * Sergio Teruel
+
+* Stéphane Bidoul <stephane.bidoul@acsone.eu>
+* Dan Tillinghast
+* Miku Laitinen
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/16.0/auth_oauth_multi_token>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/auth_oauth_multi_token/__init__.py b/auth_oauth_multi_token/__init__.py
new file mode 100644
index 0000000000..0650744f6b
--- /dev/null
+++ b/auth_oauth_multi_token/__init__.py
@@ -0,0 +1 @@
+from . import models
diff --git a/auth_oauth_multi_token/__manifest__.py b/auth_oauth_multi_token/__manifest__.py
new file mode 100644
index 0000000000..78c1b2fcdd
--- /dev/null
+++ b/auth_oauth_multi_token/__manifest__.py
@@ -0,0 +1,20 @@
+# Copyright 2016 Florent de Labarre
+# Copyright 2017 Camptocamp
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)
+
+{
+    "name": "OAuth Multi Token",
+    "version": "16.0.1.0.0",
+    "license": "AGPL-3",
+    "author": "Florent de Labarre, Camptocamp, Odoo Community Association (OCA)",
+    "summary": """Allow multiple connection with the same OAuth account""",
+    "category": "Tool",
+    "website": "https://github.com/OCA/server-auth",
+    "depends": ["auth_oauth"],
+    "data": [
+        "security/ir.model.access.csv",
+        "views/auth_oauth_multi_token.xml",
+        "views/res_users.xml",
+    ],
+    "installable": True,
+}
diff --git a/auth_oauth_multi_token/i18n/auth_oauth_multi_token.pot b/auth_oauth_multi_token/i18n/auth_oauth_multi_token.pot
new file mode 100644
index 0000000000..4dced6c5bc
--- /dev/null
+++ b/auth_oauth_multi_token/i18n/auth_oauth_multi_token.pot
@@ -0,0 +1,90 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* auth_oauth_multi_token
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: auth_oauth_multi_token
+#: model_terms:ir.ui.view,arch_db:auth_oauth_multi_token.view_users_form
+msgid "Clear Tokens"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__create_uid
+msgid "Created by"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__create_date
+msgid "Created on"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__display_name
+msgid "Display Name"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__id
+msgid "ID"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token____last_update
+msgid "Last Modified on"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__write_uid
+msgid "Last Updated by"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__write_date
+msgid "Last Updated on"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model_terms:ir.ui.view,arch_db:auth_oauth_multi_token.view_users_form
+msgid "Latest Tokens"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__oauth_master_uuid
+msgid "Master UUID"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__oauth_access_max_token
+msgid "Max Number of Simultaneous Connections"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__oauth_access_token
+msgid "OAuth Access Token"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__oauth_access_token_ids
+msgid "OAuth Tokens"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model,name:auth_oauth_multi_token.model_auth_oauth_multi_token
+msgid "OAuth2 Token"
+msgstr ""
+
+#. module: auth_oauth_multi_token
+#: model:ir.model,name:auth_oauth_multi_token.model_res_users
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__user_id
+msgid "User"
+msgstr ""
diff --git a/auth_oauth_multi_token/i18n/it.po b/auth_oauth_multi_token/i18n/it.po
new file mode 100644
index 0000000000..df18dd38a7
--- /dev/null
+++ b/auth_oauth_multi_token/i18n/it.po
@@ -0,0 +1,93 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* auth_oauth_multi_token
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"PO-Revision-Date: 2024-03-14 15:38+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
+"Language-Team: none\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
+
+#. module: auth_oauth_multi_token
+#: model_terms:ir.ui.view,arch_db:auth_oauth_multi_token.view_users_form
+msgid "Clear Tokens"
+msgstr "Pulisci token"
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__create_uid
+msgid "Created by"
+msgstr "Creato da"
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__create_date
+msgid "Created on"
+msgstr "Creato il"
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__display_name
+msgid "Display Name"
+msgstr "Nome visualizzato"
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__id
+msgid "ID"
+msgstr "ID"
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token____last_update
+msgid "Last Modified on"
+msgstr "Ultima modifica il"
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__write_uid
+msgid "Last Updated by"
+msgstr "Ultimo aggiornamento di"
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__write_date
+msgid "Last Updated on"
+msgstr "Ultimo aggiornamento il"
+
+#. module: auth_oauth_multi_token
+#: model_terms:ir.ui.view,arch_db:auth_oauth_multi_token.view_users_form
+msgid "Latest Tokens"
+msgstr "Ulrimi token"
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__oauth_master_uuid
+msgid "Master UUID"
+msgstr "UUID master"
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__oauth_access_max_token
+msgid "Max Number of Simultaneous Connections"
+msgstr "Numero massimo di connessioni simultanee"
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__oauth_access_token
+msgid "OAuth Access Token"
+msgstr "Token accesso OAuth"
+
+#. module: auth_oauth_multi_token
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_res_users__oauth_access_token_ids
+msgid "OAuth Tokens"
+msgstr "Token OAuth"
+
+#. module: auth_oauth_multi_token
+#: model:ir.model,name:auth_oauth_multi_token.model_auth_oauth_multi_token
+msgid "OAuth2 Token"
+msgstr "Token OAuth"
+
+#. module: auth_oauth_multi_token
+#: model:ir.model,name:auth_oauth_multi_token.model_res_users
+#: model:ir.model.fields,field_description:auth_oauth_multi_token.field_auth_oauth_multi_token__user_id
+msgid "User"
+msgstr "Utente"
diff --git a/auth_oauth_multi_token/models/__init__.py b/auth_oauth_multi_token/models/__init__.py
new file mode 100644
index 0000000000..eac3467aa9
--- /dev/null
+++ b/auth_oauth_multi_token/models/__init__.py
@@ -0,0 +1,2 @@
+from . import auth_oauth_multi_token
+from . import res_users
diff --git a/auth_oauth_multi_token/models/auth_oauth_multi_token.py b/auth_oauth_multi_token/models/auth_oauth_multi_token.py
new file mode 100644
index 0000000000..a1c11f04b8
--- /dev/null
+++ b/auth_oauth_multi_token/models/auth_oauth_multi_token.py
@@ -0,0 +1,54 @@
+# Copyright 2016 Florent de Labarre
+# Copyright 2017 Camptocamp
+# Copyright 2021 ACSONE SA/NV
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)
+
+from odoo import api, fields, models
+
+
+class AuthOauthMultiToken(models.Model):
+    """Define a set of tokens."""
+
+    _name = "auth.oauth.multi.token"
+    _description = "OAuth2 Token"
+    _order = "id desc"
+
+    oauth_access_token = fields.Char(
+        string="OAuth Access Token", readonly=True, copy=False
+    )
+    user_id = fields.Many2one(
+        comodel_name="res.users",
+        string="User",
+        required=True,
+        readonly=True,
+        index=True,
+        ondelete="cascade",
+    )
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        """Override to validate tokens."""
+        tokens = super().create(vals_list)
+        tokens._oauth_validate_multi_token()
+        return tokens
+
+    @api.model
+    def _oauth_user_tokens(self, user_id):
+        """Retrieve tokens for given user.
+
+        :param user_id: Odoo ID of the user
+        """
+        return self.search([("user_id", "=", user_id)])
+
+    def _oauth_validate_multi_token(self):
+        """Check current user's token and clear them if max number reached."""
+        for token in self:
+            user_tokens = self._oauth_user_tokens(token.user_id.id)
+            max_token = token.user_id.oauth_access_max_token
+            if user_tokens and len(user_tokens) > max_token:
+                # clear last token
+                user_tokens[max_token - 1]._oauth_clear_token()
+
+    def _oauth_clear_token(self):
+        """Disable current token records."""
+        self.unlink()
diff --git a/auth_oauth_multi_token/models/res_users.py b/auth_oauth_multi_token/models/res_users.py
new file mode 100644
index 0000000000..53c4bff115
--- /dev/null
+++ b/auth_oauth_multi_token/models/res_users.py
@@ -0,0 +1,83 @@
+# Copyright 2016 Florent de Labarre
+# Copyright 2017 Camptocamp
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)
+import uuid
+
+from odoo import api, exceptions, fields, models
+
+from odoo.addons import base
+
+base.models.res_users.USER_PRIVATE_FIELDS.append("oauth_master_uuid")
+
+
+class ResUsers(models.Model):
+    _inherit = "res.users"
+
+    def _generate_oauth_master_uuid(self):
+        return uuid.uuid4().hex
+
+    oauth_access_token_ids = fields.One2many(
+        comodel_name="auth.oauth.multi.token",
+        inverse_name="user_id",
+        string="OAuth Tokens",
+        copy=False,
+        readonly=True,
+        groups="base.group_system",
+    )
+    oauth_access_max_token = fields.Integer(
+        string="Max Number of Simultaneous Connections", default=10, required=True
+    )
+    oauth_master_uuid = fields.Char(
+        string="Master UUID",
+        copy=False,
+        readonly=True,
+        required=True,
+        default=lambda self: self._generate_oauth_master_uuid(),
+    )
+
+    @property
+    def multi_token_model(self):
+        return self.env["auth.oauth.multi.token"]
+
+    @api.model
+    def _auth_oauth_signin(self, provider, validation, params):
+        """Override to handle sign-in with multi token."""
+        res = super()._auth_oauth_signin(provider, validation, params)
+
+        oauth_uid = validation["user_id"]
+        # Lookup for user by oauth uid and provider
+        user = self.search(
+            [("oauth_uid", "=", oauth_uid), ("oauth_provider_id", "=", provider)]
+        )
+        if not user:
+            raise exceptions.AccessDenied()
+        user.ensure_one()
+        # user found and unique: create a token
+        self.multi_token_model.create(
+            {"user_id": user.id, "oauth_access_token": params["access_token"]}
+        )
+        return res
+
+    def action_oauth_clear_token(self):
+        """Inactivate current user tokens."""
+        self.mapped("oauth_access_token_ids")._oauth_clear_token()
+        for res in self:
+            res.oauth_access_token = False
+            res.oauth_master_uuid = self._generate_oauth_master_uuid()
+
+    @api.model
+    def _check_credentials(self, password, env):
+        """Override to check credentials against multi tokens."""
+        try:
+            return super()._check_credentials(password, env)
+        except exceptions.AccessDenied:
+            res = self.multi_token_model.sudo().search(
+                [("user_id", "=", self.env.uid), ("oauth_access_token", "=", password)]
+            )
+            if not res:
+                raise
+
+    def _get_session_token_fields(self):
+        res = super()._get_session_token_fields()
+        res.remove("oauth_access_token")
+        return res | {"oauth_master_uuid"}
diff --git a/auth_oauth_multi_token/readme/CONFIGURATION.rst b/auth_oauth_multi_token/readme/CONFIGURATION.rst
new file mode 100644
index 0000000000..a9542214e8
--- /dev/null
+++ b/auth_oauth_multi_token/readme/CONFIGURATION.rst
@@ -0,0 +1,5 @@
+On users' form you can set the number of maximum simultaneous connections.
+
+By default 10 connections are allowed.
+
+From there you can also clear / inactivate existing tokens.
diff --git a/auth_oauth_multi_token/readme/CONTRIBUTORS.rst b/auth_oauth_multi_token/readme/CONTRIBUTORS.rst
new file mode 100644
index 0000000000..59bc0837d2
--- /dev/null
+++ b/auth_oauth_multi_token/readme/CONTRIBUTORS.rst
@@ -0,0 +1,10 @@
+* Florent de Labarre <florent.mirieu@gmail.com>
+* Simone Orsi <simone.orsi@camptocamp.com>
+* `Tecnativa <https://www.tecnativa.com/>`__:
+
+  * Jairo Llopis
+  * Sergio Teruel
+
+* Stéphane Bidoul <stephane.bidoul@acsone.eu>
+* Dan Tillinghast
+* Miku Laitinen
diff --git a/auth_oauth_multi_token/readme/DESCRIPTION.rst b/auth_oauth_multi_token/readme/DESCRIPTION.rst
new file mode 100644
index 0000000000..2a1cb15f8a
--- /dev/null
+++ b/auth_oauth_multi_token/readme/DESCRIPTION.rst
@@ -0,0 +1,4 @@
+This module adds the possibility to connect with the same account
+on more than one device at the same time.
+
+All providers are supported (Google, Facebook, Odoo, etc).
diff --git a/auth_oauth_multi_token/readme/USAGE.rst b/auth_oauth_multi_token/readme/USAGE.rst
new file mode 100644
index 0000000000..7d01facaa8
--- /dev/null
+++ b/auth_oauth_multi_token/readme/USAGE.rst
@@ -0,0 +1 @@
+Nothing changes on login action: just select your provider and try to log in.
diff --git a/auth_oauth_multi_token/security/ir.model.access.csv b/auth_oauth_multi_token/security/ir.model.access.csv
new file mode 100644
index 0000000000..4c0a15f46d
--- /dev/null
+++ b/auth_oauth_multi_token/security/ir.model.access.csv
@@ -0,0 +1,2 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_auth_oauth_multi_token_admin,auth_oauth_multi_token admin,model_auth_oauth_multi_token,base.group_system,1,1,1,1
diff --git a/auth_oauth_multi_token/static/description/icon.png b/auth_oauth_multi_token/static/description/icon.png
new file mode 100644
index 0000000000..3a0328b516
Binary files /dev/null and b/auth_oauth_multi_token/static/description/icon.png differ
diff --git a/auth_oauth_multi_token/static/description/index.html b/auth_oauth_multi_token/static/description/index.html
new file mode 100644
index 0000000000..836e8b8f60
--- /dev/null
+++ b/auth_oauth_multi_token/static/description/index.html
@@ -0,0 +1,437 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<meta name="generator" content="Docutils: https://docutils.sourceforge.io/" />
+<title>OAuth Multi Token</title>
+<style type="text/css">
+
+/*
+:Author: David Goodger (goodger@python.org)
+:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
+:Copyright: This stylesheet has been placed in the public domain.
+
+Default cascading style sheet for the HTML output of Docutils.
+
+See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
+customize this style sheet.
+*/
+
+/* used to remove borders from tables and images */
+.borderless, table.borderless td, table.borderless th {
+  border: 0 }
+
+table.borderless td, table.borderless th {
+  /* Override padding for "table.docutils td" with "! important".
+     The right padding separates the table cells. */
+  padding: 0 0.5em 0 0 ! important }
+
+.first {
+  /* Override more specific margin styles with "! important". */
+  margin-top: 0 ! important }
+
+.last, .with-subtitle {
+  margin-bottom: 0 ! important }
+
+.hidden {
+  display: none }
+
+.subscript {
+  vertical-align: sub;
+  font-size: smaller }
+
+.superscript {
+  vertical-align: super;
+  font-size: smaller }
+
+a.toc-backref {
+  text-decoration: none ;
+  color: black }
+
+blockquote.epigraph {
+  margin: 2em 5em ; }
+
+dl.docutils dd {
+  margin-bottom: 0.5em }
+
+object[type="image/svg+xml"], object[type="application/x-shockwave-flash"] {
+  overflow: hidden;
+}
+
+/* Uncomment (and remove this text!) to get bold-faced definition list terms
+dl.docutils dt {
+  font-weight: bold }
+*/
+
+div.abstract {
+  margin: 2em 5em }
+
+div.abstract p.topic-title {
+  font-weight: bold ;
+  text-align: center }
+
+div.admonition, div.attention, div.caution, div.danger, div.error,
+div.hint, div.important, div.note, div.tip, div.warning {
+  margin: 2em ;
+  border: medium outset ;
+  padding: 1em }
+
+div.admonition p.admonition-title, div.hint p.admonition-title,
+div.important p.admonition-title, div.note p.admonition-title,
+div.tip p.admonition-title {
+  font-weight: bold ;
+  font-family: sans-serif }
+
+div.attention p.admonition-title, div.caution p.admonition-title,
+div.danger p.admonition-title, div.error p.admonition-title,
+div.warning p.admonition-title, .code .error {
+  color: red ;
+  font-weight: bold ;
+  font-family: sans-serif }
+
+/* Uncomment (and remove this text!) to get reduced vertical space in
+   compound paragraphs.
+div.compound .compound-first, div.compound .compound-middle {
+  margin-bottom: 0.5em }
+
+div.compound .compound-last, div.compound .compound-middle {
+  margin-top: 0.5em }
+*/
+
+div.dedication {
+  margin: 2em 5em ;
+  text-align: center ;
+  font-style: italic }
+
+div.dedication p.topic-title {
+  font-weight: bold ;
+  font-style: normal }
+
+div.figure {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+div.footer, div.header {
+  clear: both;
+  font-size: smaller }
+
+div.line-block {
+  display: block ;
+  margin-top: 1em ;
+  margin-bottom: 1em }
+
+div.line-block div.line-block {
+  margin-top: 0 ;
+  margin-bottom: 0 ;
+  margin-left: 1.5em }
+
+div.sidebar {
+  margin: 0 0 0.5em 1em ;
+  border: medium outset ;
+  padding: 1em ;
+  background-color: #ffffee ;
+  width: 40% ;
+  float: right ;
+  clear: right }
+
+div.sidebar p.rubric {
+  font-family: sans-serif ;
+  font-size: medium }
+
+div.system-messages {
+  margin: 5em }
+
+div.system-messages h1 {
+  color: red }
+
+div.system-message {
+  border: medium outset ;
+  padding: 1em }
+
+div.system-message p.system-message-title {
+  color: red ;
+  font-weight: bold }
+
+div.topic {
+  margin: 2em }
+
+h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
+h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
+  margin-top: 0.4em }
+
+h1.title {
+  text-align: center }
+
+h2.subtitle {
+  text-align: center }
+
+hr.docutils {
+  width: 75% }
+
+img.align-left, .figure.align-left, object.align-left, table.align-left {
+  clear: left ;
+  float: left ;
+  margin-right: 1em }
+
+img.align-right, .figure.align-right, object.align-right, table.align-right {
+  clear: right ;
+  float: right ;
+  margin-left: 1em }
+
+img.align-center, .figure.align-center, object.align-center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+table.align-center {
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.align-left {
+  text-align: left }
+
+.align-center {
+  clear: both ;
+  text-align: center }
+
+.align-right {
+  text-align: right }
+
+/* reset inner alignment in figures */
+div.align-right {
+  text-align: inherit }
+
+/* div.align-center * { */
+/*   text-align: left } */
+
+.align-top    {
+  vertical-align: top }
+
+.align-middle {
+  vertical-align: middle }
+
+.align-bottom {
+  vertical-align: bottom }
+
+ol.simple, ul.simple {
+  margin-bottom: 1em }
+
+ol.arabic {
+  list-style: decimal }
+
+ol.loweralpha {
+  list-style: lower-alpha }
+
+ol.upperalpha {
+  list-style: upper-alpha }
+
+ol.lowerroman {
+  list-style: lower-roman }
+
+ol.upperroman {
+  list-style: upper-roman }
+
+p.attribution {
+  text-align: right ;
+  margin-left: 50% }
+
+p.caption {
+  font-style: italic }
+
+p.credits {
+  font-style: italic ;
+  font-size: smaller }
+
+p.label {
+  white-space: nowrap }
+
+p.rubric {
+  font-weight: bold ;
+  font-size: larger ;
+  color: maroon ;
+  text-align: center }
+
+p.sidebar-title {
+  font-family: sans-serif ;
+  font-weight: bold ;
+  font-size: larger }
+
+p.sidebar-subtitle {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+p.topic-title {
+  font-weight: bold }
+
+pre.address {
+  margin-bottom: 0 ;
+  margin-top: 0 ;
+  font: inherit }
+
+pre.literal-block, pre.doctest-block, pre.math, pre.code {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+pre.code .ln { color: grey; } /* line numbers */
+pre.code, code { background-color: #eeeeee }
+pre.code .comment, code .comment { color: #5C6576 }
+pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
+pre.code .literal.string, code .literal.string { color: #0C5404 }
+pre.code .name.builtin, code .name.builtin { color: #352B84 }
+pre.code .deleted, code .deleted { background-color: #DEB0A1}
+pre.code .inserted, code .inserted { background-color: #A3D289}
+
+span.classifier {
+  font-family: sans-serif ;
+  font-style: oblique }
+
+span.classifier-delimiter {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+span.interpreted {
+  font-family: sans-serif }
+
+span.option {
+  white-space: nowrap }
+
+span.pre {
+  white-space: pre }
+
+span.problematic {
+  color: red }
+
+span.section-subtitle {
+  /* font-size relative to parent (h1..h6 element) */
+  font-size: 80% }
+
+table.citation {
+  border-left: solid 1px gray;
+  margin-left: 1px }
+
+table.docinfo {
+  margin: 2em 4em }
+
+table.docutils {
+  margin-top: 0.5em ;
+  margin-bottom: 0.5em }
+
+table.footnote {
+  border-left: solid 1px black;
+  margin-left: 1px }
+
+table.docutils td, table.docutils th,
+table.docinfo td, table.docinfo th {
+  padding-left: 0.5em ;
+  padding-right: 0.5em ;
+  vertical-align: top }
+
+table.docutils th.field-name, table.docinfo th.docinfo-name {
+  font-weight: bold ;
+  text-align: left ;
+  white-space: nowrap ;
+  padding-left: 0 }
+
+/* "booktabs" style (no vertical lines) */
+table.docutils.booktabs {
+  border: 0px;
+  border-top: 2px solid;
+  border-bottom: 2px solid;
+  border-collapse: collapse;
+}
+table.docutils.booktabs * {
+  border: 0px;
+}
+table.docutils.booktabs th {
+  border-bottom: thin solid;
+  text-align: left;
+}
+
+h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
+h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
+  font-size: 100% }
+
+ul.auto-toc {
+  list-style-type: none }
+
+</style>
+</head>
+<body>
+<div class="document" id="oauth-multi-token">
+<h1 class="title">OAuth Multi Token</h1>
+
+<!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! This file is generated by oca-gen-addon-readme !!
+!! changes will be overwritten.                   !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! source digest: sha256:5d69848be1a2005788b0912d52d59e788ed05ce24855822272fcdb20489ad6cc
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/16.0/auth_oauth_multi_token"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_oauth_multi_token"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
+<p>This module adds the possibility to connect with the same account
+on more than one device at the same time.</p>
+<p>All providers are supported (Google, Facebook, Odoo, etc).</p>
+<p><strong>Table of contents</strong></p>
+<div class="contents local topic" id="contents">
+<ul class="simple">
+<li><a class="reference internal" href="#usage" id="toc-entry-1">Usage</a></li>
+<li><a class="reference internal" href="#bug-tracker" id="toc-entry-2">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="toc-entry-3">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="toc-entry-4">Authors</a></li>
+<li><a class="reference internal" href="#contributors" id="toc-entry-5">Contributors</a></li>
+<li><a class="reference internal" href="#maintainers" id="toc-entry-6">Maintainers</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="section" id="usage">
+<h1><a class="toc-backref" href="#toc-entry-1">Usage</a></h1>
+<p>Nothing changes on login action: just select your provider and try to log in.</p>
+</div>
+<div class="section" id="bug-tracker">
+<h1><a class="toc-backref" href="#toc-entry-2">Bug Tracker</a></h1>
+<p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/server-auth/issues">GitHub Issues</a>.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+<a class="reference external" href="https://github.com/OCA/server-auth/issues/new?body=module:%20auth_oauth_multi_token%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+<p>Do not contact contributors directly about support or help with technical issues.</p>
+</div>
+<div class="section" id="credits">
+<h1><a class="toc-backref" href="#toc-entry-3">Credits</a></h1>
+<div class="section" id="authors">
+<h2><a class="toc-backref" href="#toc-entry-4">Authors</a></h2>
+<ul class="simple">
+<li>Florent de Labarre</li>
+<li>Camptocamp</li>
+</ul>
+</div>
+<div class="section" id="contributors">
+<h2><a class="toc-backref" href="#toc-entry-5">Contributors</a></h2>
+<ul class="simple">
+<li>Florent de Labarre &lt;<a class="reference external" href="mailto:florent.mirieu&#64;gmail.com">florent.mirieu&#64;gmail.com</a>&gt;</li>
+<li>Simone Orsi &lt;<a class="reference external" href="mailto:simone.orsi&#64;camptocamp.com">simone.orsi&#64;camptocamp.com</a>&gt;</li>
+<li><a class="reference external" href="https://www.tecnativa.com/">Tecnativa</a>:<ul>
+<li>Jairo Llopis</li>
+<li>Sergio Teruel</li>
+</ul>
+</li>
+<li>Stéphane Bidoul &lt;<a class="reference external" href="mailto:stephane.bidoul&#64;acsone.eu">stephane.bidoul&#64;acsone.eu</a>&gt;</li>
+<li>Dan Tillinghast</li>
+<li>Miku Laitinen</li>
+</ul>
+</div>
+<div class="section" id="maintainers">
+<h2><a class="toc-backref" href="#toc-entry-6">Maintainers</a></h2>
+<p>This module is maintained by the OCA.</p>
+<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
+<p>OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.</p>
+<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-auth/tree/16.0/auth_oauth_multi_token">OCA/server-auth</a> project on GitHub.</p>
+<p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
+</div>
+</div>
+</div>
+</body>
+</html>
diff --git a/auth_oauth_multi_token/tests/__init__.py b/auth_oauth_multi_token/tests/__init__.py
new file mode 100644
index 0000000000..fb016763d8
--- /dev/null
+++ b/auth_oauth_multi_token/tests/__init__.py
@@ -0,0 +1 @@
+from . import test_multi_token
diff --git a/auth_oauth_multi_token/tests/test_multi_token.py b/auth_oauth_multi_token/tests/test_multi_token.py
new file mode 100644
index 0000000000..f63affd9b8
--- /dev/null
+++ b/auth_oauth_multi_token/tests/test_multi_token.py
@@ -0,0 +1,91 @@
+# Copyright 2017 Camptocamp
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)
+
+import json
+
+from odoo import exceptions
+from odoo.tests.common import TransactionCase
+
+
+class TestMultiToken(TransactionCase):
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.token_model = cls.env["auth.oauth.multi.token"]
+        cls.provider_google = cls.env.ref("auth_oauth.provider_google")
+        cls.user_model = cls.env["res.users"].with_context(
+            tracking_disable=True, no_reset_password=True
+        )
+        cls.user = cls.user_model.create(
+            {
+                "name": "John Doe",
+                "login": "johndoe",
+                "oauth_uid": "oauth_uid_johndoe",
+                "oauth_provider_id": cls.provider_google.id,
+            }
+        )
+
+    def _fake_params(self, **kw):
+        params = {
+            "state": json.dumps({"t": "FAKE_TOKEN"}),
+            "access_token": "FAKE_ACCESS_TOKEN",
+        }
+        params.update(kw)
+        return params
+
+    def test_no_provider_no_access(self):
+        validation = {
+            "user_id": "oauth_uid_no_one",
+        }
+        params = self._fake_params()
+        with self.assertRaises(exceptions.AccessDenied):
+            self.user_model._auth_oauth_signin(
+                self.provider_google.id, validation, params
+            )
+
+    def _test_one_token(self):
+        validation = {
+            "user_id": "oauth_uid_johndoe",
+        }
+        params = self._fake_params()
+        login = self.user_model._auth_oauth_signin(
+            self.provider_google.id, validation, params
+        )
+        self.assertEqual(login, "johndoe")
+
+    def test_access_one_token(self):
+        # no token yet
+        self.assertFalse(self.user.oauth_access_token_ids)
+        self._test_one_token()
+        token_count = 1
+        self.assertEqual(len(self.user.oauth_access_token_ids), token_count)
+        self.assertEqual(
+            len(self.token_model._oauth_user_tokens(self.user.id)), token_count
+        )
+
+    def test_access_multi_token(self):
+        # no token yet
+        self.assertFalse(self.user.oauth_access_token_ids)
+        # use as many token as max allowed
+        for token_count in range(1, self.user.oauth_access_max_token + 1):
+            self._test_one_token()
+            self.assertEqual(len(self.user.oauth_access_token_ids), token_count)
+            self.assertEqual(
+                len(self.token_model._oauth_user_tokens(self.user.id)), token_count
+            )
+        # exceed the number
+        self._test_one_token()
+        # token count does not exceed max number
+        self.assertEqual(
+            len(self.user.oauth_access_token_ids), self.user.oauth_access_max_token
+        )
+
+    def test_remove_oauth_access_token(self):
+        res = self.user._get_session_token_fields()
+        self.assertFalse("oauth_access_token" in res)
+        self.assertTrue("oauth_master_uuid" in res)
+
+    def test_action_oauth_clear_token(self):
+        self.user.action_oauth_clear_token()
+        active_token = self.user.oauth_access_token_ids
+        self.assertEqual(len(active_token), 0)
diff --git a/auth_oauth_multi_token/views/auth_oauth_multi_token.xml b/auth_oauth_multi_token/views/auth_oauth_multi_token.xml
new file mode 100644
index 0000000000..7c67b8ea2b
--- /dev/null
+++ b/auth_oauth_multi_token/views/auth_oauth_multi_token.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo>
+    <record id="view_auth_oauth_multi_token_form" model="ir.ui.view">
+        <field name="name">auth_oauth_multi_token form</field>
+        <field name="model">auth.oauth.multi.token</field>
+        <field name="type">form</field>
+        <field name="arch" type="xml">
+            <form>
+                <sheet>
+                    <group name="main">
+                        <field name="create_date" />
+                        <field name="oauth_access_token" />
+                        <field name="user_id" />
+                    </group>
+                </sheet>
+            </form>
+        </field>
+    </record>
+</odoo>
diff --git a/auth_oauth_multi_token/views/res_users.xml b/auth_oauth_multi_token/views/res_users.xml
new file mode 100644
index 0000000000..4fb146d97c
--- /dev/null
+++ b/auth_oauth_multi_token/views/res_users.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo>
+    <record id="view_users_form" model="ir.ui.view">
+        <field name="name">auth_oauth_multi_token user form</field>
+        <field name="model">res.users</field>
+        <field name="type">form</field>
+        <field name="inherit_id" ref="auth_oauth.view_users_form" />
+        <field name="arch" type="xml">
+            <field name="oauth_uid" position="after">
+                <field name="oauth_access_max_token" />
+            </field>
+            <xpath expr="//field[@name='oauth_provider_id']/.." position="after">
+                <group name="multi_token_info" string="Latest Tokens">
+                    <label for="oauth_access_token_ids" />
+                    <field
+                        name="oauth_access_token_ids"
+                        nolabel="1"
+                        options="{'no_create': True, 'no_open': True}"
+                    >
+                        <tree limit="10">
+                            <field name="create_date" />
+                        </tree>
+                    </field>
+                    <button
+                        string="Clear Tokens"
+                        type="object"
+                        name="action_oauth_clear_token"
+                        class="oe_highlight"
+                    />
+                </group>
+            </xpath>
+        </field>
+    </record>
+</odoo>
diff --git a/auth_oauth_ropc/i18n/it.po b/auth_oauth_ropc/i18n/it.po
index e5c7b26f73..2db10f21a6 100644
--- a/auth_oauth_ropc/i18n/it.po
+++ b/auth_oauth_ropc/i18n/it.po
@@ -6,103 +6,105 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Odoo Server 16.0\n"
 "Report-Msgid-Bugs-To: \n"
-"Last-Translator: Automatically generated\n"
+"PO-Revision-Date: 2024-01-05 10:34+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: none\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
 
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider__active
 msgid "Active"
-msgstr ""
+msgstr "Attivo"
 
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider__auth_endpoint
 msgid "Authorization URL"
-msgstr ""
+msgstr "URL autorizzazione"
 
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider__client_id
 msgid "Client ID"
-msgstr ""
+msgstr "ID client"
 
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider__client_secret
 msgid "Client Secret"
-msgstr ""
+msgstr "Chiave segreta client"
 
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider__create_uid
 msgid "Created by"
-msgstr ""
+msgstr "Creato da"
 
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider__create_date
 msgid "Created on"
-msgstr ""
+msgstr "Creato il"
 
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider__display_name
 msgid "Display Name"
-msgstr ""
+msgstr "Nome visualizzato"
 
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider__id
 msgid "ID"
-msgstr ""
+msgstr "ID"
 
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider____last_update
 msgid "Last Modified on"
-msgstr ""
+msgstr "Ultima modifica il"
 
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider__write_uid
 msgid "Last Updated by"
-msgstr ""
+msgstr "Ultimo aggiornamento di"
 
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider__write_date
 msgid "Last Updated on"
-msgstr ""
+msgstr "Ultimo aggiornamento il"
 
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider__name
 msgid "Name"
-msgstr ""
+msgstr "Nome"
 
 #. module: auth_oauth_ropc
 #: model:ir.model,name:auth_oauth_ropc.model_oauth_ropc_provider
 msgid "OAuth ROPC Provider"
-msgstr ""
+msgstr "Provider ROPC OAuth"
 
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider__resource
 msgid "Resource"
-msgstr ""
+msgstr "Risorsa"
 
 #. module: auth_oauth_ropc
 #: model:ir.model.fields,field_description:auth_oauth_ropc.field_oauth_ropc_provider__scope
 msgid "Scope"
-msgstr ""
+msgstr "Ambito"
 
 #. module: auth_oauth_ropc
 #: model:ir.model,name:auth_oauth_ropc.model_res_users
 msgid "User"
-msgstr ""
+msgstr "Utente"
 
 #. module: auth_oauth_ropc
 #. odoo-python
 #: code:addons/auth_oauth_ropc/models/oauth_ropc_provider.py:0
 #, python-format
 msgid "You can define only one active provider"
-msgstr ""
+msgstr "Si può definire attivo un solo provider"
 
 #. module: auth_oauth_ropc
 #: model:ir.actions.act_window,name:auth_oauth_ropc.oauth_ropc_provider_act_window
 #: model:ir.ui.menu,name:auth_oauth_ropc.oauth_ropc_provider_menu
 msgid "oauth ROPC Providers"
-msgstr ""
+msgstr "Provider ROPC OAuth"
diff --git a/auth_oidc/README.rst b/auth_oidc/README.rst
index 5d551ee657..ac51aa7f47 100644
--- a/auth_oidc/README.rst
+++ b/auth_oidc/README.rst
@@ -7,7 +7,7 @@ Authentication OpenID Connect
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:a54c4126f9873d2af17b9228f9afa844806a2541b42dc7945ec41be08379a915
+   !! source digest: sha256:ede04e51899d4490eb4be0352376feb7833ba8d0546f36fea929c28a99a96d22
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
@@ -143,6 +143,31 @@ Known issues / Roadmap
 Changelog
 =========
 
+16.0.1.1.0 2024-02-28
+---------------------
+
+-  Forward port OpenID Connect fixes from 15.0 to 16.0
+
+16.0.1.0.2 2023-11-16
+---------------------
+
+-  Readme link updates
+
+16.0.1.0.1 2023-10-09
+---------------------
+
+-  Add AzureAD code flow provider
+
+16.0.1.0.0 2023-01-27
+---------------------
+
+-  Odoo 16 migration
+
+15.0.1.0.0 2023-01-06
+---------------------
+
+-  Odoo 15 migration
+
 14.0.1.0.0 2021-12-10
 ---------------------
 
@@ -184,6 +209,7 @@ Contributors
 -  Alexandre Fayolle <alexandre.fayolle@camptocamp.com>
 -  Stéphane Bidoul <stephane.bidoul@acsone.eu>
 -  David Jaen <david.jaen.revert@gmail.com>
+-  Andreas Perhab <andreas.perhab@wt-io-it.at>
 
 Maintainers
 -----------
diff --git a/auth_oidc/__manifest__.py b/auth_oidc/__manifest__.py
index 4e855e6f73..be60eba9f8 100644
--- a/auth_oidc/__manifest__.py
+++ b/auth_oidc/__manifest__.py
@@ -4,7 +4,7 @@
 
 {
     "name": "Authentication OpenID Connect",
-    "version": "16.0.1.0.2",
+    "version": "16.0.1.1.1",
     "license": "AGPL-3",
     "author": (
         "ICTSTUDIO, André Schenkels, "
diff --git a/auth_oidc/i18n/it.po b/auth_oidc/i18n/it.po
index 5177448957..e4f38a45a8 100644
--- a/auth_oidc/i18n/it.po
+++ b/auth_oidc/i18n/it.po
@@ -6,69 +6,71 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Odoo Server 16.0\n"
 "Report-Msgid-Bugs-To: \n"
-"Last-Translator: Automatically generated\n"
+"PO-Revision-Date: 2024-01-05 10:34+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: none\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
 
 #. module: auth_oidc
 #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__flow
 msgid "Auth Flow"
-msgstr ""
+msgstr "Flusso atorizzazione"
 
 #. module: auth_oidc
 #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__client_secret
 msgid "Client Secret"
-msgstr ""
+msgstr "Chiave segreta client"
 
 #. module: auth_oidc
 #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__code_verifier
 msgid "Code Verifier"
-msgstr ""
+msgstr "Verificatore codice"
 
 #. module: auth_oidc
 #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__jwks_uri
 msgid "JWKS URL"
-msgstr ""
+msgstr "URL JWKS"
 
 #. module: auth_oidc
 #: model:auth.oauth.provider,body:auth_oidc.provider_azuread_multi
 #: model:auth.oauth.provider,body:auth_oidc.provider_azuread_single
 msgid "Log in with Microsoft"
-msgstr ""
+msgstr "Accedi con Mcrosoft"
 
 #. module: auth_oidc
 #: model:ir.model.fields.selection,name:auth_oidc.selection__auth_oauth_provider__flow__access_token
 msgid "OAuth2"
-msgstr ""
+msgstr "OAuth2"
 
 #. module: auth_oidc
 #: model:ir.model,name:auth_oidc.model_auth_oauth_provider
 msgid "OAuth2 provider"
-msgstr ""
+msgstr "Provider OAuth2"
 
 #. module: auth_oidc
 #: model:ir.model.fields.selection,name:auth_oidc.selection__auth_oauth_provider__flow__id_token_code
 msgid "OpenID Connect (authorization code flow)"
-msgstr ""
+msgstr "OpenID Connect (flusso codice autorizzazione)"
 
 #. module: auth_oidc
 #: model:ir.model.fields.selection,name:auth_oidc.selection__auth_oauth_provider__flow__id_token
 msgid "OpenID Connect (implicit flow, not recommended)"
-msgstr ""
+msgstr "OpenID Connect (flusso implicito, non raccomandato)"
 
 #. module: auth_oidc
 #: model:ir.model.fields,help:auth_oidc.field_auth_oauth_provider__token_endpoint
 msgid "Required for OpenID Connect authorization code flow."
-msgstr ""
+msgstr "Richiesto per flusso codice atorizzazione OpenID Connect."
 
 #. module: auth_oidc
 #: model:ir.model.fields,help:auth_oidc.field_auth_oauth_provider__jwks_uri
 msgid "Required for OpenID Connect."
-msgstr ""
+msgstr "Richiesto per OpenID Connect."
 
 #. module: auth_oidc
 #: model:ir.model.fields,help:auth_oidc.field_auth_oauth_provider__token_map
@@ -77,44 +79,49 @@ msgid ""
 "  It is important to ensure user_id and email at least are mapped. For "
 "OpenID Connect user_id is the sub key in the standard."
 msgstr ""
+"Alcuni Provider Oauth non mappano le chiavi nelle loro risposte esattamente "
+"come richiesto.   È importante assicurare che almeno user_id ed e-mail siano "
+"mappati. Per OpenID Connect user_id è la sotto-chiave nello standard."
 
 #. module: auth_oidc
 #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__token_map
 msgid "Token Map"
-msgstr ""
+msgstr "Mappa token"
 
 #. module: auth_oidc
 #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__token_endpoint
 msgid "Token URL"
-msgstr ""
+msgstr "URL token"
 
 #. module: auth_oidc
 #: model:ir.model.fields,help:auth_oidc.field_auth_oauth_provider__code_verifier
 msgid "Used for PKCE."
-msgstr ""
+msgstr "Utilizzato per PKCE."
 
 #. module: auth_oidc
 #: model:ir.model.fields,help:auth_oidc.field_auth_oauth_provider__client_secret
 msgid ""
 "Used in OpenID Connect authorization code flow for confidential clients."
 msgstr ""
+"Utilizzato nel flusso codice autorizzazione OpenID Connect per client "
+"riservati."
 
 #. module: auth_oidc
 #: model:ir.model,name:auth_oidc.model_res_users
 msgid "User"
-msgstr ""
+msgstr "Utente"
 
 #. module: auth_oidc
 #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__validation_endpoint
 msgid "UserInfo URL"
-msgstr ""
+msgstr "URL info utente"
 
 #. module: auth_oidc
 #: model_terms:ir.ui.view,arch_db:auth_oidc.view_oidc_provider_form
 msgid "e.g from:to upn:email sub:user_id"
-msgstr ""
+msgstr "es. from:to upn:email sub:user_id"
 
 #. module: auth_oidc
 #: model:auth.oauth.provider,body:auth_oidc.local_keycloak
 msgid "keycloak:8080 on localhost"
-msgstr ""
+msgstr "keycloak:8080 su localhost"
diff --git a/auth_oidc/models/auth_oauth_provider.py b/auth_oidc/models/auth_oauth_provider.py
index b969fa3e8d..39935cf927 100644
--- a/auth_oidc/models/auth_oauth_provider.py
+++ b/auth_oidc/models/auth_oauth_provider.py
@@ -11,6 +11,7 @@
 
 try:
     from jose import jwt
+    from jose.exceptions import JWSError, JWTError
 except ImportError:
     logging.getLogger(__name__).debug("jose library not installed")
 
@@ -47,14 +48,18 @@ class AuthOauthProvider(models.Model):
     jwks_uri = fields.Char(string="JWKS URL", help="Required for OpenID Connect.")
 
     @tools.ormcache("self.jwks_uri", "kid")
-    def _get_key(self, kid):
+    def _get_keys(self, kid):
         r = requests.get(self.jwks_uri, timeout=10)
         r.raise_for_status()
         response = r.json()
-        for key in response["keys"]:
-            if key["kid"] == kid:
-                return key
-        return {}
+        # the keys returned here should follow
+        # JWS Notes on Key Selection
+        # https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-signature#appendix-D
+        return [
+            key
+            for key in response["keys"]
+            if kid is None or key.get("kid", None) == kid
+        ]
 
     def _map_token_values(self, res):
         if self.token_map:
@@ -68,15 +73,34 @@ def _parse_id_token(self, id_token, access_token):
         self.ensure_one()
         res = {}
         header = jwt.get_unverified_header(id_token)
-        res.update(
-            jwt.decode(
-                id_token,
-                self._get_key(header.get("kid")),
-                algorithms=["RS256"],
-                audience=self.client_id,
-                access_token=access_token,
-            )
-        )
-
+        res.update(self._decode_id_token(access_token, id_token, header.get("kid")))
         res.update(self._map_token_values(res))
         return res
+
+    def _decode_id_token(self, access_token, id_token, kid):
+        keys = self._get_keys(kid)
+        if len(keys) > 1 and kid is None:
+            # https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.10.1
+            # If there are multiple keys in the referenced JWK Set document, a kid
+            # value MUST be provided in the JOSE Header.
+            raise JWTError(
+                "OpenID Connect requires kid to be set if there is more"
+                " than one key in the JWKS"
+            )
+        error = None
+        # we accept multiple keys with the same kid in case a key gets rotated.
+        for key in keys:
+            try:
+                values = jwt.decode(
+                    id_token,
+                    key,
+                    algorithms=["RS256"],
+                    audience=self.client_id,
+                    access_token=access_token,
+                )
+                return values
+            except (JWTError, JWSError) as e:
+                error = e
+        if error:
+            raise error
+        return {}
diff --git a/auth_oidc/models/res_users.py b/auth_oidc/models/res_users.py
index a1be73ec88..29e7f6ee4d 100644
--- a/auth_oidc/models/res_users.py
+++ b/auth_oidc/models/res_users.py
@@ -65,7 +65,12 @@ def auth_oauth(self, provider, params):
             raise AccessDenied()
         validation = oauth_provider._parse_id_token(id_token, access_token)
         # required check
-        if not validation.get("user_id"):
+        if "sub" in validation and "user_id" not in validation:
+            # set user_id for auth_oauth, user_id is not an OpenID Connect standard
+            # claim:
+            # https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
+            validation["user_id"] = validation["sub"]
+        elif not validation.get("user_id"):
             _logger.error("user_id claim not found in id_token (after mapping).")
             raise AccessDenied()
         # retrieve and sign in user
diff --git a/auth_oidc/readme/CONTRIBUTORS.md b/auth_oidc/readme/CONTRIBUTORS.md
index 5663785334..8bdbc1daa2 100644
--- a/auth_oidc/readme/CONTRIBUTORS.md
+++ b/auth_oidc/readme/CONTRIBUTORS.md
@@ -1,3 +1,4 @@
 - Alexandre Fayolle \<<alexandre.fayolle@camptocamp.com>\>
 - Stéphane Bidoul \<<stephane.bidoul@acsone.eu>\>
 - David Jaen \<<david.jaen.revert@gmail.com>\>
+- Andreas Perhab \<<andreas.perhab@wt-io-it.at>\>
diff --git a/auth_oidc/readme/HISTORY.md b/auth_oidc/readme/HISTORY.md
index 98e99203b8..0e26e3a694 100644
--- a/auth_oidc/readme/HISTORY.md
+++ b/auth_oidc/readme/HISTORY.md
@@ -1,3 +1,23 @@
+## 16.0.1.1.0 2024-02-28
+
+- Forward port OpenID Connect fixes from 15.0 to 16.0
+
+## 16.0.1.0.2 2023-11-16
+
+- Readme link updates
+
+## 16.0.1.0.1 2023-10-09
+
+- Add AzureAD code flow provider
+
+## 16.0.1.0.0 2023-01-27
+
+- Odoo 16 migration
+
+## 15.0.1.0.0 2023-01-06
+
+- Odoo 15 migration
+
 ## 14.0.1.0.0 2021-12-10
 
 - Odoo 14 migration
diff --git a/auth_oidc/static/description/index.html b/auth_oidc/static/description/index.html
index 40f1cb7ce6..eb15be7dc3 100644
--- a/auth_oidc/static/description/index.html
+++ b/auth_oidc/static/description/index.html
@@ -1,4 +1,3 @@
-<?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
@@ -367,7 +366,7 @@ <h1 class="title">Authentication OpenID Connect</h1>
 !! This file is generated by oca-gen-addon-readme !!
 !! changes will be overwritten.                   !!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!! source digest: sha256:a54c4126f9873d2af17b9228f9afa844806a2541b42dc7945ec41be08379a915
+!! source digest: sha256:ede04e51899d4490eb4be0352376feb7833ba8d0546f36fea929c28a99a96d22
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
 <p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/16.0/auth_oidc"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_oidc"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
 <p>This module allows users to login through an OpenID Connect provider
@@ -386,16 +385,21 @@ <h1 class="title">Authentication OpenID Connect</h1>
 <li><a class="reference internal" href="#usage" id="toc-entry-5">Usage</a></li>
 <li><a class="reference internal" href="#known-issues-roadmap" id="toc-entry-6">Known issues / Roadmap</a></li>
 <li><a class="reference internal" href="#changelog" id="toc-entry-7">Changelog</a><ul>
-<li><a class="reference internal" href="#section-1" id="toc-entry-8">14.0.1.0.0 2021-12-10</a></li>
-<li><a class="reference internal" href="#section-2" id="toc-entry-9">13.0.1.0.0 2020-04-10</a></li>
-<li><a class="reference internal" href="#section-3" id="toc-entry-10">10.0.1.0.0 2018-10-05</a></li>
+<li><a class="reference internal" href="#section-1" id="toc-entry-8">16.0.1.1.0 2024-02-28</a></li>
+<li><a class="reference internal" href="#section-2" id="toc-entry-9">16.0.1.0.2 2023-11-16</a></li>
+<li><a class="reference internal" href="#section-3" id="toc-entry-10">16.0.1.0.1 2023-10-09</a></li>
+<li><a class="reference internal" href="#section-4" id="toc-entry-11">16.0.1.0.0 2023-01-27</a></li>
+<li><a class="reference internal" href="#section-5" id="toc-entry-12">15.0.1.0.0 2023-01-06</a></li>
+<li><a class="reference internal" href="#section-6" id="toc-entry-13">14.0.1.0.0 2021-12-10</a></li>
+<li><a class="reference internal" href="#section-7" id="toc-entry-14">13.0.1.0.0 2020-04-10</a></li>
+<li><a class="reference internal" href="#section-8" id="toc-entry-15">10.0.1.0.0 2018-10-05</a></li>
 </ul>
 </li>
-<li><a class="reference internal" href="#bug-tracker" id="toc-entry-11">Bug Tracker</a></li>
-<li><a class="reference internal" href="#credits" id="toc-entry-12">Credits</a><ul>
-<li><a class="reference internal" href="#authors" id="toc-entry-13">Authors</a></li>
-<li><a class="reference internal" href="#contributors" id="toc-entry-14">Contributors</a></li>
-<li><a class="reference internal" href="#maintainers" id="toc-entry-15">Maintainers</a></li>
+<li><a class="reference internal" href="#bug-tracker" id="toc-entry-16">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="toc-entry-17">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="toc-entry-18">Authors</a></li>
+<li><a class="reference internal" href="#contributors" id="toc-entry-19">Contributors</a></li>
+<li><a class="reference internal" href="#maintainers" id="toc-entry-20">Maintainers</a></li>
 </ul>
 </li>
 </ul>
@@ -493,26 +497,56 @@ <h1><a class="toc-backref" href="#toc-entry-6">Known issues / Roadmap</a></h1>
 <div class="section" id="changelog">
 <h1><a class="toc-backref" href="#toc-entry-7">Changelog</a></h1>
 <div class="section" id="section-1">
-<h2><a class="toc-backref" href="#toc-entry-8">14.0.1.0.0 2021-12-10</a></h2>
+<h2><a class="toc-backref" href="#toc-entry-8">16.0.1.1.0 2024-02-28</a></h2>
 <ul class="simple">
-<li>Odoo 14 migration</li>
+<li>Forward port OpenID Connect fixes from 15.0 to 16.0</li>
 </ul>
 </div>
 <div class="section" id="section-2">
-<h2><a class="toc-backref" href="#toc-entry-9">13.0.1.0.0 2020-04-10</a></h2>
+<h2><a class="toc-backref" href="#toc-entry-9">16.0.1.0.2 2023-11-16</a></h2>
 <ul class="simple">
-<li>Odoo 13 migration, add authorization code flow.</li>
+<li>Readme link updates</li>
 </ul>
 </div>
 <div class="section" id="section-3">
-<h2><a class="toc-backref" href="#toc-entry-10">10.0.1.0.0 2018-10-05</a></h2>
+<h2><a class="toc-backref" href="#toc-entry-10">16.0.1.0.1 2023-10-09</a></h2>
+<ul class="simple">
+<li>Add AzureAD code flow provider</li>
+</ul>
+</div>
+<div class="section" id="section-4">
+<h2><a class="toc-backref" href="#toc-entry-11">16.0.1.0.0 2023-01-27</a></h2>
+<ul class="simple">
+<li>Odoo 16 migration</li>
+</ul>
+</div>
+<div class="section" id="section-5">
+<h2><a class="toc-backref" href="#toc-entry-12">15.0.1.0.0 2023-01-06</a></h2>
+<ul class="simple">
+<li>Odoo 15 migration</li>
+</ul>
+</div>
+<div class="section" id="section-6">
+<h2><a class="toc-backref" href="#toc-entry-13">14.0.1.0.0 2021-12-10</a></h2>
+<ul class="simple">
+<li>Odoo 14 migration</li>
+</ul>
+</div>
+<div class="section" id="section-7">
+<h2><a class="toc-backref" href="#toc-entry-14">13.0.1.0.0 2020-04-10</a></h2>
+<ul class="simple">
+<li>Odoo 13 migration, add authorization code flow.</li>
+</ul>
+</div>
+<div class="section" id="section-8">
+<h2><a class="toc-backref" href="#toc-entry-15">10.0.1.0.0 2018-10-05</a></h2>
 <ul class="simple">
 <li>Initial implementation</li>
 </ul>
 </div>
 </div>
 <div class="section" id="bug-tracker">
-<h1><a class="toc-backref" href="#toc-entry-11">Bug Tracker</a></h1>
+<h1><a class="toc-backref" href="#toc-entry-16">Bug Tracker</a></h1>
 <p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/server-auth/issues">GitHub Issues</a>.
 In case of trouble, please check there if your issue has already been reported.
 If you spotted it first, help us to smash it by providing a detailed and welcomed
@@ -520,9 +554,9 @@ <h1><a class="toc-backref" href="#toc-entry-11">Bug Tracker</a></h1>
 <p>Do not contact contributors directly about support or help with technical issues.</p>
 </div>
 <div class="section" id="credits">
-<h1><a class="toc-backref" href="#toc-entry-12">Credits</a></h1>
+<h1><a class="toc-backref" href="#toc-entry-17">Credits</a></h1>
 <div class="section" id="authors">
-<h2><a class="toc-backref" href="#toc-entry-13">Authors</a></h2>
+<h2><a class="toc-backref" href="#toc-entry-18">Authors</a></h2>
 <ul class="simple">
 <li>ICTSTUDIO</li>
 <li>André Schenkels</li>
@@ -530,15 +564,16 @@ <h2><a class="toc-backref" href="#toc-entry-13">Authors</a></h2>
 </ul>
 </div>
 <div class="section" id="contributors">
-<h2><a class="toc-backref" href="#toc-entry-14">Contributors</a></h2>
+<h2><a class="toc-backref" href="#toc-entry-19">Contributors</a></h2>
 <ul class="simple">
 <li>Alexandre Fayolle &lt;<a class="reference external" href="mailto:alexandre.fayolle&#64;camptocamp.com">alexandre.fayolle&#64;camptocamp.com</a>&gt;</li>
 <li>Stéphane Bidoul &lt;<a class="reference external" href="mailto:stephane.bidoul&#64;acsone.eu">stephane.bidoul&#64;acsone.eu</a>&gt;</li>
 <li>David Jaen &lt;<a class="reference external" href="mailto:david.jaen.revert&#64;gmail.com">david.jaen.revert&#64;gmail.com</a>&gt;</li>
+<li>Andreas Perhab &lt;<a class="reference external" href="mailto:andreas.perhab&#64;wt-io-it.at">andreas.perhab&#64;wt-io-it.at</a>&gt;</li>
 </ul>
 </div>
 <div class="section" id="maintainers">
-<h2><a class="toc-backref" href="#toc-entry-15">Maintainers</a></h2>
+<h2><a class="toc-backref" href="#toc-entry-20">Maintainers</a></h2>
 <p>This module is maintained by the OCA.</p>
 <a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
 <p>OCA, or the Odoo Community Association, is a nonprofit organization whose
diff --git a/auth_oidc/tests/test_auth_oidc_auth_code.py b/auth_oidc/tests/test_auth_oidc_auth_code.py
index f608d02dde..a1a08b0a71 100644
--- a/auth_oidc/tests/test_auth_oidc_auth_code.py
+++ b/auth_oidc/tests/test_auth_oidc_auth_code.py
@@ -2,9 +2,18 @@
 # License: AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)
 
 import contextlib
+import json
 from urllib.parse import parse_qs, urlparse
 
+import responses
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from jose import jwt
+from jose.exceptions import JWTError
+from jose.utils import long_to_base64
+
 import odoo
+from odoo.exceptions import AccessDenied
 from odoo.tests import common
 
 from odoo.addons.website.tools import MockRequest as _MockRequest
@@ -23,6 +32,41 @@ def MockRequest(env):
 
 
 class TestAuthOIDCAuthorizationCodeFlow(common.HttpCase):
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        (
+            cls.rsa_key_pem,
+            cls.rsa_key_public_pem,
+            cls.rsa_key_public_jwk,
+        ) = cls._generate_key()
+        _, cls.second_key_public_pem, _ = cls._generate_key()
+
+    @staticmethod
+    def _generate_key():
+        rsa_key = rsa.generate_private_key(
+            public_exponent=65537,
+            key_size=4096,
+        )
+        rsa_key_pem = rsa_key.private_bytes(
+            serialization.Encoding.PEM,
+            serialization.PrivateFormat.TraditionalOpenSSL,
+            serialization.NoEncryption(),
+        ).decode("utf8")
+        rsa_key_public = rsa_key.public_key()
+        rsa_key_public_pem = rsa_key_public.public_bytes(
+            serialization.Encoding.PEM,
+            serialization.PublicFormat.SubjectPublicKeyInfo,
+        ).decode("utf8")
+        jwk = {
+            # https://datatracker.ietf.org/doc/html/rfc7518#section-6.1
+            "kty": "RSA",
+            "use": "sig",
+            "n": long_to_base64(rsa_key_public.public_numbers().n).decode("utf-8"),
+            "e": long_to_base64(rsa_key_public.public_numbers().e).decode("utf-8"),
+        }
+        return rsa_key_pem, rsa_key_public_pem, jwk
+
     def setUp(self):
         super().setUp()
         # search our test provider and bind the demo user to it
@@ -51,3 +95,216 @@ def test_auth_link(self):
             self.assertTrue(params["nonce"])
             self.assertTrue(params["state"])
             self.assertEqual(params["redirect_uri"], [BASE_URL + "/auth_oauth/signin"])
+
+    def _prepare_login_test_user(self):
+        user = self.env.ref("base.user_demo")
+        user.write({"oauth_provider_id": self.provider_rec.id, "oauth_uid": user.login})
+        return user
+
+    def _prepare_login_test_responses(
+        self, access_token="42", id_token_body=None, id_token_headers=None, keys=None
+    ):
+        if id_token_body is None:
+            id_token_body = {}
+        if id_token_headers is None:
+            id_token_headers = {"kid": "the_key_id"}
+        responses.add(
+            responses.POST,
+            "http://localhost:8080/auth/realms/master/protocol/openid-connect/token",
+            json={
+                "access_token": access_token,
+                "id_token": jwt.encode(
+                    id_token_body,
+                    self.rsa_key_pem,
+                    algorithm="RS256",
+                    headers=id_token_headers,
+                ),
+            },
+        )
+        if keys is None:
+            if "kid" in id_token_headers:
+                keys = [{"kid": "the_key_id", "keys": [self.rsa_key_public_pem]}]
+            else:
+                keys = [{"keys": [self.rsa_key_public_pem]}]
+        responses.add(
+            responses.GET,
+            "http://localhost:8080/auth/realms/master/protocol/openid-connect/certs",
+            json={"keys": keys},
+        )
+
+    @responses.activate
+    def test_login(self):
+        """Test that login works"""
+        user = self._prepare_login_test_user()
+        self._prepare_login_test_responses(id_token_body={"user_id": user.login})
+
+        params = {"state": json.dumps({})}
+        with MockRequest(self.env):
+            db, login, token = self.env["res.users"].auth_oauth(
+                self.provider_rec.id,
+                params,
+            )
+        self.assertEqual(token, "42")
+        self.assertEqual(login, user.login)
+
+    @responses.activate
+    def test_login_without_kid(self):
+        """Test that login works when ID Token has no kid in header"""
+        user = self._prepare_login_test_user()
+        self._prepare_login_test_responses(
+            id_token_body={"user_id": user.login},
+            id_token_headers={},
+            access_token=chr(42),
+        )
+
+        params = {"state": json.dumps({})}
+        with MockRequest(self.env):
+            db, login, token = self.env["res.users"].auth_oauth(
+                self.provider_rec.id,
+                params,
+            )
+        self.assertEqual(token, "*")
+        self.assertEqual(login, user.login)
+
+    @responses.activate
+    def test_login_with_sub_claim(self):
+        """Test that login works when ID Token contains only standard claims"""
+        self.provider_rec.token_map = False
+        user = self._prepare_login_test_user()
+        self._prepare_login_test_responses(
+            id_token_body={"sub": user.login}, access_token="1764"
+        )
+
+        params = {"state": json.dumps({})}
+        with MockRequest(self.env):
+            db, login, token = self.env["res.users"].auth_oauth(
+                self.provider_rec.id,
+                params,
+            )
+        self.assertEqual(token, "1764")
+        self.assertEqual(login, user.login)
+
+    @responses.activate
+    def test_login_without_kid_multiple_keys_in_jwks(self):
+        """
+        Test that login fails if no kid is provided in ID Token and JWKS has multiple
+        keys
+        """
+        user = self._prepare_login_test_user()
+        self._prepare_login_test_responses(
+            id_token_body={"user_id": user.login},
+            id_token_headers={},
+            access_token="6*7",
+            keys=[
+                {"kid": "other_key_id", "keys": [self.second_key_public_pem]},
+                {"kid": "the_key_id", "keys": [self.rsa_key_public_pem]},
+            ],
+        )
+
+        with self.assertRaises(
+            JWTError,
+            msg="OpenID Connect requires kid to be set if there is"
+            " more than one key in the JWKS",
+        ):
+            with MockRequest(self.env):
+                self.env["res.users"].auth_oauth(
+                    self.provider_rec.id,
+                    {"state": json.dumps({})},
+                )
+
+    @responses.activate
+    def test_login_without_matching_key(self):
+        """Test that login fails if no matching key can be found"""
+        user = self._prepare_login_test_user()
+        self._prepare_login_test_responses(
+            id_token_body={"user_id": user.login},
+            id_token_headers={},
+            access_token="168/4",
+            keys=[{"kid": "other_key_id", "keys": [self.second_key_public_pem]}],
+        )
+
+        with self.assertRaises(JWTError):
+            with MockRequest(self.env):
+                self.env["res.users"].auth_oauth(
+                    self.provider_rec.id,
+                    {"state": json.dumps({})},
+                )
+
+    @responses.activate
+    def test_login_without_any_key(self):
+        """Test that login fails if no key is provided by JWKS"""
+        user = self._prepare_login_test_user()
+        self._prepare_login_test_responses(
+            id_token_body={"user_id": user.login},
+            id_token_headers={},
+            access_token="168/4",
+            keys=[],
+        )
+
+        with self.assertRaises(AccessDenied):
+            with MockRequest(self.env):
+                self.env["res.users"].auth_oauth(
+                    self.provider_rec.id,
+                    {"state": json.dumps({})},
+                )
+
+    @responses.activate
+    def test_login_with_multiple_keys_in_jwks(self):
+        """Test that login works with multiple keys present in jwks"""
+        user = self._prepare_login_test_user()
+        self._prepare_login_test_responses(
+            id_token_body={"user_id": user.login},
+            access_token="2*3*7",
+            keys=[
+                {"kid": "other_key_id", "keys": [self.second_key_public_pem]},
+                {"kid": "the_key_id", "keys": [self.rsa_key_public_pem]},
+            ],
+        )
+
+        with MockRequest(self.env):
+            db, login, token = self.env["res.users"].auth_oauth(
+                self.provider_rec.id,
+                {"state": json.dumps({})},
+            )
+        self.assertEqual(token, "2*3*7")
+        self.assertEqual(login, user.login)
+
+    @responses.activate
+    def test_login_with_multiple_keys_in_jwks_same_kid(self):
+        """Test that login works with multiple keys with the same kid present in jwks"""
+        user = self._prepare_login_test_user()
+        self._prepare_login_test_responses(
+            id_token_body={"user_id": user.login},
+            access_token="84/2",
+            keys=[
+                {"kid": "the_key_id", "keys": [self.second_key_public_pem]},
+                {"kid": "the_key_id", "keys": [self.rsa_key_public_pem]},
+            ],
+        )
+
+        with MockRequest(self.env):
+            db, login, token = self.env["res.users"].auth_oauth(
+                self.provider_rec.id,
+                {"state": json.dumps({})},
+            )
+        self.assertEqual(token, "84/2")
+        self.assertEqual(login, user.login)
+
+    @responses.activate
+    def test_login_with_jwk_format(self):
+        """Test that login works with proper jwks format"""
+        user = self._prepare_login_test_user()
+        self.rsa_key_public_jwk["kid"] = "the_key_id"
+        self._prepare_login_test_responses(
+            id_token_body={"user_id": user.login},
+            keys=[self.rsa_key_public_jwk],
+            access_token="122/3",
+        )
+
+        with MockRequest(self.env):
+            db, login, token = self.env["res.users"].auth_oauth(
+                self.provider_rec.id,
+                {"state": json.dumps({})},
+            )
+        self.assertEqual(token, "122/3")
+        self.assertEqual(login, user.login)
diff --git a/auth_oidc_environment/i18n/it.po b/auth_oidc_environment/i18n/it.po
index 78806db045..eea27c216c 100644
--- a/auth_oidc_environment/i18n/it.po
+++ b/auth_oidc_environment/i18n/it.po
@@ -6,20 +6,22 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Odoo Server 16.0\n"
 "Report-Msgid-Bugs-To: \n"
-"Last-Translator: Automatically generated\n"
+"PO-Revision-Date: 2024-01-03 14:33+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: none\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
 
 #. module: auth_oidc_environment
 #: model:ir.model,name:auth_oidc_environment.model_auth_oauth_provider
 msgid "OAuth2 provider"
-msgstr ""
+msgstr "Provider OAuth2"
 
 #. module: auth_oidc_environment
 #: model:ir.model.fields,field_description:auth_oidc_environment.field_auth_oauth_provider__server_env_defaults
 msgid "Server Env Defaults"
-msgstr ""
+msgstr "Server ambiente predefinito"
diff --git a/auth_saml/README.rst b/auth_saml/README.rst
index ade85034a7..ea6b223ea1 100644
--- a/auth_saml/README.rst
+++ b/auth_saml/README.rst
@@ -7,7 +7,7 @@ SAML2 Authentication
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:1e046a7179ace3d0932313947c9156983197334815735ec52428916f26e3d354
+   !! source digest: sha256:3fcac74e9beda7cf4b033bd925615869ba6499576aabc948428f2cce34b6b790
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
diff --git a/auth_saml/__manifest__.py b/auth_saml/__manifest__.py
index 102f9dd209..ef4f1bb564 100644
--- a/auth_saml/__manifest__.py
+++ b/auth_saml/__manifest__.py
@@ -4,7 +4,7 @@
 
 {
     "name": "SAML2 Authentication",
-    "version": "16.0.1.0.3",
+    "version": "16.0.1.0.4",
     "category": "Tools",
     "author": "XCG Consulting, Odoo Community Association (OCA)",
     "maintainers": ["vincent-hatakeyama"],
diff --git a/auth_saml/i18n/it.po b/auth_saml/i18n/it.po
index 9daf4f8dbc..c371d8d389 100644
--- a/auth_saml/i18n/it.po
+++ b/auth_saml/i18n/it.po
@@ -6,57 +6,61 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Odoo Server 16.0\n"
 "Report-Msgid-Bugs-To: \n"
-"Last-Translator: Automatically generated\n"
+"PO-Revision-Date: 2024-01-05 10:34+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: none\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
 
 #. module: auth_saml
 #: model_terms:ir.ui.view,arch_db:auth_saml.providers
 msgid "- or -"
-msgstr ""
+msgstr "- o -"
 
 #. module: auth_saml
 #. odoo-python
 #: code:addons/auth_saml/controllers/main.py:0
 #, python-format
 msgid "Access Denied"
-msgstr ""
+msgstr "Accesso negato"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__active
 msgid "Active"
-msgstr ""
+msgstr "Attivo"
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_auth_saml_provider__css_class
 msgid "Add a CSS class that serves you to style the login button."
-msgstr ""
+msgstr "Aggiungere una classe CSS utile a definire il pulsante di accesso."
 
 #. module: auth_saml
 #: model_terms:ir.ui.view,arch_db:auth_saml.view_saml_provider_form
 msgid "Algorithm used to sign requests."
-msgstr ""
+msgstr "Algoritmo utilizzato per firmare le richieste."
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_res_config_settings__allow_saml_uid_and_internal_password
 msgid ""
 "Allow SAML users to possess an Odoo password (warning: decreases security)"
 msgstr ""
+"Consente agli utenti SAML di avere una password Odoo (attenzione: diminuisce "
+"la sicurezza)"
 
 #. module: auth_saml
 #: model_terms:ir.ui.view,arch_db:auth_saml.auth_saml_provider_view_search
 #: model_terms:ir.ui.view,arch_db:auth_saml.view_saml_provider_form
 msgid "Archived"
-msgstr ""
+msgstr "In archivio"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__attribute_mapping_ids
 msgid "Attribute Mapping"
-msgstr ""
+msgstr "Mappatura attributo"
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_auth_saml_provider__matching_attribute
@@ -64,6 +68,8 @@ msgid ""
 "Attribute to look for in the returned IDP response to match against an Odoo "
 "user."
 msgstr ""
+"Attributo da cercare nella risposta IDP restituita da corrispondere con un "
+"utente Odoo."
 
 #. module: auth_saml
 #: model_terms:ir.ui.view,arch_db:auth_saml.view_saml_provider_form
@@ -72,16 +78,19 @@ msgid ""
 "Provider). You may use the special case \"subject.nameId\" to match against "
 "the nameId in the IDP response."
 msgstr ""
+"Attributo per corrispondere l'utente in Odoo con quello dell'IDP (provider "
+"di identità). Si può utilizzare l'opzione speciale \"subject.nameId\" per "
+"corrispondere al nameId nella risposta IDP."
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__authn_requests_signed
 msgid "Authn Requests Signed"
-msgstr ""
+msgstr "Richieste atenticazione firmate"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__autoredirect
 msgid "Automatic Redirection"
-msgstr ""
+msgstr "Inoltro automatico"
 
 #. module: auth_saml
 #: model_terms:ir.ui.view,arch_db:auth_saml.view_saml_provider_form
@@ -89,6 +98,8 @@ msgid ""
 "Available after first save. The URL will change if the provider is deleted "
 "&amp; recreated or the database is renamed."
 msgstr ""
+"Disponibile dopo il primo salvataggio. L'URL cambierà se il forntore è "
+"cancellato e ricreato il database rinominato."
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_auth_saml_provider__sp_baseurl
@@ -96,16 +107,18 @@ msgid ""
 "Base URL sent to Odoo with this, rather than automatically\n"
 "        detecting from request or system parameter web.base.url"
 msgstr ""
+"URL base inviato a Odoo con questo, anziché rilevarlo \n"
+"        automaticamente dalla richiesta o parametro di sistema web.base.url"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__css_class
 msgid "Button Icon CSS class"
-msgstr ""
+msgstr "Pulsante icona classe CSS"
 
 #. module: auth_saml
 #: model:ir.model,name:auth_saml.model_res_config_settings
 msgid "Config Settings"
-msgstr ""
+msgstr "Impostazioni configurazione"
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_auth_saml_provider__idp_metadata
@@ -113,6 +126,8 @@ msgid ""
 "Configuration for this Identity Provider. Supplied by the provider, in XML "
 "format."
 msgstr ""
+"Configurazione per questo provider di identità. Fornito dal provider, in "
+"formato XML."
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_attribute_mapping__create_uid
@@ -120,7 +135,7 @@ msgstr ""
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_request__create_uid
 #: model:ir.model.fields,field_description:auth_saml.field_res_users_saml__create_uid
 msgid "Created by"
-msgstr ""
+msgstr "Creato da"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_attribute_mapping__create_date
@@ -128,17 +143,17 @@ msgstr ""
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_request__create_date
 #: model:ir.model.fields,field_description:auth_saml.field_res_users_saml__create_date
 msgid "Created on"
-msgstr ""
+msgstr "Creato il"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_request__saml_request_id
 msgid "Current Request ID"
-msgstr ""
+msgstr "ID richiesta attuale"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_res_users_saml__saml_access_token
 msgid "Current SAML token for this user"
-msgstr ""
+msgstr "Token SAML attuale per questo utente"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_attribute_mapping__display_name
@@ -146,17 +161,17 @@ msgstr ""
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_request__display_name
 #: model:ir.model.fields,field_description:auth_saml.field_res_users_saml__display_name
 msgid "Display Name"
-msgstr ""
+msgstr "Nome visualizzato"
 
 #. module: auth_saml
 #: model_terms:ir.ui.view,arch_db:auth_saml.view_saml_provider_form
 msgid "Display Settings"
-msgstr ""
+msgstr "Visualizza impostazioni"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__entity_id
 msgid "Entity ID"
-msgstr ""
+msgstr "ID entità"
 
 #. module: auth_saml
 #: model_terms:ir.ui.view,arch_db:auth_saml.view_saml_provider_form
@@ -164,16 +179,18 @@ msgid ""
 "Entity Identifier sent to the IDP. Often this would be the metadata URL, but"
 " it can be any string."
 msgstr ""
+"Identificatore entità inviato al IDP. Spesso è l'URL dei metadati, ma può "
+"essere qualsiasi stringa."
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_auth_saml_provider__entity_id
 msgid "EntityID passed to IDP, used to identify the Odoo"
-msgstr ""
+msgstr "EntityID passato all'IDP, utilizzato per identificate Odoo"
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_auth_saml_provider__matching_attribute_to_lower
 msgid "Force matching_attribute to lower case before passing back to Odoo."
-msgstr ""
+msgstr "Forza matching_attribute a minuscolo prima di restituirlo ad Odoo."
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_attribute_mapping__id
@@ -181,27 +198,27 @@ msgstr ""
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_request__id
 #: model:ir.model.fields,field_description:auth_saml.field_res_users_saml__id
 msgid "ID"
-msgstr ""
+msgstr "ID"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_attribute_mapping__attribute_name
 msgid "IDP Response Attribute"
-msgstr ""
+msgstr "Attributo risposta IDP"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__idp_metadata
 msgid "Identity Provider Metadata"
-msgstr ""
+msgstr "Metadati provider identità"
 
 #. module: auth_saml
 #: model_terms:ir.ui.view,arch_db:auth_saml.view_saml_provider_form
 msgid "Identity Provider Settings"
-msgstr ""
+msgstr "Impostazioni provider identità"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__matching_attribute
 msgid "Identity Provider matching attribute"
-msgstr ""
+msgstr "Attributo corrsipondenza provider identità"
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_auth_saml_provider__authn_requests_signed
@@ -209,22 +226,26 @@ msgid ""
 "Indicates if the Authentication Requests sent by this SP should be signed by"
 " default."
 msgstr ""
+"ndica se la richiesta di atenticazione inviata da questo SP deve essere "
+"firmata in modo predefinito."
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_auth_saml_provider__want_assertions_signed
 msgid "Indicates if this SP wants the IdP to send the assertions signed."
-msgstr ""
+msgstr "Indica se questo SP richiede che l'IDP invii la conferma firmata."
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_auth_saml_provider__logout_requests_signed
 msgid ""
 "Indicates if this entity will sign the Logout Requests originated from it."
 msgstr ""
+"Indica se questa entità firmerà la richiesta di uscita da esso generata."
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_auth_saml_provider__want_response_signed
 msgid "Indicates that Authentication Responses to this SP must be signed."
 msgstr ""
+"Indica che le risposte di autenticazione a questo SP devono essere firmate."
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_auth_saml_provider__want_assertions_or_response_signed
@@ -232,6 +253,8 @@ msgid ""
 "Indicates that either the Authentication Response or the assertions "
 "contained within the response to this SP must be signed."
 msgstr ""
+"Indica che la risposta di autenticazione o le dichiarazioni contenute nelle "
+"risposte a questo SP deve essere firmata."
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_attribute_mapping____last_update
@@ -239,7 +262,7 @@ msgstr ""
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_request____last_update
 #: model:ir.model.fields,field_description:auth_saml.field_res_users_saml____last_update
 msgid "Last Modified on"
-msgstr ""
+msgstr "Ultima modifica il"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_attribute_mapping__write_uid
@@ -247,7 +270,7 @@ msgstr ""
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_request__write_uid
 #: model:ir.model.fields,field_description:auth_saml.field_res_users_saml__write_uid
 msgid "Last Updated by"
-msgstr ""
+msgstr "Ultimo aggiornamento di"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_attribute_mapping__write_date
@@ -255,27 +278,27 @@ msgstr ""
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_request__write_date
 #: model:ir.model.fields,field_description:auth_saml.field_res_users_saml__write_date
 msgid "Last Updated on"
-msgstr ""
+msgstr "Ultimo aggiornamento il"
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_auth_saml_provider__body
 msgid "Link text in Login Dialog"
-msgstr ""
+msgstr "Collega il testo nella maschera di accesso"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__body
 msgid "Login button label"
-msgstr ""
+msgstr "Etichetta pulsante accesso"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__logout_requests_signed
 msgid "Logout Requests Signed"
-msgstr ""
+msgstr "Richiesta uscita firmata"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__matching_attribute_to_lower
 msgid "Lowercase IDP Matching Attribute"
-msgstr ""
+msgstr "Attributo corrispondenza IDP minuscolo"
 
 #. module: auth_saml
 #: model_terms:ir.ui.view,arch_db:auth_saml.view_saml_provider_form
@@ -284,163 +307,167 @@ msgid ""
 "available. If multiple values are returned (i.e. a list) then the first "
 "value is used."
 msgstr ""
+"Gli attributi mappati sono copiati dalla risposta SAML ad ogni accesso, se "
+"disponibile. Se vengono restituiti valori multipli (cioè una lista) allora "
+"viene usato il primo valore."
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__sp_metadata_url
 msgid "Metadata URL"
-msgstr ""
+msgstr "URL metadati"
 
 #. module: auth_saml
 #. odoo-python
 #: code:addons/auth_saml/controllers/main.py:0
 #, python-format
 msgid "Missing parameters"
-msgstr ""
+msgstr "Parametri mancanti"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_attribute_mapping__field_name
 msgid "Odoo Field"
-msgstr ""
+msgstr "Campo Odoo"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__sp_pem_private
 msgid "Odoo Private Key"
-msgstr ""
+msgstr "Chiave privata Odoo"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__sp_pem_private_filename
 msgid "Odoo Private Key File Name"
-msgstr ""
+msgstr "Nome file chiave privata Odoo"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__sp_pem_public
 msgid "Odoo Public Certificate"
-msgstr ""
+msgstr "Certificato pubblico Odoo"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__sp_pem_public_filename
 msgid "Odoo Public Certificate File Name"
-msgstr ""
+msgstr "Nome file certificato pubblico Odoo"
 
 #. module: auth_saml
 #: model_terms:ir.ui.view,arch_db:auth_saml.view_saml_provider_form
 msgid "Odoo Settings"
-msgstr ""
+msgstr "Impostazioni Odoo"
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_auth_saml_provider__autoredirect
 msgid ""
 "Only the provider with the higher priority will be automatically redirected"
 msgstr ""
+"Solo il provider con la priorità maggiore verrà inoltrato automaticamente"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__sp_baseurl
 msgid "Override Base URL"
-msgstr ""
+msgstr "Ignora URL base"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_attribute_mapping__provider_id
 msgid "Provider"
-msgstr ""
+msgstr "Provider"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__name
 msgid "Provider Name"
-msgstr ""
+msgstr "Nome provider"
 
 #. module: auth_saml
 #: model:ir.actions.act_window,name:auth_saml.action_saml_provider
 #: model_terms:ir.ui.view,arch_db:auth_saml.auth_saml_provider_view_search
 msgid "Providers"
-msgstr ""
+msgstr "Provider"
 
 #. module: auth_saml
 #: model_terms:ir.ui.view,arch_db:auth_saml.view_users_form
 msgid "SAML"
-msgstr ""
+msgstr "SAML"
 
 #. module: auth_saml
 #: model:ir.model,name:auth_saml.model_auth_saml_request
 msgid "SAML Outstanding Requests"
-msgstr ""
+msgstr "Richiesta straordinaria SAML"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_res_users_saml__saml_provider_id
 #: model_terms:ir.ui.view,arch_db:auth_saml.view_saml_provider_form
 msgid "SAML Provider"
-msgstr ""
+msgstr "Provider SAML"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_request__saml_provider_id
 msgid "SAML Provider that issued the token"
-msgstr ""
+msgstr "Provider SAML che ha emesso il token"
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_res_users_saml__saml_uid
 msgid "SAML Provider user_id"
-msgstr ""
+msgstr "user_id provider SAML"
 
 #. module: auth_saml
 #: model:ir.ui.menu,name:auth_saml.menu_saml_providers
 msgid "SAML Providers"
-msgstr ""
+msgstr "Provider SAML"
 
 #. module: auth_saml
 #: model:ir.model.constraint,message:auth_saml.constraint_res_users_saml_uniq_users_saml_provider_saml_uid
 msgid "SAML UID must be unique per provider"
-msgstr ""
+msgstr "UID SAML deve essere univoco per provider"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_res_users_saml__saml_uid
 msgid "SAML User ID"
-msgstr ""
+msgstr "ID utente SAML"
 
 #. module: auth_saml
 #: model:ir.model,name:auth_saml.model_auth_saml_provider
 msgid "SAML2 Provider"
-msgstr ""
+msgstr "Provider SAML2"
 
 #. module: auth_saml
 #: model:ir.model,name:auth_saml.model_auth_saml_attribute_mapping
 msgid "SAML2 attribute mapping"
-msgstr ""
+msgstr "Mappatura attributo SAML2"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_res_users__saml_ids
 msgid "Saml"
-msgstr ""
+msgstr "SAML"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__sequence
 msgid "Sequence"
-msgstr ""
+msgstr "Sequenza"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__sign_authenticate_requests
 msgid "Sign Authenticate Requests"
-msgstr ""
+msgstr "Firma richieste autenticazione"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__sign_metadata
 msgid "Sign Metadata"
-msgstr ""
+msgstr "Frma metadati"
 
 #. module: auth_saml
 #. odoo-python
 #: code:addons/auth_saml/controllers/main.py:0
 #, python-format
 msgid "Sign up is not allowed on this database."
-msgstr ""
+msgstr "Non è consentito iscriversi a questo database."
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__sig_alg
 msgid "Signature Algorithm"
-msgstr ""
+msgstr "Algoritmo firma"
 
 #. module: auth_saml
 #: model:ir.model,name:auth_saml.model_ir_config_parameter
 msgid "System Parameter"
-msgstr ""
+msgstr "Parametro di sistema"
 
 #. module: auth_saml
 #: model_terms:ir.ui.view,arch_db:auth_saml.view_saml_provider_form
@@ -449,11 +476,15 @@ msgid ""
 "odoo responding on multiple URLs you can use this to force it to send a "
 "specific address rather than rely on automatically detecting."
 msgstr ""
+"L'URL configurato per l'ACS deve corrispondere esattamente a quando inviato. "
+"Se si ha Odoo che risponde da URL multipli si può utilizzare per forzarlo ad "
+"inviare un indirizzo specifico invece che rispondere al rilevamento "
+"automatico."
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_res_users_saml__saml_access_token
 msgid "The current SAML token in use"
-msgstr ""
+msgstr "Token SAML attualmente in uso"
 
 #. module: auth_saml
 #. odoo-python
@@ -463,13 +494,15 @@ msgid ""
 "This database disallows users to have both passwords and SAML IDs. Error for"
 " logins %s"
 msgstr ""
+"Questo database nn consente agli utenti di avere sia password che ID SAML. "
+"Errore per accessi %s"
 
 #. module: auth_saml
 #. odoo-python
 #: code:addons/auth_saml/controllers/main.py:0
 #, python-format
 msgid "Unknown provider"
-msgstr ""
+msgstr "Provider sconosciuto"
 
 #. module: auth_saml
 #: model_terms:ir.ui.view,arch_db:auth_saml.view_saml_provider_form
@@ -477,56 +510,58 @@ msgid ""
 "Used to sign requests sent to the IDP. You can use openssl to generate a "
 "certificate and key."
 msgstr ""
+"Usato per firmare le richieste inviate all'IDP. Si può utilizzare OpenSSL "
+"per generare un certificato e una chiave."
 
 #. module: auth_saml
 #: model:ir.model,name:auth_saml.model_res_users
 #: model:ir.model.fields,field_description:auth_saml.field_res_users_saml__user_id
 msgid "User"
-msgstr ""
+msgstr "Utente"
 
 #. module: auth_saml
 #: model:ir.model,name:auth_saml.model_res_users_saml
 msgid "User to SAML Provider Mapping"
-msgstr ""
+msgstr "Mappatura tra utente e provider SAML"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__want_assertions_or_response_signed
 msgid "Want Assertions Or Response Signed"
-msgstr ""
+msgstr "Richiede conferma o risposta firmate"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__want_assertions_signed
 msgid "Want Assertions Signed"
-msgstr ""
+msgstr "Richiede conferme firmate"
 
 #. module: auth_saml
 #: model:ir.model.fields,field_description:auth_saml.field_auth_saml_provider__want_response_signed
 msgid "Want Response Signed"
-msgstr ""
+msgstr "Richiede risposta firmata"
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_auth_saml_provider__sign_metadata
 msgid "Whether metadata should be signed or not"
-msgstr ""
+msgstr "Se i metadata devno essere firmati o meno"
 
 #. module: auth_saml
 #: model:ir.model.fields,help:auth_saml.field_auth_saml_provider__sign_authenticate_requests
 msgid "Whether the request should be signed or not"
-msgstr ""
+msgstr "Se la richiesta deve essere firmata o meno"
 
 #. module: auth_saml
 #. odoo-python
 #: code:addons/auth_saml/controllers/main.py:0
 #, python-format
 msgid "You do not have access to this database. Please contact support."
-msgstr ""
+msgstr "Non si ha accesso a questo database. Contattare il supporto."
 
 #. module: auth_saml
 #: model_terms:ir.ui.view,arch_db:auth_saml.view_saml_provider_form
 msgid "Your ACS url will be base_url + /auth_saml/signin"
-msgstr ""
+msgstr "Il suo URL ACS sarà base_url + /auth_saml/signin"
 
 #. module: auth_saml
 #: model_terms:ir.ui.view,arch_db:auth_saml.view_saml_provider_form
 msgid "Your provider will give you this XML once configured."
-msgstr ""
+msgstr "Il suo provider fornirà questo XML una volta configurato."
diff --git a/auth_saml/models/ir_config_parameter.py b/auth_saml/models/ir_config_parameter.py
index 9fb503afac..dd8677d0fa 100644
--- a/auth_saml/models/ir_config_parameter.py
+++ b/auth_saml/models/ir_config_parameter.py
@@ -27,3 +27,13 @@ def write(self, vals):
         if self.filtered(lambda param: param.key == ALLOW_SAML_UID_AND_PASSWORD):
             self.env["res.users"].allow_saml_and_password_changed()
         return result
+
+    def unlink(self):
+        """Redefined to update users when our parameter is deleted."""
+        param_saml = self.filtered(
+            lambda param: param.key == ALLOW_SAML_UID_AND_PASSWORD
+        )
+        result = super().unlink()
+        if result and param_saml:
+            self.env["res.users"].allow_saml_and_password_changed()
+        return result
diff --git a/auth_saml/tests/test_pysaml.py b/auth_saml/tests/test_pysaml.py
index c05235b747..7549e2546f 100644
--- a/auth_saml/tests/test_pysaml.py
+++ b/auth_saml/tests/test_pysaml.py
@@ -198,7 +198,7 @@ def test_login_with_saml(self):
         # User should now be able to log in with the token
         self.authenticate(user="test@example.com", password=token)
 
-    def test_disallow_user_password_when_changing_setting(self):
+    def test_disallow_user_password_when_changing_ir_config_parameter(self):
         """Test that disabling users from having both a password and SAML ids remove
         users password."""
         # change the option
@@ -336,3 +336,26 @@ def test_redirect_after_login(self):
             self.base_url()
             + "/web#action=37&model=ir.module.module&view_type=kanban&menu_id=5",
         )
+
+    def test_disallow_user_password_when_changing_settings(self):
+        """Test that disabling the setting will remove passwords from related users"""
+        # We activate the settings to allow password login
+        self.env["res.config.settings"].create(
+            {
+                "allow_saml_uid_and_internal_password": True,
+            }
+        ).execute()
+
+        # Test the user can login with the password
+        self.authenticate(user="user@example.com", password="NesTNSte9340D720te>/-A")
+
+        self.env["res.config.settings"].create(
+            {
+                "allow_saml_uid_and_internal_password": False,
+            }
+        ).execute()
+
+        with self.assertRaises(AccessDenied):
+            self.authenticate(
+                user="user@example.com", password="NesTNSte9340D720te>/-A"
+            )
diff --git a/auth_session_timeout/i18n/it.po b/auth_session_timeout/i18n/it.po
index c193ce4ccf..7691d541ec 100644
--- a/auth_session_timeout/i18n/it.po
+++ b/auth_session_timeout/i18n/it.po
@@ -10,15 +10,15 @@ msgstr ""
 "Project-Id-Version: Odoo Server 10.0\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2018-01-06 02:24+0000\n"
-"PO-Revision-Date: 2023-03-07 19:36+0000\n"
-"Last-Translator: Francesco Foresti <francesco.foresti@ooops404.com>\n"
+"PO-Revision-Date: 2024-01-03 14:33+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: Italian (https://www.transifex.com/oca/teams/23907/it/)\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 4.14.1\n"
+"X-Generator: Weblate 4.17\n"
 
 #. module: auth_session_timeout
 #: model:ir.model,name:auth_session_timeout.model_ir_http
@@ -33,7 +33,7 @@ msgstr "Parametro di sistema"
 #. module: auth_session_timeout
 #: model:ir.model,name:auth_session_timeout.model_res_users
 msgid "User"
-msgstr ""
+msgstr "Utente"
 
 #~ msgid "Users"
 #~ msgstr "Utenti"
diff --git a/auth_signup_verify_email/i18n/it.po b/auth_signup_verify_email/i18n/it.po
index 691201a879..78f1ba46f5 100644
--- a/auth_signup_verify_email/i18n/it.po
+++ b/auth_signup_verify_email/i18n/it.po
@@ -9,22 +9,23 @@ msgstr ""
 "Project-Id-Version: server-tools (9.0)\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2016-06-09 12:31+0000\n"
-"PO-Revision-Date: 2016-05-31 14:47+0000\n"
-"Last-Translator: OCA Transbot <transbot@odoo-community.org>\n"
+"PO-Revision-Date: 2024-01-03 14:33+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: Italian (http://www.transifex.com/oca/OCA-server-tools-9-0/"
 "language/it/)\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
 
 #. module: auth_signup_verify_email
 #. odoo-python
 #: code:addons/auth_signup_verify_email/controllers/main.py:0
 #, python-format
 msgid "Another user is already registered using this email address."
-msgstr ""
+msgstr "Un altro utente che usa questa e-mail è già registrato."
 
 #. module: auth_signup_verify_email
 #. odoo-python
diff --git a/auth_user_case_insensitive/i18n/it.po b/auth_user_case_insensitive/i18n/it.po
index 2f7bafd478..58bc2aeb1f 100644
--- a/auth_user_case_insensitive/i18n/it.po
+++ b/auth_user_case_insensitive/i18n/it.po
@@ -9,36 +9,37 @@ msgstr ""
 "Project-Id-Version: Odoo Server 10.0\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2017-05-17 21:08+0000\n"
-"PO-Revision-Date: 2017-05-17 21:08+0000\n"
-"Last-Translator: OCA Transbot <transbot@odoo-community.org>, 2017\n"
+"PO-Revision-Date: 2024-01-03 14:33+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: Italian (https://www.transifex.com/oca/teams/23907/it/)\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
 
 #. module: auth_user_case_insensitive
 #. odoo-python
 #: code:addons/auth_user_case_insensitive/hooks.py:0
 #, python-format
 msgid "Conflicting user logins exist for `%s`"
-msgstr ""
+msgstr "Esiste un conflitto di accessi per l'utente '%s'"
 
 #. module: auth_user_case_insensitive
 #: model:ir.model.fields,field_description:auth_user_case_insensitive.field_res_users__login
 msgid "Login"
-msgstr ""
+msgstr "Login"
 
 #. module: auth_user_case_insensitive
 #: model:ir.model.fields,help:auth_user_case_insensitive.field_res_users__login
 msgid "Used to log into the system. Case insensitive."
-msgstr ""
+msgstr "Utilizzato per l'accesso al sistema. Insensibile a maiuscole/minuscole."
 
 #. module: auth_user_case_insensitive
 #: model:ir.model,name:auth_user_case_insensitive.model_res_users
 msgid "User"
-msgstr ""
+msgstr "Utente"
 
 #~ msgid "Users"
 #~ msgstr "Utenti"
diff --git a/base_user_show_email/i18n/it.po b/base_user_show_email/i18n/it.po
index 3b7f481b74..d9c1a7edbc 100644
--- a/base_user_show_email/i18n/it.po
+++ b/base_user_show_email/i18n/it.po
@@ -6,21 +6,23 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Odoo Server 16.0\n"
 "Report-Msgid-Bugs-To: \n"
-"Last-Translator: Automatically generated\n"
+"PO-Revision-Date: 2024-01-03 14:33+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: none\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
 
 #. module: base_user_show_email
 #: model_terms:ir.ui.view,arch_db:base_user_show_email.user_email_form
 msgid "Email Address"
-msgstr ""
+msgstr "Indirizzo e-mail"
 
 #. module: base_user_show_email
 #: model_terms:ir.ui.view,arch_db:base_user_show_email.login
 #: model_terms:ir.ui.view,arch_db:base_user_show_email.user_email_form
 msgid "Login"
-msgstr ""
+msgstr "Login"
diff --git a/password_security/i18n/it.po b/password_security/i18n/it.po
index c8edb3fcad..d636d76d1b 100644
--- a/password_security/i18n/it.po
+++ b/password_security/i18n/it.po
@@ -10,8 +10,8 @@ msgstr ""
 "Project-Id-Version: Odoo Server 10.0\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2016-12-23 02:01+0000\n"
-"PO-Revision-Date: 2023-10-13 12:44+0000\n"
-"Last-Translator: Francesco Foresti <francesco.foresti@ooops404.com>\n"
+"PO-Revision-Date: 2024-01-04 17:34+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: Italian (https://www.transifex.com/oca/teams/23907/it/)\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
@@ -28,6 +28,8 @@ msgid ""
 "\n"
 "* Lowercase letter (at least %s characters)"
 msgstr ""
+"\n"
+"* Lettere minuscole (almeno %s caratteri)"
 
 #. module: password_security
 #. odoo-python
@@ -37,6 +39,8 @@ msgid ""
 "\n"
 "* Numeric digit (at least %s characters)"
 msgstr ""
+"\n"
+"* Cifra numerica (almeno %s caratteri)"
 
 #. module: password_security
 #. odoo-python
@@ -46,6 +50,8 @@ msgid ""
 "\n"
 "* Special character (at least %s characters)"
 msgstr ""
+"\n"
+"* Crattere speciale (almeno %s caratteri)"
 
 #. module: password_security
 #. odoo-python
@@ -55,6 +61,8 @@ msgid ""
 "\n"
 "* Uppercase letter (at least %s characters)"
 msgstr ""
+"\n"
+"* Lettere maiuscole (almeno %s caratteri)"
 
 #. module: password_security
 #: model_terms:ir.ui.view,arch_db:password_security.res_config_settings_view_form
@@ -63,19 +71,23 @@ msgid ""
 "                               Minimum number of characters\n"
 "                          </span>"
 msgstr ""
+"<span id=\"minlength\">\n"
+"                               Numero minimo di caratteri\n"
+"                          </span>"
 
 #. module: password_security
 #: model:ir.model.fields,help:password_security.field_res_company__password_minimum
 #: model:ir.model.fields,help:password_security.field_res_config_settings__password_minimum
 msgid "Amount of hours until a user may change password again"
 msgstr ""
+"Numero di ore dopo le quali l'utente può cambiare nuovamente la password"
 
 #. module: password_security
 #. odoo-python
 #: code:addons/password_security/models/res_users.py:0
 #, python-format
 msgid "Cannot use the most recent %d passwords"
-msgstr ""
+msgstr "Impossibile usare le %d password più recenti"
 
 #. module: password_security
 #: model:ir.model,name:password_security.model_res_company
@@ -85,7 +97,7 @@ msgstr "Aziende"
 #. module: password_security
 #: model:ir.model,name:password_security.model_res_config_settings
 msgid "Config Settings"
-msgstr ""
+msgstr "Impostazioni configurazione"
 
 #. module: password_security
 #: model:ir.model.fields,field_description:password_security.field_res_users_pass_history__create_uid
@@ -111,7 +123,7 @@ msgstr "Giorni"
 #. module: password_security
 #: model_terms:ir.ui.view,arch_db:password_security.res_config_settings_view_form
 msgid "Disallow reuse of"
-msgstr ""
+msgstr "Impedire riuso di"
 
 #. module: password_security
 #: model:ir.model.fields,help:password_security.field_res_company__password_history
@@ -120,6 +132,8 @@ msgid ""
 "Disallow reuse of this many previous passwords - use negative number for "
 "infinite, or 0 to disable"
 msgstr ""
+"Impedire il riutilizzo di questa quantità di password precedenti - usare un "
+"numero negativo per infinito, o 0 per disabilitare"
 
 #. module: password_security
 #: model:ir.model.fields,field_description:password_security.field_res_users_pass_history__display_name
@@ -129,7 +143,7 @@ msgstr "Nome visualizzato"
 #. module: password_security
 #: model:ir.model.fields,field_description:password_security.field_res_users_pass_history__password_crypt
 msgid "Encrypted Password"
-msgstr ""
+msgstr "Password criptata"
 
 #. module: password_security
 #: model:ir.model.fields,field_description:password_security.field_res_company__password_history
@@ -141,7 +155,7 @@ msgstr "Cronologia"
 #: model:ir.model.fields,help:password_security.field_res_company__password_expiration
 #: model:ir.model.fields,help:password_security.field_res_config_settings__password_expiration
 msgid "How many days until passwords expire"
-msgstr ""
+msgstr "Quanti giorni prima che le password scadano"
 
 #. module: password_security
 #: model:ir.model.fields,field_description:password_security.field_res_users_pass_history__id
@@ -166,74 +180,74 @@ msgstr "Ultimo aggiornamento il"
 #. module: password_security
 #: model:ir.model.fields,field_description:password_security.field_res_users__password_write_date
 msgid "Last password update"
-msgstr ""
+msgstr "Ultimo aggiornamento password"
 
 #. module: password_security
 #: model:ir.model.fields,field_description:password_security.field_res_company__password_lower
 #: model:ir.model.fields,field_description:password_security.field_res_config_settings__password_lower
 msgid "Lowercase"
-msgstr ""
+msgstr "Minuscole"
 
 #. module: password_security
 #: model:ir.model.fields,field_description:password_security.field_res_company__password_minimum
 #: model:ir.model.fields,field_description:password_security.field_res_config_settings__password_minimum
 msgid "Minimum Hours"
-msgstr ""
+msgstr "Ore minime"
 
 #. module: password_security
 #: model_terms:ir.ui.view,arch_db:password_security.res_config_settings_view_form
 msgid "Minimum number of lowercase characters"
-msgstr ""
+msgstr "Numero minimo di caratteri minuscoli"
 
 #. module: password_security
 #: model_terms:ir.ui.view,arch_db:password_security.res_config_settings_view_form
 msgid "Minimum number of numeric characters"
-msgstr ""
+msgstr "Numero minimo di caratteri numerici"
 
 #. module: password_security
 #: model_terms:ir.ui.view,arch_db:password_security.res_config_settings_view_form
 msgid "Minimum number of special characters"
-msgstr ""
+msgstr "Numero minimo di caratteri speciali"
 
 #. module: password_security
 #: model_terms:ir.ui.view,arch_db:password_security.res_config_settings_view_form
 msgid "Minimum number of uppercase characters"
-msgstr ""
+msgstr "Numero minimo di caratteri maiuscoli"
 
 #. module: password_security
 #. odoo-python
 #: code:addons/password_security/models/res_users.py:0
 #, python-format
 msgid "Must contain the following:"
-msgstr ""
+msgstr "Deve contenere le seguenti:"
 
 #. module: password_security
 #: model:ir.model.fields,field_description:password_security.field_res_company__password_numeric
 #: model:ir.model.fields,field_description:password_security.field_res_config_settings__password_numeric
 msgid "Numeric"
-msgstr ""
+msgstr "Numerici"
 
 #. module: password_security
 #: model:ir.model.fields,field_description:password_security.field_res_users__password_history_ids
 msgid "Password History"
-msgstr ""
+msgstr "Storico password"
 
 #. module: password_security
 #: model_terms:ir.ui.view,arch_db:password_security.res_config_settings_view_form
 msgid "Password Policy"
-msgstr ""
+msgstr "Politica password"
 
 #. module: password_security
 #: model_terms:ir.ui.view,arch_db:password_security.res_config_settings_view_form
 msgid "Password expires in"
-msgstr ""
+msgstr "La password scade in"
 
 #. module: password_security
 #. odoo-python
 #: code:addons/password_security/models/res_users.py:0
 #, python-format
 msgid "Password must be %d characters or more."
-msgstr ""
+msgstr "La password deve essere di %d o più caratteri."
 
 #. module: password_security
 #. odoo-python
@@ -243,52 +257,54 @@ msgid ""
 "Passwords can only be reset every %d hour(s). Please contact an "
 "administrator for assistance."
 msgstr ""
+"Le password possono essere reimpostate solamente ogni %d ore. Contattare un "
+"amministratore per assistenza."
 
 #. module: password_security
 #: model:ir.model.fields,help:password_security.field_res_company__password_lower
 #: model:ir.model.fields,help:password_security.field_res_config_settings__password_lower
 msgid "Require number of lowercase letters"
-msgstr ""
+msgstr "Richiede un numero di lettere minuscole"
 
 #. module: password_security
 #: model:ir.model.fields,help:password_security.field_res_company__password_numeric
 #: model:ir.model.fields,help:password_security.field_res_config_settings__password_numeric
 msgid "Require number of numeric digits"
-msgstr ""
+msgstr "Richiede un numero di cifre numeriche"
 
 #. module: password_security
 #: model:ir.model.fields,help:password_security.field_res_company__password_special
 #: model:ir.model.fields,help:password_security.field_res_config_settings__password_special
 msgid "Require number of unique special characters"
-msgstr ""
+msgstr "Richiede un numero di caratteri speciali unici"
 
 #. module: password_security
 #: model:ir.model.fields,help:password_security.field_res_company__password_upper
 #: model:ir.model.fields,help:password_security.field_res_config_settings__password_upper
 msgid "Require number of uppercase letters"
-msgstr ""
+msgstr "Richiede un numero di lettere maiuscole"
 
 #. module: password_security
 #: model:ir.model,name:password_security.model_res_users_pass_history
 msgid "Res Users Password History"
-msgstr ""
+msgstr "Storico password utente res"
 
 #. module: password_security
 #: model:ir.model.fields,field_description:password_security.field_res_company__password_special
 #: model:ir.model.fields,field_description:password_security.field_res_config_settings__password_special
 msgid "Special"
-msgstr ""
+msgstr "Speciali"
 
 #. module: password_security
 #: model:ir.model.fields,field_description:password_security.field_res_company__password_upper
 #: model:ir.model.fields,field_description:password_security.field_res_config_settings__password_upper
 msgid "Uppercase"
-msgstr ""
+msgstr "Maiuscole"
 
 #. module: password_security
 #: model_terms:ir.ui.view,arch_db:password_security.res_config_settings_view_form
 msgid "Use negative number for infinite, or 0 to disable"
-msgstr ""
+msgstr "Usare un numero negativo per infinito o 0 per disabilitare"
 
 #. module: password_security
 #: model:ir.model,name:password_security.model_res_users
@@ -299,22 +315,22 @@ msgstr "Utente"
 #. module: password_security
 #: model_terms:ir.ui.view,arch_db:password_security.res_config_settings_view_form
 msgid "User can change password in"
-msgstr ""
+msgstr "L'utente puà modificare la password in"
 
 #. module: password_security
 #: model_terms:ir.ui.view,arch_db:password_security.res_config_settings_view_form
 msgid "days."
-msgstr ""
+msgstr "giorni."
 
 #. module: password_security
 #: model_terms:ir.ui.view,arch_db:password_security.res_config_settings_view_form
 msgid "hours again."
-msgstr ""
+msgstr "ore nuovamente."
 
 #. module: password_security
 #: model_terms:ir.ui.view,arch_db:password_security.res_config_settings_view_form
 msgid "previous passwords."
-msgstr ""
+msgstr "password precedenti."
 
 #~ msgid "Characters"
 #~ msgstr "Caratteri"
diff --git a/setup/_metapackage/VERSION.txt b/setup/_metapackage/VERSION.txt
index 9a0109d4fb..9b000d1e0d 100644
--- a/setup/_metapackage/VERSION.txt
+++ b/setup/_metapackage/VERSION.txt
@@ -1 +1 @@
-16.0.20231219.0
\ No newline at end of file
+16.0.20240322.0
\ No newline at end of file
diff --git a/setup/_metapackage/setup.py b/setup/_metapackage/setup.py
index 45298261ac..3c36fd4bad 100644
--- a/setup/_metapackage/setup.py
+++ b/setup/_metapackage/setup.py
@@ -10,11 +10,13 @@
     install_requires=[
         'odoo-addon-auth_admin_passkey>=16.0dev,<16.1dev',
         'odoo-addon-auth_api_key>=16.0dev,<16.1dev',
+        'odoo-addon-auth_api_key_group>=16.0dev,<16.1dev',
         'odoo-addon-auth_api_key_server_env>=16.0dev,<16.1dev',
         'odoo-addon-auth_jwt>=16.0dev,<16.1dev',
         'odoo-addon-auth_jwt_demo>=16.0dev,<16.1dev',
         'odoo-addon-auth_jwt_server_env>=16.0dev,<16.1dev',
         'odoo-addon-auth_ldaps>=16.0dev,<16.1dev',
+        'odoo-addon-auth_oauth_multi_token>=16.0dev,<16.1dev',
         'odoo-addon-auth_oauth_ropc>=16.0dev,<16.1dev',
         'odoo-addon-auth_oidc>=16.0dev,<16.1dev',
         'odoo-addon-auth_oidc_environment>=16.0dev,<16.1dev',
@@ -28,6 +30,8 @@
         'odoo-addon-users_ldap_groups>=16.0dev,<16.1dev',
         'odoo-addon-users_ldap_mail>=16.0dev,<16.1dev',
         'odoo-addon-users_ldap_populate>=16.0dev,<16.1dev',
+        'odoo-addon-vault>=16.0dev,<16.1dev',
+        'odoo-addon-vault_share>=16.0dev,<16.1dev',
     ],
     classifiers=[
         'Programming Language :: Python',
diff --git a/setup/auth_api_key_group/odoo/addons/auth_api_key_group b/setup/auth_api_key_group/odoo/addons/auth_api_key_group
new file mode 120000
index 0000000000..4cda5ca1f9
--- /dev/null
+++ b/setup/auth_api_key_group/odoo/addons/auth_api_key_group
@@ -0,0 +1 @@
+../../../../auth_api_key_group
\ No newline at end of file
diff --git a/setup/auth_api_key_group/setup.py b/setup/auth_api_key_group/setup.py
new file mode 100644
index 0000000000..28c57bb640
--- /dev/null
+++ b/setup/auth_api_key_group/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)
diff --git a/setup/auth_oauth_multi_token/odoo/addons/auth_oauth_multi_token b/setup/auth_oauth_multi_token/odoo/addons/auth_oauth_multi_token
new file mode 120000
index 0000000000..fdcdcb499d
--- /dev/null
+++ b/setup/auth_oauth_multi_token/odoo/addons/auth_oauth_multi_token
@@ -0,0 +1 @@
+../../../../auth_oauth_multi_token
\ No newline at end of file
diff --git a/setup/auth_oauth_multi_token/setup.py b/setup/auth_oauth_multi_token/setup.py
new file mode 100644
index 0000000000..28c57bb640
--- /dev/null
+++ b/setup/auth_oauth_multi_token/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)
diff --git a/setup/vault/odoo/addons/vault b/setup/vault/odoo/addons/vault
new file mode 120000
index 0000000000..4ead31e201
--- /dev/null
+++ b/setup/vault/odoo/addons/vault
@@ -0,0 +1 @@
+../../../../vault
\ No newline at end of file
diff --git a/setup/vault/setup.py b/setup/vault/setup.py
new file mode 100644
index 0000000000..28c57bb640
--- /dev/null
+++ b/setup/vault/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)
diff --git a/setup/vault_share/odoo/addons/vault_share b/setup/vault_share/odoo/addons/vault_share
new file mode 120000
index 0000000000..d8d730a844
--- /dev/null
+++ b/setup/vault_share/odoo/addons/vault_share
@@ -0,0 +1 @@
+../../../../vault_share
\ No newline at end of file
diff --git a/setup/vault_share/setup.py b/setup/vault_share/setup.py
new file mode 100644
index 0000000000..28c57bb640
--- /dev/null
+++ b/setup/vault_share/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)
diff --git a/test-requirements.txt b/test-requirements.txt
new file mode 100644
index 0000000000..2cb24f43db
--- /dev/null
+++ b/test-requirements.txt
@@ -0,0 +1 @@
+responses
diff --git a/user_log_view/i18n/it.po b/user_log_view/i18n/it.po
index 941c009fde..4719f62cbe 100644
--- a/user_log_view/i18n/it.po
+++ b/user_log_view/i18n/it.po
@@ -6,31 +6,33 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Odoo Server 16.0\n"
 "Report-Msgid-Bugs-To: \n"
-"Last-Translator: Automatically generated\n"
+"PO-Revision-Date: 2024-01-03 14:33+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: none\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
 
 #. module: user_log_view
 #: model:ir.actions.act_window,name:user_log_view.action_user_log
 #: model_terms:ir.ui.view,arch_db:user_log_view.res_users_view_form
 msgid "Authentication logs"
-msgstr ""
+msgstr "Registri autenticazione"
 
 #. module: user_log_view
 #: model_terms:ir.ui.view,arch_db:user_log_view.res_users_log_view_search
 msgid "Date"
-msgstr ""
+msgstr "Data"
 
 #. module: user_log_view
 #: model_terms:ir.ui.view,arch_db:user_log_view.res_users_log_view_search
 msgid "Group By"
-msgstr ""
+msgstr "Raggruppa per"
 
 #. module: user_log_view
 #: model_terms:ir.ui.view,arch_db:user_log_view.res_users_log_view_search
 msgid "Test Search"
-msgstr ""
+msgstr "Testa ricerca"
diff --git a/users_ldap_groups/i18n/it.po b/users_ldap_groups/i18n/it.po
index cec08af062..897502b939 100644
--- a/users_ldap_groups/i18n/it.po
+++ b/users_ldap_groups/i18n/it.po
@@ -6,15 +6,15 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Odoo Server 14.0\n"
 "Report-Msgid-Bugs-To: \n"
-"PO-Revision-Date: 2023-01-18 13:45+0000\n"
-"Last-Translator: Francesco Foresti <francesco.foresti@ooops404.com>\n"
+"PO-Revision-Date: 2024-01-03 14:33+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: none\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 4.14.1\n"
+"X-Generator: Weblate 4.17\n"
 
 #. module: users_ldap_groups
 #: model:ir.model,name:users_ldap_groups.model_res_company_ldap
@@ -163,7 +163,7 @@ msgstr ""
 #. module: users_ldap_groups
 #: model:ir.model,name:users_ldap_groups.model_res_users
 msgid "User"
-msgstr ""
+msgstr "Utente"
 
 #. module: users_ldap_groups
 #: model:ir.model.fields,field_description:users_ldap_groups.field_res_company_ldap_group_mapping__value
diff --git a/users_ldap_mail/i18n/it.po b/users_ldap_mail/i18n/it.po
index 5b5496328c..6f42d6e7e4 100644
--- a/users_ldap_mail/i18n/it.po
+++ b/users_ldap_mail/i18n/it.po
@@ -6,13 +6,15 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Odoo Server 16.0\n"
 "Report-Msgid-Bugs-To: \n"
-"Last-Translator: Automatically generated\n"
+"PO-Revision-Date: 2024-01-03 14:33+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: none\n"
 "Language: it\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
 
 #. module: users_ldap_mail
 #: model:ir.model.fields,help:users_ldap_mail.field_res_company_ldap__name_attribute
@@ -20,23 +22,25 @@ msgid ""
 "By default 'cn' is used. For ActiveDirectory you might use 'displayName' "
 "instead."
 msgstr ""
+"In modo predefinito viene usato \"cn\". Per ActiveDirectory potrebbe invece "
+"essere utilizzato \"displayName\"."
 
 #. module: users_ldap_mail
 #: model:ir.model,name:users_ldap_mail.model_res_company_ldap
 msgid "Company LDAP configuration"
-msgstr ""
+msgstr "Configurazione LDAP azienda"
 
 #. module: users_ldap_mail
 #: model:ir.model.fields,field_description:users_ldap_mail.field_res_company_ldap__mail_attribute
 msgid "E-mail attribute"
-msgstr ""
+msgstr "Attributo email"
 
 #. module: users_ldap_mail
 #: model:ir.model.fields,help:users_ldap_mail.field_res_company_ldap__mail_attribute
 msgid "LDAP attribute to use to retrieve e-mail address."
-msgstr ""
+msgstr "Attributo LDAP da utilizzare per il recupero degli indirizzi e-mail."
 
 #. module: users_ldap_mail
 #: model:ir.model.fields,field_description:users_ldap_mail.field_res_company_ldap__name_attribute
 msgid "Name Attribute"
-msgstr ""
+msgstr "Attributo del nome"
diff --git a/users_ldap_populate/i18n/it.po b/users_ldap_populate/i18n/it.po
index 5d143ada18..4d8f3c8ef9 100644
--- a/users_ldap_populate/i18n/it.po
+++ b/users_ldap_populate/i18n/it.po
@@ -10,7 +10,7 @@ msgstr ""
 "Project-Id-Version: Odoo Server 10.0\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2020-06-26 20:39+0000\n"
-"PO-Revision-Date: 2023-04-17 16:35+0000\n"
+"PO-Revision-Date: 2024-01-04 10:34+0000\n"
 "Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
 "Language-Team: Italian (https://www.transifex.com/oca/teams/23907/it/)\n"
 "Language: it\n"
@@ -18,17 +18,17 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: \n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 4.14.1\n"
+"X-Generator: Weblate 4.17\n"
 
 #. module: users_ldap_populate
 #: model_terms:ir.ui.view,arch_db:users_ldap_populate.populate_wizard_view
 msgid "Add populate button to ldap view"
-msgstr ""
+msgstr "Aggiungi pulsante compilazione alla vista LDAP"
 
 #. module: users_ldap_populate
 #: model:ir.model,name:users_ldap_populate.model_res_company_ldap
 msgid "Company LDAP configuration"
-msgstr ""
+msgstr "Configurazione LDAP azienda"
 
 #. module: users_ldap_populate
 #: model:ir.model.fields,field_description:users_ldap_populate.field_res_company_ldap_populate_wizard__create_uid
@@ -43,7 +43,7 @@ msgstr "Creato il"
 #. module: users_ldap_populate
 #: model:ir.model.fields,field_description:users_ldap_populate.field_res_company_ldap__deactivate_unknown_users
 msgid "Deactivate unknown users"
-msgstr ""
+msgstr "Disattiva utenti sconosciuti"
 
 #. module: users_ldap_populate
 #: model:ir.model.fields,field_description:users_ldap_populate.field_res_company_ldap_populate_wizard__display_name
@@ -58,7 +58,7 @@ msgstr "ID"
 #. module: users_ldap_populate
 #: model:ir.model.fields,field_description:users_ldap_populate.field_res_company_ldap_populate_wizard__ldap_id
 msgid "LDAP Configuration"
-msgstr ""
+msgstr "Configurazione LDAP"
 
 #. module: users_ldap_populate
 #: model:ir.model.fields,field_description:users_ldap_populate.field_res_company_ldap_populate_wizard____last_update
@@ -79,6 +79,8 @@ msgstr "Ultimo aggiornamento il"
 #: model:ir.model.fields,help:users_ldap_populate.field_res_company_ldap__no_deactivate_user_ids
 msgid "List users who never should be deactivated by the deactivation wizard"
 msgstr ""
+"Elenco utenti che non devono essere disattivati dalla procedura guidata di "
+"disattivazione"
 
 #. module: users_ldap_populate
 #: model:ir.model.fields,field_description:users_ldap_populate.field_res_company_ldap_populate_wizard__name
@@ -92,48 +94,50 @@ msgstr "Nome"
 msgid ""
 "No login attribute found: Could not extract login attribute from filter %s"
 msgstr ""
+"Nessun attributo di accesso trovato: impossibile estrarre attributo di "
+"accesso dal filtro %s"
 
 #. module: users_ldap_populate
 #: model:ir.model.fields,field_description:users_ldap_populate.field_res_company_ldap_populate_wizard__users_created
 msgid "Number of users created"
-msgstr ""
+msgstr "Numero di utenti creati"
 
 #. module: users_ldap_populate
 #: model:ir.model.fields,field_description:users_ldap_populate.field_res_company_ldap_populate_wizard__users_deactivated
 msgid "Number of users deactivated"
-msgstr ""
+msgstr "Numero di utenti disattivati"
 
 #. module: users_ldap_populate
 #: model_terms:ir.ui.view,arch_db:users_ldap_populate.populate_wizard_view
 msgid "OK"
-msgstr ""
+msgstr "OK"
 
 #. module: users_ldap_populate
 #: model_terms:ir.ui.view,arch_db:users_ldap_populate.company_form_view
 msgid "Populate"
-msgstr ""
+msgstr "Compila"
 
 #. module: users_ldap_populate
 #: model_terms:ir.ui.view,arch_db:users_ldap_populate.company_form_view
 msgid "Populate user database"
-msgstr ""
+msgstr "Compila database utente"
 
 #. module: users_ldap_populate
 #: model:ir.model,name:users_ldap_populate.model_res_company_ldap_populate_wizard
 msgid "Populate users from LDAP"
-msgstr ""
+msgstr "Compila utenti da LDAP"
 
 #. module: users_ldap_populate
 #. odoo-python
 #: code:addons/users_ldap_populate/models/users_ldap.py:0
 #, python-format
 msgid "Unable to process user with login %s"
-msgstr ""
+msgstr "Impossibile elaborare utente con accesso %s"
 
 #. module: users_ldap_populate
 #: model:ir.model.fields,field_description:users_ldap_populate.field_res_company_ldap__no_deactivate_user_ids
 msgid "Users never to deactivate"
-msgstr ""
+msgstr "Utenti da non disattivare"
 
 #~ msgid "res.company.ldap"
 #~ msgstr "res.company.ldap"
diff --git a/vault/README.rst b/vault/README.rst
new file mode 100644
index 0000000000..e58d1e5c71
--- /dev/null
+++ b/vault/README.rst
@@ -0,0 +1,100 @@
+=====
+Vault
+=====
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:12d8822aab453f4a6f00d8151ec6cdef4c66ec07c08d88e6528c85f3526d0818
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/16.0/vault
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-vault
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=16.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module implements a vault for secrets and files using end-to-end-encryption. The encryption and decryption happens in the browser using a vault specific shared master key. The master keys are encrypted using asymmetrically. For this the user has to enter a second password on the first login or if he needs to access data in a vault. The asymmetric keys are stored for a certain time in the browser storage.
+
+The server can never access the secrets with the information available. Only people registered in the vault can decrypt or encrypt values in a vault. The meta data isn't encrypted to be able to search/filter for entries more easily.
+
+This modules requires a secure context for the browser to work properly and therefore HTTPS support is required.
+
+The `vault-recovery <https://github.com/fkantelberg/vault-recovery>`_ project focuses on disaster recovery in case of an incident to recover secrets from old database backups or old exports.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Known issues / Roadmap
+======================
+
+* Field and file history for restoration
+
+* Import improvement
+
+ * Support challenge-response/FIDO2
+ * Support for argon2 and kdbx v4
+
+* When changing an entry from one vault to another existing vault, the values added on
+  this entry cannot be accessed, so the field vault is going to be readonly when it
+  is defined.
+
+  If you want to move entries between vaults you can use the export -> import option.
+
+* HTTPS or localhost (secure browser context) is required for the client side encryption
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20vault%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* initOS GmbH
+
+Contributors
+~~~~~~~~~~~~
+
+* Florian Kantelberg <florian.kantelberg@initos.com>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/16.0/vault>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/vault/TECHNICAL.rst b/vault/TECHNICAL.rst
new file mode 100644
index 0000000000..4a5456445d
--- /dev/null
+++ b/vault/TECHNICAL.rst
@@ -0,0 +1,143 @@
+::
+
+  ┌───────┐ ┏━━━━━━━━━━━━━┓ ╔═══════════╗
+  │ input │ ┃ unencrypted ┃ ║ encrypted ║
+  └───────┘ ┗━━━━━━━━━━━━━┛ ╚═══════════╝
+
+Vault
+=====
+
+Each vault stores entries with enrypted fields and files in a tree like structure. The access is controlled per vault. Every added user can read the secrets of a vault. Otherwise the users can receive permission to share the vault with other users, to write secrets in the vault, or to delete entries of the vault. The databases stores the public and password protected private key of each user. The password used for the private key is derived from a password entered by the user and should be different than the password used for the login. Keep in mind that the meta information like field name or file names aren't encrypted.
+
+Shared-key encryption
+=====================
+
+To be able to securely share sensitive data between all users a shared-key encryption is used. All users share a common secret for each vault. This secret is encrypted by the public key of each user to grant access to the user by using the private key to restore the secret.
+
+Encryption of master key
+------------------------
+
+::
+
+  .                   ┏━━━━━━━━━━━━┓
+                      ┃ Master key ┃
+                      ┗━━━━━━━━━━━━┛
+  ┏━━━━━━━━━━━━━━━━━┓       ┃
+  ┃ User            ┃       ▼
+  ┃                 ┃   ┏━━━━━━━━━┓
+  ┃ ┏━━━━━━━━━━━━━┓ ┃   ┃ encrypt ┃      ╔════════════╗
+  ┃ ┃ Public key  ┃━━━━▶┃ (RSA)   ┃━━━━━▶║ Master key ║
+  ┃ ┗━━━━━━━━━━━━━┛ ┃   ┗━━━━━━━━━┛      ╚════════════╝
+  ┃ ╔═════════════╗ ┃
+  ┃ ║ Private key ║ ┃
+  ┃ ╚═════════════╝ ┃
+  ┗━━━━━━━━━━━━━━━━━┛
+
+Decryption of master key
+------------------------
+
+::
+
+  .   ┌──────────┐     ┏━━━━━━━━━━┓
+      │ Password │━━━━▶┃ derive   ┃
+      └──────────┘     ┃ (PBKDF2) ┃
+                       ┗━━━━━━━━━━┛
+                            ┃
+  ┏━━━━━━━━━━━━━━━━━┓       ▼                          ╔════════════╗
+  ┃ User            ┃  ┏━━━━━━━━━━┓                    ║ Master key ║
+  ┃                 ┃  ┃ Password ┃                    ╚════════════╝
+  ┃ ┏━━━━━━━━━━━━━┓ ┃  ┗━━━━━━━━━━┛                          ┃
+  ┃ ┃ Public key  ┃ ┃       ┃                                ▼
+  ┃ ┗━━━━━━━━━━━━━┛ ┃       ▼                           ┏━━━━━━━━━┓
+  ┃ ╔═════════════╗ ┃   ┏━━━━━━━━┓   ┏━━━━━━━━━━━━━┓    ┃ decrypt ┃      ┏━━━━━━━━━━━━┓
+  ┃ ║ Private key ║━━━━━┃ unlock ┃━━▶┃ Private key ┃━━━▶┃ (RSA)   ┃━━━━━▶┃ Master key ┃
+  ┃ ╚═════════════╝ ┃   ┗━━━━━━━━┛   ┗━━━━━━━━━━━━━┛    ┗━━━━━━━━━┛      ┗━━━━━━━━━━━━┛
+  ┗━━━━━━━━━━━━━━━━━┛
+
+Symmetric encryption of the data
+================================
+
+The symmetric cipher AES is used with the common master key to encrypt/decrypt the secrets of the vaults. The encryption parameter and encrypted data is stored in the database while everything else happens in the browser.
+
+Encryption of data
+------------------
+
+::
+
+  .               ┏━━━━━━━━━━━━┓
+                  ┃ Master key ┃
+                  ┗━━━━━━━━━━━━┛
+                        ┃        ┏━━━━━━━━━━━━━━━━━━┓
+                        ▼        ┃ Database         ┃
+                   ┏━━━━━━━━━┓   ┃                  ┃
+  ┏━━━━━━━━━━━━┓   ┃ encrypt ┃   ┃╔════════════════╗┃
+  ┃ Plain text ┃━━▶┃ (AES)   ┃━━━▶║ Encrypted data ║┃
+  ┗━━━━━━━━━━━━┛   ┗━━━━━━━━━┛   ┃╚════════════════╝┃
+                        ┃        ┃┏━━━━━━━━━━━━━━━━┓┃
+                        ┗━━━━━━━━▶┃ Parameters     ┃┃
+                                 ┃┗━━━━━━━━━━━━━━━━┛┃
+                                 ┗━━━━━━━━━━━━━━━━━━┛
+
+Decryption of data
+------------------
+
+::
+
+  .                    ┏━━━━━━━━━━━━┓
+                       ┃ Master key ┃
+                       ┗━━━━━━━━━━━━┛
+  ┏━━━━━━━━━━━━━━━━━━┓       ┃
+  ┃ Database         ┃       ▼
+  ┃                  ┃   ┏━━━━━━━━━┓
+  ┃╔════════════════╗┃   ┃ decrypt ┃   ┏━━━━━━━━━━━━┓
+  ┃║ Encrypted data ║━━━▶┃ (AES)   ┃━━▶┃ Plain text ┃
+  ┃╚════════════════╝┃   ┗━━━━━━━━━┛   ┗━━━━━━━━━━━━┛
+  ┃┏━━━━━━━━━━━━━━━━┓┃       ▲
+  ┃┃ Parameters     ┃━━━━━━━━┛
+  ┃┗━━━━━━━━━━━━━━━━┛┃
+  ┗━━━━━━━━━━━━━━━━━━┛
+
+Inbox
+=====
+
+This allows an user to receive encrypted secrets by external or internal Odoo users. External users have to use either the owner specific inbox link from his preferences or the link of an already created inbox. The value is symmetrically encrypted. The key for the encryption is wrapped with the public key of the user of the inbox to grant the user the access to the key. Internal users can directly send a secret from a vault entry to another user who has enabled this feature. If a direct link is used the access counter and expiration time can block an overwrite.
+
+Encryption of inbox
+-------------------
+
+::
+
+  .                   ┏━━━━━━━━━━━━┓
+                      ┃ Plain data ┃
+                      ┗━━━━━━━━━━━━┛
+  ┏━━━━━━━━━━━━━━━━━┓       ┃
+  ┃ User            ┃       ▼
+  ┃                 ┃   ┏━━━━━━━━━┓
+  ┃ ┏━━━━━━━━━━━━━┓ ┃   ┃ encrypt ┃      ╔════════════════╗
+  ┃ ┃ Public key  ┃━━━━▶┃ (RSA)   ┃━━━━━▶║ Encrypted data ║
+  ┃ ┗━━━━━━━━━━━━━┛ ┃   ┗━━━━━━━━━┛      ╚════════════════╝
+  ┃ ╔═════════════╗ ┃
+  ┃ ║ Private key ║ ┃
+  ┃ ╚═════════════╝ ┃
+  ┗━━━━━━━━━━━━━━━━━┛
+
+Decryption of inbox
+-------------------
+
+::
+
+  .   ┌──────────┐     ┏━━━━━━━━━━┓
+      │ Password │━━━━▶┃ derive   ┃
+      └──────────┘     ┃ (PBKDF2) ┃
+                       ┗━━━━━━━━━━┛
+                            ┃
+  ┏━━━━━━━━━━━━━━━━━┓       ▼                        ╔════════════════╗
+  ┃ User            ┃  ┏━━━━━━━━━━┓                  ║ Encrypted data ║
+  ┃                 ┃  ┃ Password ┃                  ╚════════════════╝
+  ┃ ┏━━━━━━━━━━━━━┓ ┃  ┗━━━━━━━━━━┛                          ┃
+  ┃ ┃ Public key  ┃ ┃       ┃                                ▼
+  ┃ ┗━━━━━━━━━━━━━┛ ┃       ▼                           ┏━━━━━━━━━┓
+  ┃ ╔═════════════╗ ┃   ┏━━━━━━━━┓   ┏━━━━━━━━━━━━━┓    ┃ decrypt ┃      ┏━━━━━━━━━━━━┓
+  ┃ ║ Private key ║━━━━━┃ unlock ┃━━▶┃ Private key ┃━━━▶┃ (RSA)   ┃━━━━━▶┃ Plain data ┃
+  ┃ ╚═════════════╝ ┃   ┗━━━━━━━━┛   ┗━━━━━━━━━━━━━┛    ┗━━━━━━━━━┛      ┗━━━━━━━━━━━━┛
+  ┗━━━━━━━━━━━━━━━━━┛
diff --git a/vault/__init__.py b/vault/__init__.py
new file mode 100644
index 0000000000..843ac90a95
--- /dev/null
+++ b/vault/__init__.py
@@ -0,0 +1,4 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import controllers, models, wizards
diff --git a/vault/__manifest__.py b/vault/__manifest__.py
new file mode 100644
index 0000000000..e3cfda3f64
--- /dev/null
+++ b/vault/__manifest__.py
@@ -0,0 +1,50 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Vault",
+    "summary": "Password vault integration in Odoo",
+    "license": "AGPL-3",
+    "version": "16.0.1.0.0",
+    "website": "https://github.com/OCA/server-auth",
+    "application": True,
+    "author": "initOS GmbH, Odoo Community Association (OCA)",
+    "category": "Vault",
+    "depends": ["base_setup", "web"],
+    "data": [
+        "security/ir.model.access.csv",
+        "security/ir_rule.xml",
+        "security/vault_security.xml",
+        "views/res_config_settings_views.xml",
+        "views/res_users_views.xml",
+        "views/vault_entry_views.xml",
+        "views/vault_field_views.xml",
+        "views/vault_file_views.xml",
+        "views/vault_log_views.xml",
+        "views/vault_inbox_views.xml",
+        "views/vault_right_views.xml",
+        "views/vault_views.xml",
+        "views/menuitems.xml",
+        "views/templates.xml",
+        "wizards/vault_export_wizard.xml",
+        "wizards/vault_import_wizard.xml",
+        "wizards/vault_send_wizard.xml",
+        "wizards/vault_store_wizard.xml",
+    ],
+    "assets": {
+        "vault.assets_frontend": [
+            "vault/static/src/common/*.js",
+            "vault/static/src/frontend/*.js",
+        ],
+        "web.assets_backend": [
+            "vault/static/lib/**/*.min.js",
+            "vault/static/src/**/*.xml",
+            "vault/static/src/common/*.js",
+            "vault/static/src/backend/*.scss",
+            "vault/static/src/backend/**/*.js",
+        ],
+        "web.tests_assets": [
+            "vault/static/tests/**/*.js",
+        ],
+    },
+}
diff --git a/vault/controllers/__init__.py b/vault/controllers/__init__.py
new file mode 100644
index 0000000000..aabfa83edd
--- /dev/null
+++ b/vault/controllers/__init__.py
@@ -0,0 +1,4 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import main
diff --git a/vault/controllers/main.py b/vault/controllers/main.py
new file mode 100644
index 0000000000..1ca361dda3
--- /dev/null
+++ b/vault/controllers/main.py
@@ -0,0 +1,152 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo import _, http
+from odoo.exceptions import AccessDenied
+from odoo.http import request
+
+_logger = logging.getLogger(__name__)
+
+
+class Controller(http.Controller):
+    @http.route("/vault/inbox/<string:token>", type="http", auth="public")
+    def vault_inbox(self, token):
+        ctx = {"disable_footer": True, "token": token}
+        # Find the right token
+        inbox = request.env["vault.inbox"].sudo().find_inbox(token)
+        user = request.env["res.users"].sudo().find_user_of_inbox(token)
+        if len(inbox) == 1 and inbox.accesses > 0:
+            ctx.update({"name": inbox.name, "public": inbox.user_id.active_key.public})
+        elif len(inbox) == 0 and len(user) == 1:
+            ctx["public"] = user.active_key.public
+
+        # A valid token would mean we found a public key
+        if not ctx.get("public"):
+            ctx["error"] = _("Invalid token")
+            return request.render("vault.inbox", ctx)
+
+        # Just render if GET method
+        if request.httprequest.method != "POST":
+            return request.render("vault.inbox", ctx)
+
+        # Check the param
+        name = request.params.get("name")
+        secret = request.params.get("encrypted")
+        secret_file = request.params.get("encrypted_file")
+        filename = request.params.get("filename")
+        iv = request.params.get("iv")
+        key = request.params.get("key")
+        if not name:
+            ctx["error"] = _("Please specify a name")
+            return request.render("vault.inbox", ctx)
+
+        if not secret and not secret_file:
+            ctx["error"] = _("No secret found")
+            return request.render("vault.inbox", ctx)
+
+        if secret_file and not filename:
+            ctx["error"] = _("Missing filename")
+            return request.render("vault.inbox", ctx)
+
+        if not iv or not key:
+            ctx["error"] = _("Something went wrong with the encryption")
+            return request.render("vault.inbox", ctx)
+
+        try:
+            inbox.store_in_inbox(
+                name,
+                secret,
+                secret_file,
+                iv,
+                key,
+                user,
+                filename,
+                ip=request.httprequest.remote_addr,
+            )
+        except Exception as e:
+            _logger.exception(e)
+            ctx["error"] = _(
+                "An error occured. Please contact the user or administrator"
+            )
+            return request.render("vault.inbox", ctx)
+
+        ctx["message"] = _("Successfully stored")
+        return request.render("vault.inbox", ctx)
+
+    @http.route("/vault/public", type="json")
+    def vault_public(self, user_id):
+        """Get the public key of a specific user"""
+        user = request.env["res.users"].sudo().browse(user_id).exists()
+        if not user or not user.keys:
+            return {}
+
+        return {"public_key": user.active_key.public}
+
+    @http.route("/vault/inbox/get", auth="user", type="json")
+    def vault_get_inbox(self):
+        inboxes = request.env.user.inbox_ids
+        return {inbox.token: inbox.key for inbox in inboxes}
+
+    @http.route("/vault/inbox/store", auth="user", type="json")
+    def vault_store_inbox(self, keys):
+        if not isinstance(keys, dict):
+            return
+
+        for inbox in request.env.user.inbox_ids:
+            key = keys.get(inbox.token)
+
+            if isinstance(key, str):
+                inbox.key = key
+
+    @http.route("/vault/keys/store", auth="user", type="json")
+    def vault_store_keys(self, **kwargs):
+        """Store the key pair for the current user"""
+        return request.env["res.users.key"].store(**kwargs)
+
+    @http.route("/vault/keys/get", auth="user", type="json")
+    def vault_get_keys(self):
+        """Get the currently active key pair"""
+        return request.env.user.get_vault_keys()
+
+    @http.route("/vault/rights/get", auth="user", type="json")
+    def vault_get_right_keys(self):
+        """Get the master keys from the vault.right records"""
+        rights = request.env.user.vault_right_ids
+        return {right.vault_id.uuid: right.key for right in rights}
+
+    @http.route("/vault/rights/store", auth="user", type="json")
+    def vault_store_right_keys(self, keys):
+        """Store the master keys to the specific vault.right records"""
+        if not isinstance(keys, dict):
+            return
+
+        for right in request.env.user.vault_right_ids:
+            master_key = keys.get(right.vault_id.uuid)
+
+            if isinstance(master_key, str):
+                right.sudo().key = master_key
+
+    @http.route("/vault/replace", auth="user", type="json")
+    def vault_replace(self, data):
+        """Replace the master keys and values within a single transaction"""
+        if not isinstance(data, list):
+            return
+
+        vault = request.env["vault"].with_context(vault_skip_log=True)
+        for changes in data:
+            record = vault.env[changes["model"]].browse(changes["id"])
+            if not record.vault_id.allowed_write:
+                raise AccessDenied()
+
+            vault |= record.vault_id
+            if record._name in ("vault.field", "vault.file"):
+                record.write({k: v for k, v in changes.items() if k in ["iv", "value"]})
+            elif record._name == "vault.right":
+                record.write({k: v for k, v in changes.items() if k in ["key"]})
+
+        for v in vault:
+            v._log_entry("Replaced the keys", "info")
+
+        vault.sudo().write({"reencrypt_required": False})
diff --git a/vault/i18n/es.po b/vault/i18n/es.po
new file mode 100644
index 0000000000..3358c5bda5
--- /dev/null
+++ b/vault/i18n/es.po
@@ -0,0 +1,1505 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* vault
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 14.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2022-06-06 06:57+0000\n"
+"PO-Revision-Date: 2023-10-31 20:36+0000\n"
+"Last-Translator: Ivorra78 <informatica@totmaterial.es>\n"
+"Language-Team: \n"
+"Language: es\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_entry.py:0
+#, python-format
+msgid "%(action)s entry %(name)s by %(user)s"
+msgstr "%(action)s entrada %(name)s por %(user)s"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid "%s '%s' of entry '%s'"
+msgstr "%s '%s' del registro '%s'"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_entry.py:0
+#, python-format
+msgid "%s (copy)"
+msgstr "%s (copia)"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid ""
+"A secure browser context is required. Please switch to https or contact your "
+"administrator"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "A-Z"
+msgstr "A-Z"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/abstract_vault_field.py:0
+#: model:ir.model,name:vault.model_vault_abstract_field
+#, python-format
+msgid "Abstract model to implement basic fields for encryption"
+msgstr "Modelo abstracto para implementar los campos básicos de encriptación"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/abstract_vault.py:0
+#: model:ir.model,name:vault.model_vault_abstract
+#, python-format
+msgid "Abstract model to implement general access rights"
+msgstr "Modelo abstracto para aplicar los derechos de acceso generales"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__accesses
+msgid "Access counter"
+msgstr "Contador de acceso"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__active_key
+msgid "Active Key"
+msgstr "Clave activa"
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_vault_entry
+#: model:ir.ui.menu,name:vault.menu_vault_entry
+msgid "All Entries"
+msgstr "Todos los registros"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+msgid "Allow all users to export vaults accessible to them"
+msgstr "Permitir que todos los usuarios exporten bóvedas accesibles para ellos"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+msgid "Allow all users to import vaults accessible to them"
+msgstr "Permitir que todos los usuarios importen bóvedas accesibles para ellos"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+msgid "Allow the usage to share secrets with external users"
+msgstr "Permitir el uso para compartir secretos con usuarios externos"
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_right__perm_create
+msgid "Allow to create in the vault"
+msgstr "Permitir crear en el vault"
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_right__perm_delete
+msgid "Allow to delete a vault"
+msgstr "Permitir borrar un vault"
+
+#. module: vault
+#: model:res.groups,name:vault.group_vault_export
+msgid "Allow to export vaults"
+msgstr "Permitir exportar bóvedas"
+
+#. module: vault
+#: model:res.groups,name:vault.group_vault_import
+msgid "Allow to import vaults"
+msgstr "Permitir importar bóvedas"
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_right__perm_share
+msgid "Allow to share a vault with new users"
+msgstr "Permitir compartir un vault con nuevos usuarios"
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_right__perm_write
+msgid "Allow to write to the vault"
+msgstr "Permitir escribir en un vault"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_create
+msgid "Allowed Create"
+msgstr "Permitido crear"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_delete
+msgid "Allowed Delete"
+msgstr "Permitido borrar"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_read
+msgid "Allowed Read"
+msgstr "Permitido leer"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_share
+msgid "Allowed Share"
+msgstr "Permitido añadir usuarios"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_write
+msgid "Allowed Write"
+msgstr "Permitido escribir"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "An error occured. Please contact the user or administrator"
+msgstr ""
+"Se ha producido un error. Por favor, póngase en contacto con el usuario o el "
+"administrador"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_right_overview_search
+msgid "By user"
+msgstr "Por usuario"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_right_overview_search
+msgid "By vault"
+msgstr "Por vault"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_send_wizard
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_store_wizard
+#, python-format
+msgid "Cancel"
+msgstr "Cancelar"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#, python-format
+msgid "Cancelled"
+msgstr "Cancelado"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Characters:"
+msgstr "Caracteres:"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__child_ids
+msgid "Child"
+msgstr "Hijo"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+msgid "Childs"
+msgstr "Hijos"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_export_wizard
+msgid "Close"
+msgstr "Cerrar"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__entry_name
+#: model:ir.model.fields,field_description:vault.field_vault_entry__complete_name
+#: model:ir.model.fields,field_description:vault.field_vault_field__entry_name
+#: model:ir.model.fields,field_description:vault.field_vault_file__entry_name
+msgid "Complete Name"
+msgstr "Nombre completo"
+
+#. module: vault
+#: model:ir.model,name:vault.model_res_config_settings
+msgid "Config Settings"
+msgstr "Opciones de Configuración"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Confirm your password:"
+msgstr "Confirma tu contraseña:"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+msgid "Content"
+msgstr "Contenido"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Copy to clipboard"
+msgstr "Copiar al portapapeles"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_create
+msgid "Create"
+msgstr "Crear"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_entry__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_field__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_file__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_log__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_right__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_tag__create_uid
+msgid "Created by"
+msgstr "Creado por"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox.py:0
+#, python-format
+msgid "Created by %(name)s via %(ip)s"
+msgstr "Creado por %(name)s a través de %(ip)s"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_send_wizard.py:0
+#, python-format
+msgid "Created by %s"
+msgstr "Creado por %s"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__create_date
+#: model:ir.model.fields,field_description:vault.field_vault__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_entry__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_field__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_file__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_log__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_right__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_tag__create_date
+msgid "Created on"
+msgstr "Creado el"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__crypted_content
+msgid "Crypted Content"
+msgstr "Contenido encriptado"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__current
+msgid "Current"
+msgstr "Actual"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+msgid "Custom JSON format <b>.json</b>"
+msgstr "Formato JSON personalizado <b>.json</b>"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__content
+msgid "Database"
+msgstr "Base de datos"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_delete
+msgid "Delete"
+msgstr "Borrar"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__display_name
+#: model:ir.model.fields,field_description:vault.field_vault__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_entry__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_field__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_file__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_log__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_right__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_tag__display_name
+msgid "Display Name"
+msgstr "Nombre a mostrar"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid "Do you really want to create a new key pair and set it active?"
+msgstr "¿Realmente quiere crear un nuevo par de claves y activarlo?"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__content
+msgid "Download"
+msgstr "Descargar"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#, python-format
+msgid "Enter"
+msgstr "Ingrese a"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Enter your password:"
+msgstr "Ingrese su contraseña:"
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_open_entries
+#: model:ir.model.fields,field_description:vault.field_vault__entry_ids
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__entry_id
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Entries"
+msgstr "Registros"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__entry_id
+#: model:ir.model.fields,field_description:vault.field_vault_field__entry_id
+#: model:ir.model.fields,field_description:vault.field_vault_file__entry_id
+#: model:ir.model.fields,field_description:vault.field_vault_log__entry_id
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__entry_id
+msgid "Entry"
+msgstr "Registro"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_entry.py:0
+#: model:ir.model,name:vault.model_vault_entry
+#, python-format
+msgid "Entry inside a vault"
+msgstr "Entrar al interior de un vault"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_log.py:0
+#, python-format
+msgid "Error"
+msgstr "Error"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__expiration
+msgid "Expiration"
+msgstr "Expiración"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__expired
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+msgid "Expired"
+msgstr "Expirado"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__expire_date
+msgid "Expires on"
+msgstr "Expira en"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_config_settings__group_vault_export
+msgid "Export Vaults"
+msgstr "Exportar bóvedas"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault.py:0
+#: code:addons/vault/models/vault_entry.py:0
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+#, python-format
+msgid "Export to file"
+msgstr "Exportar a fichero"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_export_wizard.py:0
+#: model:ir.model,name:vault.model_vault_export_wizard
+#, python-format
+msgid "Export wizard for vaults"
+msgstr "Asistente de exportación para vaults"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/vault.esm.js:0
+#, python-format
+msgid "Failed to export keys to object store"
+msgstr "Fallo en la exportación de claves al almacén de objetos"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/vault.esm.js:0
+#, python-format
+msgid "Failed to export the keys to the database"
+msgstr "Fallo en la exportación de claves a la base de datos"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/vault.esm.js:0
+#, python-format
+msgid "Failed to import keys from database"
+msgstr "Fallo en la importación de claves desde la base de datos"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_field.py:0
+#: model:ir.model,name:vault.model_vault_field
+#, python-format
+msgid "Field of a vault"
+msgstr "Campo de un vault"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__field_ids
+#: model:ir.model.fields,field_description:vault.field_vault_entry__field_ids
+msgid "Fields"
+msgstr "Campos"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_file.py:0
+#: model:ir.model,name:vault.model_vault_file
+#, python-format
+msgid "File of a vault"
+msgstr "Fichero de un vault"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "File to share:"
+msgstr "Fichero a compartir:"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__filename
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__filename
+msgid "Filename"
+msgstr "Nombre del fichero"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__file_ids
+#: model:ir.model.fields,field_description:vault.field_vault_entry__file_ids
+msgid "Files"
+msgstr "Ficheros"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__fingerprint
+msgid "Fingerprint"
+msgstr "Huella digital"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Generate"
+msgstr "Generar"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Generate a new secret:"
+msgstr "Generar nuevo secreto:"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_right_overview_search
+msgid "Grouped"
+msgstr "Agrupado"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Hide"
+msgstr "Ocultar"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__id
+#: model:ir.model.fields,field_description:vault.field_vault__id
+#: model:ir.model.fields,field_description:vault.field_vault_entry__id
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__id
+#: model:ir.model.fields,field_description:vault.field_vault_field__id
+#: model:ir.model.fields,field_description:vault.field_vault_file__id
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__id
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__id
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__id
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__id
+#: model:ir.model.fields,field_description:vault.field_vault_log__id
+#: model:ir.model.fields,field_description:vault.field_vault_right__id
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__id
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__id
+#: model:ir.model.fields,field_description:vault.field_vault_tag__id
+msgid "ID"
+msgstr "ID"
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_inbox__expiration
+msgid "If expired the inbox can't be written using the link"
+msgstr ""
+"Si ha caducado, la bandeja de entrada no puede escribirse utilizando el "
+"enlace"
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_inbox__accesses
+msgid "If this is 0 the inbox can't be written using the link"
+msgstr ""
+"Si esto es 0 la bandeja de entrada no puede ser escrita usando el enlace"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+msgid "Import"
+msgstr "Importar"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_config_settings__group_vault_import
+msgid "Import Vaults"
+msgstr "Importar bóvedas"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault.py:0
+#: code:addons/vault/models/vault_entry.py:0
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+#, python-format
+msgid "Import from file"
+msgstr "Importar desde archivo"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_import_wizard.py:0
+#: model:ir.model,name:vault.model_vault_import_wizard
+#, python-format
+msgid "Import wizard for vaults"
+msgstr "Asistente de importación para vaults"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_import_wizard.py:0
+#: model:ir.model,name:vault.model_vault_import_wizard_path
+#, python-format
+msgid "Import wizard path for vaults"
+msgstr "Ruta del asistente de importación para vaults"
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_vault_inbox
+#: model:ir.model.fields,field_description:vault.field_res_users__inbox_ids
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__inbox_id
+#: model:ir.ui.menu,name:vault.menu_vault_inbox
+msgid "Inbox"
+msgstr "Bandeja de entrada"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__inbox_enabled
+msgid "Inbox Enabled"
+msgstr "Bandeja de entrada habilitada"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__inbox_link
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__inbox_link
+msgid "Inbox Link"
+msgstr "Enlace de la bandeja de entrada"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__inbox_token
+msgid "Inbox Token"
+msgstr "Token bandeja de entrada"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__include_childs
+msgid "Include Childs"
+msgstr "Incluir hijos"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_log.py:0
+#, python-format
+msgid "Information"
+msgstr "Información"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_import_wizard.py:0
+#, python-format
+msgid "Invalid file to import from"
+msgstr "Archivo inválido para importar"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/res_users_key.py:0
+#, python-format
+msgid "Invalid parameter"
+msgstr "Parámetro no válido"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Invalid token"
+msgstr "Token inválido"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+msgid "Invalidate private key"
+msgstr "Invalidar clave privada"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__iterations
+msgid "Iterations"
+msgstr "Iteraciones"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__iv
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__iv
+#: model:ir.model.fields,field_description:vault.field_vault_field__iv
+#: model:ir.model.fields,field_description:vault.field_vault_file__iv
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__iv
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__iv
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__iv
+msgid "Iv"
+msgstr "Iv"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+msgid "Keepass Database <b>.kdbx</b>"
+msgstr "Base de datos keepass <b>.kdbx</b>"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__key
+#: model:ir.model.fields,field_description:vault.field_vault_right__key
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__key
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__key
+msgid "Key"
+msgstr "Clave"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/user_menu.esm.js:0
+#, python-format
+msgid "Key Management"
+msgstr "Gestión de claves"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__key_user
+msgid "Key User"
+msgstr "Clave de usuario"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Keyfile:"
+msgstr "Archivo de llaves:"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__keys
+msgid "Keys"
+msgstr "Claves"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key____last_update
+#: model:ir.model.fields,field_description:vault.field_vault____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_entry____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_field____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_file____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_inbox____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_log____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_right____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_tag____last_update
+msgid "Last Modified on"
+msgstr "Última modificación el"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_entry__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_field__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_file__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_log__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_right__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_tag__write_uid
+msgid "Last Updated by"
+msgstr "Última modificación por"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__write_date
+#: model:ir.model.fields,field_description:vault.field_vault__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_entry__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_field__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_file__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_log__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_right__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_tag__write_date
+msgid "Last Updated on"
+msgstr "Última actualización en"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Length:"
+msgstr "Longitud:"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__log_ids
+#: model:ir.model.fields,field_description:vault.field_vault_entry__log_ids
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__log_ids
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Log"
+msgstr "Registro"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_log.py:0
+#: model:ir.model,name:vault.model_vault_log
+#, python-format
+msgid "Log entry of a vault"
+msgstr "Registro de entrada de un vault"
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_res_users_keys
+msgid "Manage my keys"
+msgstr "Gestionar mis claves"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_field__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_file__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_right__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__master_key
+msgid "Master Key"
+msgstr "Clave maestra"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_log__message
+msgid "Message"
+msgstr "Mensaje"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Missing filename"
+msgstr "Falta el nombre del fichero"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#, python-format
+msgid "Missing password"
+msgstr "Falta la contraseña"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__model
+msgid "Model"
+msgstr "Modelo"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_config_settings__module_vault_share
+msgid "Module Vault Share"
+msgstr "Módulo Vault Share"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__name
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__name
+#: model:ir.model.fields,field_description:vault.field_vault_entry__name
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__name
+#: model:ir.model.fields,field_description:vault.field_vault_field__name
+#: model:ir.model.fields,field_description:vault.field_vault_file__name
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__name
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__name
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__name
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__name
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__name
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__name
+#: model:ir.model.fields,field_description:vault.field_vault_tag__name
+msgid "Name"
+msgstr "Nombre"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "Name of your secret:"
+msgstr "Nombre de tu secreto:"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_send_wizard.py:0
+#, python-format
+msgid "Neither a secret nor file was given"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+msgid "New inbox link"
+msgstr "Nuevo enlace de la bandeja de entrada"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+msgid "New private key"
+msgstr "Nueva clave privada"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "No secret found"
+msgstr "No se ha encontrado ningún secreto"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox.py:0
+#: code:addons/vault/wizards/vault_send_wizard.py:0
+#: model:ir.model.constraint,message:vault.constraint_vault_inbox_value_check
+#: model:ir.model.constraint,message:vault.constraint_vault_send_wizard_value_check
+#, python-format
+msgid "No value found"
+msgstr "No se ha encontrado ningún valor"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+msgid "Not Expired"
+msgstr "No ha caducado"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__note
+#: model:ir.model.fields,field_description:vault.field_vault_entry__note
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+msgid "Note"
+msgstr "Nota"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_entry__user_id
+msgid "Owner"
+msgstr "Propietario"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__parent_id
+msgid "Parent"
+msgstr "Padre"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__parent_id
+msgid "Parent Entry"
+msgstr "Registro padre"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Password:"
+msgstr "Contraseña:"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__path
+msgid "Path to import"
+msgstr "Ruta de importación"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_entry__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_field__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_file__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_user
+msgid "Perm User"
+msgstr "Usuario permanente"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/export.esm.js:0
+#: code:addons/vault/static/src/backend/import.esm.js:0
+#, python-format
+msgid "Please enter the password for the database"
+msgstr "Por favor, introduzca la contraseña de la base de datos"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/import.esm.js:0
+#, python-format
+msgid "Please enter the password for the keepass database"
+msgstr "Por favor, introduzca la contraseña de la base de datos keepass"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/vault.esm.js:0
+#, python-format
+msgid "Please enter the password for your private key"
+msgstr "Por favor, introduzca la contraseña de su clave privada"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Please enter your password or upload a keyfile:"
+msgstr "Por favor, introduzca su contraseña o cargue un archivo de claves:"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Please specify a name"
+msgstr "Por favor, especifique un nombre"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__private
+msgid "Private"
+msgstr "Privado"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__public
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__public
+msgid "Public"
+msgstr "Público"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__public_key
+msgid "Public Key"
+msgstr "Clave pública"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Re-encrypt"
+msgstr "Reencriptar"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__reencrypt_required
+msgid "Reencrypt Required"
+msgstr "Necesita reencriptarse"
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_vault_right
+#: model:ir.model.fields,field_description:vault.field_vault__right_ids
+#: model:ir.ui.menu,name:vault.menu_vault_right
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Rights"
+msgstr "Derechos"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__salt
+msgid "Salt"
+msgstr "Sal"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_export_file.esm.js:0
+#: code:addons/vault/static/src/backend/fields/vault_file.esm.js:0
+#, python-format
+msgid "Save As..."
+msgstr "Guardar como..."
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Save in a vault"
+msgstr "Guardar en un vault"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__secret
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__secret
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__secret
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "Secret"
+msgstr "Secreto"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__secret_file
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__secret_file
+msgid "Secret File"
+msgstr "Archivo de secretos"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__secret_temporary
+msgid "Secret Temporary"
+msgstr "Secreto temporal"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "Secret to share:"
+msgstr "Secreto a compartir:"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_send_wizard
+msgid "Send"
+msgstr "Enviar"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Send the secret to an user"
+msgstr "Enviar secreto a un usuario"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_mixin.esm.js:0
+#, python-format
+msgid "Send the secret to another user"
+msgstr "Enviar secreto a otro usuario"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_share
+msgid "Share"
+msgstr "Compartir"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Show"
+msgstr "Mostrar"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Something went wrong with the encryption"
+msgstr "Algo ha ido mal en el encriptado"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Special"
+msgstr "Especial"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_log__state
+msgid "State"
+msgstr "Estado"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_store_wizard
+msgid "Store"
+msgstr "Tienda"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_inbox_mixin.esm.js:0
+#, python-format
+msgid "Store the secret in a vault"
+msgstr "Guarda el secreto en un vault"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "Submit secret"
+msgstr "Enviar secreto"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Successfully stored"
+msgstr "Guardado correctamente"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__tags
+msgid "Tags"
+msgstr "Etiquetas"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault.py:0
+#: code:addons/vault/models/vault_entry.py:0
+#: model:ir.model.constraint,message:vault.constraint_vault_entry_vault_uuid_uniq
+#: model:ir.model.constraint,message:vault.constraint_vault_uuid_uniq
+#, python-format
+msgid "The UUID must be unique."
+msgstr "El UUID debe ser único."
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_export_file.esm.js:0
+#: code:addons/vault/static/src/backend/fields/vault_file.esm.js:0
+#, python-format
+msgid "The field is empty, there's nothing to save!"
+msgstr "El campo está vacío, ¡no hay nada que guardar!"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+msgid "The files must end on one of the supported file type:"
+msgstr "Los archivos deben terminar en uno de los tipos de archivo admitidos:"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid "The following entries are broken:"
+msgstr "Los siguientes registros están rotos:"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#, python-format
+msgid "The passwords aren't matching"
+msgstr "Las contraseñas no coinciden"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/abstract_vault.py:0
+#, python-format
+msgid ""
+"The requested operation can not be completed due to security restrictions."
+msgstr ""
+"La operación solicitada no puede completarse debido a restricciones de "
+"seguridad."
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_tag.py:0
+#: model:ir.model.constraint,message:vault.constraint_vault_tag_name_uniq
+#, python-format
+msgid "The tag must be unique!"
+msgstr "¡La etiqueta debe ser única!"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_right.py:0
+#: model:ir.model.constraint,message:vault.constraint_vault_right_user_uniq
+#, python-format
+msgid "The user must be unique"
+msgstr "El usuario debe ser único"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__token
+msgid "Token"
+msgstr "Token"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/import.esm.js:0
+#, python-format
+msgid "Unsupported file to import"
+msgstr "Archivo no compatible para importar"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__url
+msgid "Url"
+msgstr "Url"
+
+#. module: vault
+#: model:ir.model,name:vault.model_res_users
+#: model:ir.model.fields,field_description:vault.field_res_users_key__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_log__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_right__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__user_id
+msgid "User"
+msgstr "Usuario"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/res_users_key.py:0
+#: model:ir.model,name:vault.model_res_users_key
+#, python-format
+msgid "User data of a vault"
+msgstr "Datos de usuario de un vault"
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_inbox__inbox_link
+msgid ""
+"Using this link you can write to the current inbox. If you want people to "
+"create new inboxes you should give them your inbox link from your key "
+"management."
+msgstr ""
+"Con este enlace puedes escribir en la bandeja de entrada actual. Si quieres "
+"que la gente cree nuevas bandejas de entrada, deberás darles el enlace de tu "
+"bandeja de entrada desde tu gestor de claves."
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__uuid
+#: model:ir.model.fields,field_description:vault.field_vault__uuid
+#: model:ir.model.fields,field_description:vault.field_vault_entry__uuid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__uuid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__uuid
+msgid "Uuid"
+msgstr "Uuid"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_field__value
+#: model:ir.model.fields,field_description:vault.field_vault_file__value
+msgid "Value"
+msgstr "Valor"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault.py:0
+#: model:ir.actions.act_window,name:vault.action_vault
+#: model:ir.model,name:vault.model_vault
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_entry__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_field__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_file__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_log__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_right__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__vault_id
+#: model:ir.ui.menu,name:vault.menu_vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+#, python-format
+msgid "Vault"
+msgstr "Bóveda"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_field.esm.js:0
+#, python-format
+msgid "Vault Field"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_file.esm.js:0
+#, python-format
+msgid "Vault File"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_inbox_field.esm.js:0
+#, python-format
+msgid "Vault Inbox Field"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_inbox_file.esm.js:0
+#, python-format
+msgid "Vault Inbox File"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__vault_right_ids
+msgid "Vault Right"
+msgstr "Permiso de vault"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+msgid "Vault Share"
+msgstr "Compartir vault"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox_log.py:0
+#: model:ir.model,name:vault.model_vault_inbox_log
+#, python-format
+msgid "Vault inbox log"
+msgstr "Registro de bandeja de entrada de vault"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid "Vault is not supported"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_right.py:0
+#: model:ir.model,name:vault.model_vault_right
+#, python-format
+msgid "Vault rights"
+msgstr "Permisos de vault"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox.py:0
+#: model:ir.model,name:vault.model_vault_inbox
+#, python-format
+msgid "Vault share incoming secrets"
+msgstr "Compartir los secretos de entrada de vault"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_tag.py:0
+#: model:ir.model,name:vault.model_vault_tag
+#, python-format
+msgid "Vault tag"
+msgstr "Etiqueta de vault"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+msgid "Vaults"
+msgstr "Bóvedas"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Verify"
+msgstr "Verificar"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__version
+msgid "Version"
+msgstr "Versión"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_log.py:0
+#, python-format
+msgid "Warning"
+msgstr "Advertencia"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_store_wizard.py:0
+#: model:ir.model,name:vault.model_vault_store_wizard
+#, python-format
+msgid "Wizard store a shared secret in a vault"
+msgstr "Asistente de almacenado de secreto compartido en un vault"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_send_wizard.py:0
+#: model:ir.model,name:vault.model_vault_send_wizard
+#, python-format
+msgid "Wizard to send another user a secret"
+msgstr "Asistente para enviar un secreto a otro usuario"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_write
+msgid "Write"
+msgstr "Escribir"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox.py:0
+#, python-format
+msgid "Written by %(name)s via %(ip)s"
+msgstr "Escrito por %(name)s vía %(ip)s"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_entry.py:0
+#, python-format
+msgid "You can not create recursive entries."
+msgstr "No puedes crear registros recrsivos."
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_send_wizard
+msgid ""
+"You can only send the secret to the user who has generated a key-pair.\n"
+"                        If an user is not showing please ask him to generate "
+"these."
+msgstr ""
+"Sólo se puede enviar el secreto al usuario que ha generado un par de "
+"claves.\n"
+"                        Si un usuario no aparece, por favor, pídale que los "
+"genere."
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+msgid ""
+"You will loose access to all vaults and your inbox. Do you want to continue?"
+msgstr ""
+"Perderá el acceso a todos sus vaults y a su bandeja de entrada. ¿Desea "
+"continuar?"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "a-z"
+msgstr "a-z"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_send_wizard
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_store_wizard
+msgid "or"
+msgstr "o"
+
+#~ msgid "Users"
+#~ msgstr "Usuarios"
+
+#, python-format
+#~ msgid ""
+#~ "This will re-encrypt everything in the vault. Do you want to proceed?"
+#~ msgstr "Esto volverá a encriptar todo en el vault. ¿Quieres proceder?"
+
+#, python-format
+#~ msgid "%s entry %s by %s"
+#~ msgstr "%s registrado %s por %s"
+
+#, python-format
+#~ msgid "Created by %s via %s"
+#~ msgstr "Creado por %s via %s"
+
+#, python-format
+#~ msgid "Written by %s via %s"
+#~ msgstr "Escrito por %s via %s"
diff --git a/vault/i18n/it.po b/vault/i18n/it.po
new file mode 100644
index 0000000000..fa3a113ca6
--- /dev/null
+++ b/vault/i18n/it.po
@@ -0,0 +1,1503 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* vault
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"PO-Revision-Date: 2024-03-12 12:05+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
+"Language-Team: none\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_entry.py:0
+#, python-format
+msgid "%(action)s entry %(name)s by %(user)s"
+msgstr "%(action)s inserisce %(name)s da %(user)s"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid "%s '%s' of entry '%s'"
+msgstr "%s '%s' dell'inserimento '%s'"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_entry.py:0
+#, python-format
+msgid "%s (copy)"
+msgstr "%s (copia)"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid ""
+"A secure browser context is required. Please switch to https or contact your"
+" administrator"
+msgstr ""
+"È richiesto un ambiente browser sicuro. Passare ad HTTPS o contattare "
+"l'amministratore"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "A-Z"
+msgstr "A-Z"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/abstract_vault_field.py:0
+#: model:ir.model,name:vault.model_vault_abstract_field
+#, python-format
+msgid "Abstract model to implement basic fields for encryption"
+msgstr "Modello astratto per implementare campi base per la criptazione"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/abstract_vault.py:0
+#: model:ir.model,name:vault.model_vault_abstract
+#, python-format
+msgid "Abstract model to implement general access rights"
+msgstr "Modello astratto per implementare diritto di accesso generali"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__accesses
+msgid "Access counter"
+msgstr "Contatore accessi"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__active_key
+msgid "Active Key"
+msgstr "Chiave attiva"
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_vault_entry
+#: model:ir.ui.menu,name:vault.menu_vault_entry
+msgid "All Entries"
+msgstr "Tutte le registrazioni"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+msgid "Allow all users to export vaults accessible to them"
+msgstr ""
+"Consente a tutti gli utenti di esportare gli depositidi sicurezza da loro "
+"accessibili"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+msgid "Allow all users to import vaults accessible to them"
+msgstr ""
+"Consente a tutti gli utenti di importare depositi di sicurezza da loro "
+"accessibili"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+msgid "Allow the usage to share secrets with external users"
+msgstr "Consente l'utilizzo di segreti condivisi con utenti esterni"
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_right__perm_create
+msgid "Allow to create in the vault"
+msgstr "Consente di creare nell'deposito di sicurezza"
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_right__perm_delete
+msgid "Allow to delete a vault"
+msgstr "Consenti di eliminare un deposito di sicurezza"
+
+#. module: vault
+#: model:res.groups,name:vault.group_vault_export
+msgid "Allow to export vaults"
+msgstr "Consente di esportare depositi di sicurezza"
+
+#. module: vault
+#: model:res.groups,name:vault.group_vault_import
+msgid "Allow to import vaults"
+msgstr "Consente di importare depositi di sicurezza"
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_right__perm_share
+msgid "Allow to share a vault with new users"
+msgstr "Consente di condividere un deposito di sicurezza con nuovi utenti"
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_right__perm_write
+msgid "Allow to write to the vault"
+msgstr "Consente di scrivere nell'deposito di sicurezza"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_create
+msgid "Allowed Create"
+msgstr "Autorizzati a creare"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_delete
+msgid "Allowed Delete"
+msgstr "Autorizzati a cancellare"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_read
+msgid "Allowed Read"
+msgstr "Autorizzati alla lettura"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_share
+msgid "Allowed Share"
+msgstr "Autorizzati a condividere"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_write
+msgid "Allowed Write"
+msgstr "Autorizzati alla scrittura"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "An error occured. Please contact the user or administrator"
+msgstr "Si è verificato un errore. Contattare l'utente o l'amministratore"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_right_overview_search
+msgid "By user"
+msgstr "Per utente"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_right_overview_search
+msgid "By vault"
+msgstr "Per valore"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_send_wizard
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_store_wizard
+#, python-format
+msgid "Cancel"
+msgstr "Annulla"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#, python-format
+msgid "Cancelled"
+msgstr "Annullato"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Characters:"
+msgstr "Caratteri:"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__child_ids
+msgid "Child"
+msgstr "Figlio"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+msgid "Childs"
+msgstr "Figli"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_export_wizard
+msgid "Close"
+msgstr "Chiudi"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__entry_name
+#: model:ir.model.fields,field_description:vault.field_vault_entry__complete_name
+#: model:ir.model.fields,field_description:vault.field_vault_field__entry_name
+#: model:ir.model.fields,field_description:vault.field_vault_file__entry_name
+msgid "Complete Name"
+msgstr "Nome completo"
+
+#. module: vault
+#: model:ir.model,name:vault.model_res_config_settings
+msgid "Config Settings"
+msgstr "Impostazioni configurazione"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Confirm your password:"
+msgstr "Conferma password:"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+msgid "Content"
+msgstr "Contenuto"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Copy to clipboard"
+msgstr "Copia negli appunti"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_create
+msgid "Create"
+msgstr "Crea"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_entry__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_field__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_file__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_log__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_right__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_tag__create_uid
+msgid "Created by"
+msgstr "Creato da"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox.py:0
+#, python-format
+msgid "Created by %(name)s via %(ip)s"
+msgstr "Creato da %(name)s attraverso %(ip)s"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_send_wizard.py:0
+#, python-format
+msgid "Created by %s"
+msgstr "Creato da %s"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__create_date
+#: model:ir.model.fields,field_description:vault.field_vault__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_entry__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_field__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_file__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_log__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_right__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_tag__create_date
+msgid "Created on"
+msgstr "Creato il"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__crypted_content
+msgid "Crypted Content"
+msgstr "Contenuto criptato"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__current
+msgid "Current"
+msgstr "Attuale"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+msgid "Custom JSON format <b>.json</b>"
+msgstr "JSON personalizzato formato <b>.json</b>"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__content
+msgid "Database"
+msgstr "Database"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_delete
+msgid "Delete"
+msgstr "Cancella"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__display_name
+#: model:ir.model.fields,field_description:vault.field_vault__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_entry__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_field__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_file__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_log__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_right__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_tag__display_name
+msgid "Display Name"
+msgstr "Nome visualizzato"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid "Do you really want to create a new key pair and set it active?"
+msgstr "Si vuole veramente creare un nuovo paio di chiavi e impostare attive?"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__content
+msgid "Download"
+msgstr "Scarica"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#, python-format
+msgid "Enter"
+msgstr "Inserire"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Enter your password:"
+msgstr "Inserire password:"
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_open_entries
+#: model:ir.model.fields,field_description:vault.field_vault__entry_ids
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__entry_id
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Entries"
+msgstr "Voci"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__entry_id
+#: model:ir.model.fields,field_description:vault.field_vault_field__entry_id
+#: model:ir.model.fields,field_description:vault.field_vault_file__entry_id
+#: model:ir.model.fields,field_description:vault.field_vault_log__entry_id
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__entry_id
+msgid "Entry"
+msgstr "Voce"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_entry.py:0
+#: model:ir.model,name:vault.model_vault_entry
+#, python-format
+msgid "Entry inside a vault"
+msgstr "Voce in un deposito di sicurezza"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_log.py:0
+#, python-format
+msgid "Error"
+msgstr "Errore"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__expiration
+msgid "Expiration"
+msgstr "Scadenza"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__expired
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+msgid "Expired"
+msgstr "Scaduta"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__expire_date
+msgid "Expires on"
+msgstr "Scade il"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_config_settings__group_vault_export
+msgid "Export Vaults"
+msgstr "Esporta depositi di sicurezza"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault.py:0
+#: code:addons/vault/models/vault_entry.py:0
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+#, python-format
+msgid "Export to file"
+msgstr "Esporta in un file"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_export_wizard.py:0
+#: model:ir.model,name:vault.model_vault_export_wizard
+#, python-format
+msgid "Export wizard for vaults"
+msgstr "Procedura guidata esportazione depositi di sicurezza"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/vault.esm.js:0
+#, python-format
+msgid "Failed to export keys to object store"
+msgstr "Fall'ita l'esportazione delle chiavi nell'oggetto deposito"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/vault.esm.js:0
+#, python-format
+msgid "Failed to export the keys to the database"
+msgstr "Fallita l'esportazione delle chiavi nel database"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/vault.esm.js:0
+#, python-format
+msgid "Failed to import keys from database"
+msgstr "Fall'ita l'importazione delle chiavi dal database"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_field.py:0
+#: model:ir.model,name:vault.model_vault_field
+#, python-format
+msgid "Field of a vault"
+msgstr "Campo di un deposito di sicurezza"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__field_ids
+#: model:ir.model.fields,field_description:vault.field_vault_entry__field_ids
+msgid "Fields"
+msgstr "Campi"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_file.py:0
+#: model:ir.model,name:vault.model_vault_file
+#, python-format
+msgid "File of a vault"
+msgstr "File di un deposito di sicurezza"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "File to share:"
+msgstr "File da condividere:"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__filename
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__filename
+msgid "Filename"
+msgstr "Nome file"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__file_ids
+#: model:ir.model.fields,field_description:vault.field_vault_entry__file_ids
+msgid "Files"
+msgstr "File"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__fingerprint
+msgid "Fingerprint"
+msgstr "Impronta"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Generate"
+msgstr "Genera"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Generate a new secret:"
+msgstr "Genera un nuovo segreto:"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_right_overview_search
+msgid "Grouped"
+msgstr "Raggruppati"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Hide"
+msgstr "Nascondi"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__id
+#: model:ir.model.fields,field_description:vault.field_vault__id
+#: model:ir.model.fields,field_description:vault.field_vault_entry__id
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__id
+#: model:ir.model.fields,field_description:vault.field_vault_field__id
+#: model:ir.model.fields,field_description:vault.field_vault_file__id
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__id
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__id
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__id
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__id
+#: model:ir.model.fields,field_description:vault.field_vault_log__id
+#: model:ir.model.fields,field_description:vault.field_vault_right__id
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__id
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__id
+#: model:ir.model.fields,field_description:vault.field_vault_tag__id
+msgid "ID"
+msgstr "ID"
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_inbox__expiration
+msgid "If expired the inbox can't be written using the link"
+msgstr ""
+"Se scaduto il contenitore di arrivo none può essere scritto utilizzando il "
+"collegamento"
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_inbox__accesses
+msgid "If this is 0 the inbox can't be written using the link"
+msgstr ""
+"Se questo è 0 il contenitore di arrivo non può essere scritto utilizzando il "
+"collegamento"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+msgid "Import"
+msgstr "Importa"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_config_settings__group_vault_import
+msgid "Import Vaults"
+msgstr "Importa depositi di sicurezza"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault.py:0
+#: code:addons/vault/models/vault_entry.py:0
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+#, python-format
+msgid "Import from file"
+msgstr "Importa da file"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_import_wizard.py:0
+#: model:ir.model,name:vault.model_vault_import_wizard
+#, python-format
+msgid "Import wizard for vaults"
+msgstr "Procedura guidata importazione depositi di sicurezza"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_import_wizard.py:0
+#: model:ir.model,name:vault.model_vault_import_wizard_path
+#, python-format
+msgid "Import wizard path for vaults"
+msgstr "Percorso procedura guidata importazione depositi di sicurezza"
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_vault_inbox
+#: model:ir.model.fields,field_description:vault.field_res_users__inbox_ids
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__inbox_id
+#: model:ir.ui.menu,name:vault.menu_vault_inbox
+msgid "Inbox"
+msgstr "Deposito in arrivo"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__inbox_enabled
+msgid "Inbox Enabled"
+msgstr "Deposito in arrivo abilitato"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__inbox_link
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__inbox_link
+msgid "Inbox Link"
+msgstr "Collegamento deposito in arrivo"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__inbox_token
+msgid "Inbox Token"
+msgstr "Token deposito in arrivo"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__include_childs
+msgid "Include Childs"
+msgstr "Includi figli"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_log.py:0
+#, python-format
+msgid "Information"
+msgstr "Informazioni"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_import_wizard.py:0
+#, python-format
+msgid "Invalid file to import from"
+msgstr "File da cui importare non valido"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/res_users_key.py:0
+#: code:addons/vault/models/res_users_key.py:0
+#: code:addons/vault/models/res_users_key.py:0
+#, python-format
+msgid "Invalid parameter"
+msgstr "Parametro non valido"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Invalid token"
+msgstr "Token non valido"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+msgid "Invalidate private key"
+msgstr "Invalida chiave privata"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__iterations
+msgid "Iterations"
+msgstr "Iterazioni"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__iv
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__iv
+#: model:ir.model.fields,field_description:vault.field_vault_field__iv
+#: model:ir.model.fields,field_description:vault.field_vault_file__iv
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__iv
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__iv
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__iv
+msgid "Iv"
+msgstr "Iv"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+msgid "Keepass Database <b>.kdbx</b>"
+msgstr "Database Keepass <b>.kdbx</b>"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__key
+#: model:ir.model.fields,field_description:vault.field_vault_right__key
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__key
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__key
+msgid "Key"
+msgstr "Chiave"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/user_menu.esm.js:0
+#, python-format
+msgid "Key Management"
+msgstr "Gestione chiave"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__key_user
+msgid "Key User"
+msgstr "Utente chiave"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Keyfile:"
+msgstr "File chiave:"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__keys
+msgid "Keys"
+msgstr "Chiavi"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key____last_update
+#: model:ir.model.fields,field_description:vault.field_vault____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_entry____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_field____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_file____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_inbox____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_log____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_right____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_tag____last_update
+msgid "Last Modified on"
+msgstr "Ultima modifica il"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_entry__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_field__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_file__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_log__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_right__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_tag__write_uid
+msgid "Last Updated by"
+msgstr "Ultimo aggiornamento di"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__write_date
+#: model:ir.model.fields,field_description:vault.field_vault__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_entry__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_field__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_file__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_log__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_right__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_tag__write_date
+msgid "Last Updated on"
+msgstr "Ultimo aggiornamento il"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Length:"
+msgstr "Lunghezza:"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__log_ids
+#: model:ir.model.fields,field_description:vault.field_vault_entry__log_ids
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__log_ids
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Log"
+msgstr "Log"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_log.py:0
+#: model:ir.model,name:vault.model_vault_log
+#, python-format
+msgid "Log entry of a vault"
+msgstr "Registra valori di un deposito di sicurezza"
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_res_users_keys
+msgid "Manage my keys"
+msgstr "Gestione mie chiavi"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_field__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_file__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_right__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__master_key
+msgid "Master Key"
+msgstr "Chiave master"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_log__message
+msgid "Message"
+msgstr "Messaggio"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Missing filename"
+msgstr "Nome file mancante"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#, python-format
+msgid "Missing password"
+msgstr "Password mancante"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__model
+msgid "Model"
+msgstr "Modello"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_config_settings__module_vault_share
+msgid "Module Vault Share"
+msgstr "Modulo condivisione deposito di sicurezza"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__name
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__name
+#: model:ir.model.fields,field_description:vault.field_vault_entry__name
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__name
+#: model:ir.model.fields,field_description:vault.field_vault_field__name
+#: model:ir.model.fields,field_description:vault.field_vault_file__name
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__name
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__name
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__name
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__name
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__name
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__name
+#: model:ir.model.fields,field_description:vault.field_vault_tag__name
+msgid "Name"
+msgstr "Nome"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "Name of your secret:"
+msgstr "Nome del segreto:"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_send_wizard.py:0
+#, python-format
+msgid "Neither a secret nor file was given"
+msgstr "Non è stato fornito ne un segreto ne un file"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+msgid "New inbox link"
+msgstr "Nuovo collegamento deposito in ingresso"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+msgid "New private key"
+msgstr "Nuova chiave privata"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "No secret found"
+msgstr "Nessun segreto trovato"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox.py:0
+#: code:addons/vault/wizards/vault_send_wizard.py:0
+#: model:ir.model.constraint,message:vault.constraint_vault_inbox_value_check
+#: model:ir.model.constraint,message:vault.constraint_vault_send_wizard_value_check
+#, python-format
+msgid "No value found"
+msgstr "Nessun valore trovato"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+msgid "Not Expired"
+msgstr "Non scaduto"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__note
+#: model:ir.model.fields,field_description:vault.field_vault_entry__note
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+msgid "Note"
+msgstr "Nota"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_entry__user_id
+msgid "Owner"
+msgstr "Proprietario"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__parent_id
+msgid "Parent"
+msgstr "Padre"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__parent_id
+msgid "Parent Entry"
+msgstr "Valore padre"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Password:"
+msgstr "Password:"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__path
+msgid "Path to import"
+msgstr "Percorso di importazione"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_entry__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_field__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_file__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_user
+msgid "Perm User"
+msgstr "Utente permanente"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/export.esm.js:0
+#: code:addons/vault/static/src/backend/import.esm.js:0
+#, python-format
+msgid "Please enter the password for the database"
+msgstr "Inserire la password per il database"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/import.esm.js:0
+#, python-format
+msgid "Please enter the password for the keepass database"
+msgstr "Inserire la password per il database Keepass"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/vault.esm.js:0
+#, python-format
+msgid "Please enter the password for your private key"
+msgstr "Inserire la password per la chiave privata"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Please enter your password or upload a keyfile:"
+msgstr "Inserire la password o caricare un file chiave:"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Please specify a name"
+msgstr "Indicare un nome"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__private
+msgid "Private"
+msgstr "Privato"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__public
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__public
+msgid "Public"
+msgstr "Pubblico"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__public_key
+msgid "Public Key"
+msgstr "Chiave pubblica"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Re-encrypt"
+msgstr "Ri-encripta"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__reencrypt_required
+msgid "Reencrypt Required"
+msgstr "Richiesto ricriptazione"
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_vault_right
+#: model:ir.model.fields,field_description:vault.field_vault__right_ids
+#: model:ir.ui.menu,name:vault.menu_vault_right
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Rights"
+msgstr "Diritti"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__salt
+msgid "Salt"
+msgstr "Salt"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_export_file.esm.js:0
+#: code:addons/vault/static/src/backend/fields/vault_file.esm.js:0
+#, python-format
+msgid "Save As..."
+msgstr "Salva come..."
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Save in a vault"
+msgstr "Salva in un deposito di sicurezza"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__secret
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__secret
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__secret
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "Secret"
+msgstr "Segreto"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__secret_file
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__secret_file
+msgid "Secret File"
+msgstr "File segreto"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__secret_temporary
+msgid "Secret Temporary"
+msgstr "Segreto provvisorio"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "Secret to share:"
+msgstr "Segreto da condividere:"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_send_wizard
+msgid "Send"
+msgstr "Invia"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Send the secret to an user"
+msgstr "Invia segreto ad un utente"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_mixin.esm.js:0
+#, python-format
+msgid "Send the secret to another user"
+msgstr "Invia segreto ad un altro utente"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_share
+msgid "Share"
+msgstr "Condividi"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Show"
+msgstr "Mostra"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Something went wrong with the encryption"
+msgstr "Qualcosa è andato male con la criptazione"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Special"
+msgstr "Speciale"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_log__state
+msgid "State"
+msgstr "Stato"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_store_wizard
+msgid "Store"
+msgstr "Archivia"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_inbox_mixin.esm.js:0
+#, python-format
+msgid "Store the secret in a vault"
+msgstr "Archivia segreto in un deposito di sicurezza"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "Submit secret"
+msgstr "Invia segreto"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Successfully stored"
+msgstr "Archiviato con successo"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__tags
+msgid "Tags"
+msgstr "Etichette"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault.py:0
+#: code:addons/vault/models/vault_entry.py:0
+#: model:ir.model.constraint,message:vault.constraint_vault_entry_vault_uuid_uniq
+#: model:ir.model.constraint,message:vault.constraint_vault_uuid_uniq
+#, python-format
+msgid "The UUID must be unique."
+msgstr "Il codice UUID deve essere univoco."
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_export_file.esm.js:0
+#: code:addons/vault/static/src/backend/fields/vault_file.esm.js:0
+#, python-format
+msgid "The field is empty, there's nothing to save!"
+msgstr "Il campo è vuoto, non c'è niente da salvare!"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+msgid "The files must end on one of the supported file type:"
+msgstr "Il file deve terminare con un tipo file supportato:"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid "The following entries are broken:"
+msgstr "Le seguenti voci sono rovinate:"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#, python-format
+msgid "The passwords aren't matching"
+msgstr "Le password non corrispondono"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/abstract_vault.py:0
+#, python-format
+msgid ""
+"The requested operation can not be completed due to security restrictions."
+msgstr ""
+"L'operazione richiesta non può essere completata per restrizioni di "
+"sicurezza."
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_tag.py:0
+#: model:ir.model.constraint,message:vault.constraint_vault_tag_name_uniq
+#, python-format
+msgid "The tag must be unique!"
+msgstr "L'etichetta deve essere univoca!"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_right.py:0
+#: model:ir.model.constraint,message:vault.constraint_vault_right_user_uniq
+#, python-format
+msgid "The user must be unique"
+msgstr "L'utente deve essere univoco"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__token
+msgid "Token"
+msgstr "Token"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/import.esm.js:0
+#, python-format
+msgid "Unsupported file to import"
+msgstr "File non supportati per l'importazione"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__url
+msgid "Url"
+msgstr "URL"
+
+#. module: vault
+#: model:ir.model,name:vault.model_res_users
+#: model:ir.model.fields,field_description:vault.field_res_users_key__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_log__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_right__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__user_id
+msgid "User"
+msgstr "Utente"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/res_users_key.py:0
+#: model:ir.model,name:vault.model_res_users_key
+#, python-format
+msgid "User data of a vault"
+msgstr "Dati utente di un deposito di sicurezza"
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_inbox__inbox_link
+msgid ""
+"Using this link you can write to the current inbox. If you want people to "
+"create new inboxes you should give them your inbox link from your key "
+"management."
+msgstr ""
+"Utilizzando questo collegamento si può scrivere nel deposito di ingresso "
+"attuale. Se si vuole che le persone creino nuovi depositi di ingresso "
+"bisogna fornirgli il collegamento al proprio deposito di ingresso dalla "
+"gestione della propria chiave."
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__uuid
+#: model:ir.model.fields,field_description:vault.field_vault__uuid
+#: model:ir.model.fields,field_description:vault.field_vault_entry__uuid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__uuid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__uuid
+msgid "Uuid"
+msgstr "UUID"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_field__value
+#: model:ir.model.fields,field_description:vault.field_vault_file__value
+msgid "Value"
+msgstr "Valore"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault.py:0
+#: model:ir.actions.act_window,name:vault.action_vault
+#: model:ir.model,name:vault.model_vault
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_entry__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_field__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_file__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_log__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_right__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__vault_id
+#: model:ir.ui.menu,name:vault.menu_vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+#, python-format
+msgid "Vault"
+msgstr "Deposito di sicurezza"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_field.esm.js:0
+#, python-format
+msgid "Vault Field"
+msgstr "Campo deposito di sicurezza"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_file.esm.js:0
+#, python-format
+msgid "Vault File"
+msgstr "File deposito di sicurezza"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_inbox_field.esm.js:0
+#, python-format
+msgid "Vault Inbox Field"
+msgstr "Campo archivio in ingresso deposito di sicurezza"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_inbox_file.esm.js:0
+#, python-format
+msgid "Vault Inbox File"
+msgstr "File archivio in ingresso deposito di sicurezza"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__vault_right_ids
+msgid "Vault Right"
+msgstr "Autorizzazioni deposito di sicurezza"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+msgid "Vault Share"
+msgstr "Condivisione deposito di sicurezza"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox_log.py:0
+#: model:ir.model,name:vault.model_vault_inbox_log
+#, python-format
+msgid "Vault inbox log"
+msgstr "Log archivio in ingresso deposito di sicurezza"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid "Vault is not supported"
+msgstr "Il deposito di sicurezza non è supportato"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_right.py:0
+#: model:ir.model,name:vault.model_vault_right
+#, python-format
+msgid "Vault rights"
+msgstr "Autorizzazioni deposito di sicurezza"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox.py:0
+#: model:ir.model,name:vault.model_vault_inbox
+#, python-format
+msgid "Vault share incoming secrets"
+msgstr "Segreti in ingresso condivisione deposito di sicurezza"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_tag.py:0
+#: model:ir.model,name:vault.model_vault_tag
+#, python-format
+msgid "Vault tag"
+msgstr "Etichetta deposito di sicurezza"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+msgid "Vaults"
+msgstr "Depositi di sicurezza"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Verify"
+msgstr "Verifica"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__version
+msgid "Version"
+msgstr "Versione"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_log.py:0
+#, python-format
+msgid "Warning"
+msgstr "Attenzione"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_store_wizard.py:0
+#: model:ir.model,name:vault.model_vault_store_wizard
+#, python-format
+msgid "Wizard store a shared secret in a vault"
+msgstr ""
+"La procedura guidata salva un segreto condiviso in un deposito di sicurezza"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_send_wizard.py:0
+#: model:ir.model,name:vault.model_vault_send_wizard
+#, python-format
+msgid "Wizard to send another user a secret"
+msgstr "Procedura guidata per inviare un segreto ad un altro utente"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_write
+msgid "Write"
+msgstr "Scrivi"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox.py:0
+#, python-format
+msgid "Written by %(name)s via %(ip)s"
+msgstr "Scritto da %(name)s attraverso %(ip)s"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_entry.py:0
+#, python-format
+msgid "You can not create recursive entries."
+msgstr "Non si possono creare voci ricorsive."
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_send_wizard
+msgid ""
+"You can only send the secret to the user who has generated a key-pair.\n"
+"                        If an user is not showing please ask him to generate these."
+msgstr ""
+"Si possono inviare segreti solo all'utente che ha generato una coppia di "
+"chiavi.\n"
+"                        Se un utente non è visibile chiedergli di generarle."
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+msgid ""
+"You will loose access to all vaults and your inbox. Do you want to continue?"
+msgstr ""
+"Si perderà l'accesso a tutti i depositi di sicurezza e aldeposito in "
+"ingresso. Si vuole continuare?"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "a-z"
+msgstr "a-z"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_send_wizard
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_store_wizard
+msgid "or"
+msgstr "o"
diff --git a/vault/i18n/nl.po b/vault/i18n/nl.po
new file mode 100644
index 0000000000..eeb7fc93f9
--- /dev/null
+++ b/vault/i18n/nl.po
@@ -0,0 +1,1477 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* vault
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 15.0\n"
+"Report-Msgid-Bugs-To: \n"
+"PO-Revision-Date: 2023-05-05 10:45+0000\n"
+"Last-Translator: Bosd <c5e2fd43-d292-4c90-9d1f-74ff3436329a@anonaddy.me>\n"
+"Language-Team: none\n"
+"Language: nl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.14.1\n"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_entry.py:0
+#, python-format
+msgid "%(action)s entry %(name)s by %(user)s"
+msgstr "%(action)s toegang %(name)s door %(user)s"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid "%s '%s' of entry '%s'"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_entry.py:0
+#, python-format
+msgid "%s (copy)"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid ""
+"A secure browser context is required. Please switch to https or contact your "
+"administrator"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "A-Z"
+msgstr "A-Z"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/abstract_vault_field.py:0
+#: model:ir.model,name:vault.model_vault_abstract_field
+#, python-format
+msgid "Abstract model to implement basic fields for encryption"
+msgstr "Abstract model om basisvelden voor encryptie te implementeren"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/abstract_vault.py:0
+#: model:ir.model,name:vault.model_vault_abstract
+#, python-format
+msgid "Abstract model to implement general access rights"
+msgstr "Abstract model om algemene toegangsrechten te implementeren"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__accesses
+msgid "Access counter"
+msgstr "Toegangsteller"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__active_key
+msgid "Active Key"
+msgstr "Actieve sleutel"
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_vault_entry
+#: model:ir.ui.menu,name:vault.menu_vault_entry
+msgid "All Entries"
+msgstr "Alle invoeren"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+msgid "Allow all users to export vaults accessible to them"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+msgid "Allow all users to import vaults accessible to them"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+msgid "Allow the usage to share secrets with external users"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_right__perm_create
+msgid "Allow to create in the vault"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_right__perm_delete
+msgid "Allow to delete a vault"
+msgstr ""
+
+#. module: vault
+#: model:res.groups,name:vault.group_vault_export
+msgid "Allow to export vaults"
+msgstr ""
+
+#. module: vault
+#: model:res.groups,name:vault.group_vault_import
+msgid "Allow to import vaults"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_right__perm_share
+msgid "Allow to share a vault with new users"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_right__perm_write
+msgid "Allow to write to the vault"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_create
+msgid "Allowed Create"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_delete
+msgid "Allowed Delete"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_read
+msgid "Allowed Read"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_share
+msgid "Allowed Share"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_write
+msgid "Allowed Write"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "An error occured. Please contact the user or administrator"
+msgstr ""
+"Er is een fout opgetreden. Neem contact op met de gebruiker of beheerder"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_right_overview_search
+msgid "By user"
+msgstr "Door gebruiker"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_right_overview_search
+msgid "By vault"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_send_wizard
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_store_wizard
+#, python-format
+msgid "Cancel"
+msgstr "Annuleer"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#, python-format
+msgid "Cancelled"
+msgstr "Geannuleerd"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Characters:"
+msgstr "Karakters:"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__child_ids
+msgid "Child"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+msgid "Childs"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_export_wizard
+msgid "Close"
+msgstr "Sluiten"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__entry_name
+#: model:ir.model.fields,field_description:vault.field_vault_entry__complete_name
+#: model:ir.model.fields,field_description:vault.field_vault_field__entry_name
+#: model:ir.model.fields,field_description:vault.field_vault_file__entry_name
+msgid "Complete Name"
+msgstr "Volledige naam"
+
+#. module: vault
+#: model:ir.model,name:vault.model_res_config_settings
+msgid "Config Settings"
+msgstr "Configuratie-instellingen"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Confirm your password:"
+msgstr "Bevestig uw wachtwoord:"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+msgid "Content"
+msgstr "Inhoud"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Copy to clipboard"
+msgstr "Kopiëren naar klembord"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_create
+msgid "Create"
+msgstr "Aanmaken"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_entry__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_field__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_file__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_log__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_right__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_tag__create_uid
+msgid "Created by"
+msgstr "Aangemaakt door"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox.py:0
+#, python-format
+msgid "Created by %(name)s via %(ip)s"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_send_wizard.py:0
+#, python-format
+msgid "Created by %s"
+msgstr "Aangemaakt door %s"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__create_date
+#: model:ir.model.fields,field_description:vault.field_vault__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_entry__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_field__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_file__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_log__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_right__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_tag__create_date
+msgid "Created on"
+msgstr "Aangemaakt op"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__crypted_content
+msgid "Crypted Content"
+msgstr "Versleutelde inhoud"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__current
+msgid "Current"
+msgstr "Huidig"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+msgid "Custom JSON format <b>.json</b>"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__content
+msgid "Database"
+msgstr "Database"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_delete
+msgid "Delete"
+msgstr "Verwijder"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__display_name
+#: model:ir.model.fields,field_description:vault.field_vault__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_entry__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_field__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_file__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_log__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_right__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_tag__display_name
+msgid "Display Name"
+msgstr "Schermnaam"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid "Do you really want to create a new key pair and set it active?"
+msgstr "Wilt u echt een nieuw sleutelpaar aanmaken en activeren?"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__content
+msgid "Download"
+msgstr "Download"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#, python-format
+msgid "Enter"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Enter your password:"
+msgstr "Voer uw wachtwoord in:"
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_open_entries
+#: model:ir.model.fields,field_description:vault.field_vault__entry_ids
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__entry_id
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Entries"
+msgstr "Boekingen"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__entry_id
+#: model:ir.model.fields,field_description:vault.field_vault_field__entry_id
+#: model:ir.model.fields,field_description:vault.field_vault_file__entry_id
+#: model:ir.model.fields,field_description:vault.field_vault_log__entry_id
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__entry_id
+msgid "Entry"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_entry.py:0
+#: model:ir.model,name:vault.model_vault_entry
+#, python-format
+msgid "Entry inside a vault"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_log.py:0
+#, python-format
+msgid "Error"
+msgstr "Fout"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__expiration
+msgid "Expiration"
+msgstr "Vervaldatum"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__expired
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+msgid "Expired"
+msgstr "Verlopen"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__expire_date
+msgid "Expires on"
+msgstr "Verloopt op"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_config_settings__group_vault_export
+msgid "Export Vaults"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault.py:0
+#: code:addons/vault/models/vault_entry.py:0
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+#, python-format
+msgid "Export to file"
+msgstr "Export naar bestand"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_export_wizard.py:0
+#: model:ir.model,name:vault.model_vault_export_wizard
+#, python-format
+msgid "Export wizard for vaults"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/vault.esm.js:0
+#, python-format
+msgid "Failed to export keys to object store"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/vault.esm.js:0
+#, python-format
+msgid "Failed to export the keys to the database"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/vault.esm.js:0
+#, python-format
+msgid "Failed to import keys from database"
+msgstr "Kan geen sleutels uit database importeren"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_field.py:0
+#: model:ir.model,name:vault.model_vault_field
+#, python-format
+msgid "Field of a vault"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__field_ids
+#: model:ir.model.fields,field_description:vault.field_vault_entry__field_ids
+msgid "Fields"
+msgstr "Velden"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_file.py:0
+#: model:ir.model,name:vault.model_vault_file
+#, python-format
+msgid "File of a vault"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "File to share:"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__filename
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__filename
+msgid "Filename"
+msgstr "Bestandsnaam"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__file_ids
+#: model:ir.model.fields,field_description:vault.field_vault_entry__file_ids
+msgid "Files"
+msgstr "Bestanden"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__fingerprint
+msgid "Fingerprint"
+msgstr "Fingerprint"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Generate"
+msgstr "Genereer"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Generate a new secret:"
+msgstr "Genereer een nieuw geheim:"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_right_overview_search
+msgid "Grouped"
+msgstr "Gegroepeerd"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Hide"
+msgstr "Verbergen"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__id
+#: model:ir.model.fields,field_description:vault.field_vault__id
+#: model:ir.model.fields,field_description:vault.field_vault_entry__id
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__id
+#: model:ir.model.fields,field_description:vault.field_vault_field__id
+#: model:ir.model.fields,field_description:vault.field_vault_file__id
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__id
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__id
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__id
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__id
+#: model:ir.model.fields,field_description:vault.field_vault_log__id
+#: model:ir.model.fields,field_description:vault.field_vault_right__id
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__id
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__id
+#: model:ir.model.fields,field_description:vault.field_vault_tag__id
+msgid "ID"
+msgstr "ID"
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_inbox__expiration
+msgid "If expired the inbox can't be written using the link"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_inbox__accesses
+msgid "If this is 0 the inbox can't be written using the link"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+msgid "Import"
+msgstr "Import"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_config_settings__group_vault_import
+msgid "Import Vaults"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault.py:0
+#: code:addons/vault/models/vault_entry.py:0
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+#, python-format
+msgid "Import from file"
+msgstr "Importeren uit bestand"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_import_wizard.py:0
+#: model:ir.model,name:vault.model_vault_import_wizard
+#, python-format
+msgid "Import wizard for vaults"
+msgstr "Wizard voor het importeren van kluizen"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_import_wizard.py:0
+#: model:ir.model,name:vault.model_vault_import_wizard_path
+#, python-format
+msgid "Import wizard path for vaults"
+msgstr ""
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_vault_inbox
+#: model:ir.model.fields,field_description:vault.field_res_users__inbox_ids
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__inbox_id
+#: model:ir.ui.menu,name:vault.menu_vault_inbox
+msgid "Inbox"
+msgstr "Inbox"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__inbox_enabled
+msgid "Inbox Enabled"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__inbox_link
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__inbox_link
+msgid "Inbox Link"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__inbox_token
+msgid "Inbox Token"
+msgstr "Inbox Token"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__include_childs
+msgid "Include Childs"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_log.py:0
+#, python-format
+msgid "Information"
+msgstr "Informatie"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_import_wizard.py:0
+#, python-format
+msgid "Invalid file to import from"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/res_users_key.py:0
+#, python-format
+msgid "Invalid parameter"
+msgstr "Ongeldige parameter"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Invalid token"
+msgstr "Ongeldige token"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+msgid "Invalidate private key"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__iterations
+msgid "Iterations"
+msgstr "Iteraties"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__iv
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__iv
+#: model:ir.model.fields,field_description:vault.field_vault_field__iv
+#: model:ir.model.fields,field_description:vault.field_vault_file__iv
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__iv
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__iv
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__iv
+msgid "Iv"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+msgid "Keepass Database <b>.kdbx</b>"
+msgstr "Keepass Database <b>.kdbx</b>"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__key
+#: model:ir.model.fields,field_description:vault.field_vault_right__key
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__key
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__key
+msgid "Key"
+msgstr "Sleutel"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/user_menu.esm.js:0
+#, python-format
+msgid "Key Management"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__key_user
+msgid "Key User"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Keyfile:"
+msgstr "Keyfile:"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__keys
+msgid "Keys"
+msgstr "Keys"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key____last_update
+#: model:ir.model.fields,field_description:vault.field_vault____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_entry____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_field____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_file____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_inbox____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_log____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_right____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_tag____last_update
+msgid "Last Modified on"
+msgstr "Laatst gewijzigd op"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_entry__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_field__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_file__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_log__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_right__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_tag__write_uid
+msgid "Last Updated by"
+msgstr "Laatst bijgewerkt door"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__write_date
+#: model:ir.model.fields,field_description:vault.field_vault__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_entry__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_field__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_file__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_log__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_right__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_tag__write_date
+msgid "Last Updated on"
+msgstr "Laatst bijgewerkt op"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Length:"
+msgstr "Lengte:"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__log_ids
+#: model:ir.model.fields,field_description:vault.field_vault_entry__log_ids
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__log_ids
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Log"
+msgstr "Log"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_log.py:0
+#: model:ir.model,name:vault.model_vault_log
+#, python-format
+msgid "Log entry of a vault"
+msgstr "Logboekvermelding van een kluis"
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_res_users_keys
+msgid "Manage my keys"
+msgstr "Beheer mijn sleutels"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_field__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_file__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_right__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__master_key
+msgid "Master Key"
+msgstr "Hoofdsleutel"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_log__message
+msgid "Message"
+msgstr "Bericht"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Missing filename"
+msgstr "Ontbrekende bestandsnaam"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#, python-format
+msgid "Missing password"
+msgstr "Ontbrekend wachtwoord"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__model
+msgid "Model"
+msgstr "Type"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_config_settings__module_vault_share
+msgid "Module Vault Share"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__name
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__name
+#: model:ir.model.fields,field_description:vault.field_vault_entry__name
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__name
+#: model:ir.model.fields,field_description:vault.field_vault_field__name
+#: model:ir.model.fields,field_description:vault.field_vault_file__name
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__name
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__name
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__name
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__name
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__name
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__name
+#: model:ir.model.fields,field_description:vault.field_vault_tag__name
+msgid "Name"
+msgstr "Naam"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "Name of your secret:"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_send_wizard.py:0
+#, python-format
+msgid "Neither a secret nor file was given"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+msgid "New inbox link"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+msgid "New private key"
+msgstr "Nieuwe privésleutel"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "No secret found"
+msgstr "Geen geheim gevonden"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox.py:0
+#: code:addons/vault/wizards/vault_send_wizard.py:0
+#: model:ir.model.constraint,message:vault.constraint_vault_inbox_value_check
+#: model:ir.model.constraint,message:vault.constraint_vault_send_wizard_value_check
+#, python-format
+msgid "No value found"
+msgstr "Geen waarde gevonden"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+msgid "Not Expired"
+msgstr "Niet verlopen"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__note
+#: model:ir.model.fields,field_description:vault.field_vault_entry__note
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+msgid "Note"
+msgstr "Notitie"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_entry__user_id
+msgid "Owner"
+msgstr "Eigenaar"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__parent_id
+msgid "Parent"
+msgstr "Bovenliggend"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__parent_id
+msgid "Parent Entry"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Password:"
+msgstr "Wachtwoord:"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__path
+msgid "Path to import"
+msgstr "Pad om te importeren"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_entry__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_field__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_file__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_user
+msgid "Perm User"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/export.esm.js:0
+#: code:addons/vault/static/src/backend/import.esm.js:0
+#, python-format
+msgid "Please enter the password for the database"
+msgstr "Voer het wachtwoord van de database in"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/import.esm.js:0
+#, python-format
+msgid "Please enter the password for the keepass database"
+msgstr "Voer het wachtwoord van de keepass database in"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/vault.esm.js:0
+#, python-format
+msgid "Please enter the password for your private key"
+msgstr "Voer het wachtwoord voor uw privésleutel in"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Please enter your password or upload a keyfile:"
+msgstr "Voer uw wachtwoord in of upload een keyfile:"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Please specify a name"
+msgstr "Geef een naam op"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__private
+msgid "Private"
+msgstr "Privé"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__public
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__public
+msgid "Public"
+msgstr "Openbaar"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__public_key
+msgid "Public Key"
+msgstr "Openbare sleutel"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Re-encrypt"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__reencrypt_required
+msgid "Reencrypt Required"
+msgstr ""
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_vault_right
+#: model:ir.model.fields,field_description:vault.field_vault__right_ids
+#: model:ir.ui.menu,name:vault.menu_vault_right
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Rights"
+msgstr "Rechten"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__salt
+msgid "Salt"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_export_file.esm.js:0
+#: code:addons/vault/static/src/backend/fields/vault_file.esm.js:0
+#, python-format
+msgid "Save As..."
+msgstr "Opslaan als..."
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Save in a vault"
+msgstr "Opslaan in een kluis"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__secret
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__secret
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__secret
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "Secret"
+msgstr "Geheim"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__secret_file
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__secret_file
+msgid "Secret File"
+msgstr "Secret File"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__secret_temporary
+msgid "Secret Temporary"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "Secret to share:"
+msgstr "Geheim om te delen:"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_send_wizard
+msgid "Send"
+msgstr "Verzenden"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Send the secret to an user"
+msgstr "Verzend het geheim naar een gebruiker"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_mixin.esm.js:0
+#, python-format
+msgid "Send the secret to another user"
+msgstr "Verzend het geheim naar een andere gebruiker"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_share
+msgid "Share"
+msgstr "Delen"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Show"
+msgstr "Toon"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Something went wrong with the encryption"
+msgstr "Er ging iets mis met de encryptie"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Special"
+msgstr "Speciaal"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_log__state
+msgid "State"
+msgstr "Status"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_store_wizard
+msgid "Store"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_inbox_mixin.esm.js:0
+#, python-format
+msgid "Store the secret in a vault"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "Submit secret"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Successfully stored"
+msgstr "Succesvol opgeslagen"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__tags
+msgid "Tags"
+msgstr "Labels"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault.py:0
+#: code:addons/vault/models/vault_entry.py:0
+#: model:ir.model.constraint,message:vault.constraint_vault_entry_vault_uuid_uniq
+#: model:ir.model.constraint,message:vault.constraint_vault_uuid_uniq
+#, python-format
+msgid "The UUID must be unique."
+msgstr "De UUID moet uniek zijn."
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_export_file.esm.js:0
+#: code:addons/vault/static/src/backend/fields/vault_file.esm.js:0
+#, python-format
+msgid "The field is empty, there's nothing to save!"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+msgid "The files must end on one of the supported file type:"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid "The following entries are broken:"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#, python-format
+msgid "The passwords aren't matching"
+msgstr "De wachtwoorden komen niet overeen"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/abstract_vault.py:0
+#, python-format
+msgid ""
+"The requested operation can not be completed due to security restrictions."
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_tag.py:0
+#: model:ir.model.constraint,message:vault.constraint_vault_tag_name_uniq
+#, python-format
+msgid "The tag must be unique!"
+msgstr "Het label moet uniek zijn!"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_right.py:0
+#: model:ir.model.constraint,message:vault.constraint_vault_right_user_uniq
+#, python-format
+msgid "The user must be unique"
+msgstr "De gebruiker moet uniek zijn"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__token
+msgid "Token"
+msgstr "Token"
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/import.esm.js:0
+#, python-format
+msgid "Unsupported file to import"
+msgstr "Niet ondersteund bestand voor import"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__url
+msgid "Url"
+msgstr "Url"
+
+#. module: vault
+#: model:ir.model,name:vault.model_res_users
+#: model:ir.model.fields,field_description:vault.field_res_users_key__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_log__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_right__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__user_id
+msgid "User"
+msgstr "Gebruiker"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/res_users_key.py:0
+#: model:ir.model,name:vault.model_res_users_key
+#, python-format
+msgid "User data of a vault"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_inbox__inbox_link
+msgid ""
+"Using this link you can write to the current inbox. If you want people to "
+"create new inboxes you should give them your inbox link from your key "
+"management."
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__uuid
+#: model:ir.model.fields,field_description:vault.field_vault__uuid
+#: model:ir.model.fields,field_description:vault.field_vault_entry__uuid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__uuid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__uuid
+msgid "Uuid"
+msgstr "Uuid"
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_field__value
+#: model:ir.model.fields,field_description:vault.field_vault_file__value
+msgid "Value"
+msgstr "Waarde"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault.py:0
+#: model:ir.actions.act_window,name:vault.action_vault
+#: model:ir.model,name:vault.model_vault
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_entry__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_field__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_file__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_log__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_right__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__vault_id
+#: model:ir.ui.menu,name:vault.menu_vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+#, python-format
+msgid "Vault"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_field.esm.js:0
+#, python-format
+msgid "Vault Field"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_file.esm.js:0
+#, python-format
+msgid "Vault File"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_inbox_field.esm.js:0
+#, python-format
+msgid "Vault Inbox Field"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_inbox_file.esm.js:0
+#, python-format
+msgid "Vault Inbox File"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__vault_right_ids
+msgid "Vault Right"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+msgid "Vault Share"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox_log.py:0
+#: model:ir.model,name:vault.model_vault_inbox_log
+#, python-format
+msgid "Vault inbox log"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid "Vault is not supported"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_right.py:0
+#: model:ir.model,name:vault.model_vault_right
+#, python-format
+msgid "Vault rights"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox.py:0
+#: model:ir.model,name:vault.model_vault_inbox
+#, python-format
+msgid "Vault share incoming secrets"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_tag.py:0
+#: model:ir.model,name:vault.model_vault_tag
+#, python-format
+msgid "Vault tag"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+msgid "Vaults"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Verify"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__version
+msgid "Version"
+msgstr "Versie"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_log.py:0
+#, python-format
+msgid "Warning"
+msgstr "Waarschuwing"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_store_wizard.py:0
+#: model:ir.model,name:vault.model_vault_store_wizard
+#, python-format
+msgid "Wizard store a shared secret in a vault"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_send_wizard.py:0
+#: model:ir.model,name:vault.model_vault_send_wizard
+#, python-format
+msgid "Wizard to send another user a secret"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_write
+msgid "Write"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox.py:0
+#, python-format
+msgid "Written by %(name)s via %(ip)s"
+msgstr "Geschreven door %(name)s via %(ip)s"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_entry.py:0
+#, python-format
+msgid "You can not create recursive entries."
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_send_wizard
+msgid ""
+"You can only send the secret to the user who has generated a key-pair.\n"
+"                        If an user is not showing please ask him to generate "
+"these."
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+msgid ""
+"You will loose access to all vaults and your inbox. Do you want to continue?"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "a-z"
+msgstr "a-z"
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_send_wizard
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_store_wizard
+msgid "or"
+msgstr "of"
+
+#~ msgid "Users"
+#~ msgstr "Gebruikers"
+
+#, python-format
+#~ msgid ""
+#~ "This will re-encrypt everything in the vault. Do you want to proceed?"
+#~ msgstr "Dit zal alles in de kluis opnieuw versleutelen. Wil je doorgaan?"
diff --git a/vault/i18n/vault.pot b/vault/i18n/vault.pot
new file mode 100644
index 0000000000..1ff8dfa7d6
--- /dev/null
+++ b/vault/i18n/vault.pot
@@ -0,0 +1,1478 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* vault
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_entry.py:0
+#, python-format
+msgid "%(action)s entry %(name)s by %(user)s"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid "%s '%s' of entry '%s'"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_entry.py:0
+#, python-format
+msgid "%s (copy)"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid ""
+"A secure browser context is required. Please switch to https or contact your"
+" administrator"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "A-Z"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/abstract_vault_field.py:0
+#: model:ir.model,name:vault.model_vault_abstract_field
+#, python-format
+msgid "Abstract model to implement basic fields for encryption"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/abstract_vault.py:0
+#: model:ir.model,name:vault.model_vault_abstract
+#, python-format
+msgid "Abstract model to implement general access rights"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__accesses
+msgid "Access counter"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__active_key
+msgid "Active Key"
+msgstr ""
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_vault_entry
+#: model:ir.ui.menu,name:vault.menu_vault_entry
+msgid "All Entries"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+msgid "Allow all users to export vaults accessible to them"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+msgid "Allow all users to import vaults accessible to them"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+msgid "Allow the usage to share secrets with external users"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_right__perm_create
+msgid "Allow to create in the vault"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_right__perm_delete
+msgid "Allow to delete a vault"
+msgstr ""
+
+#. module: vault
+#: model:res.groups,name:vault.group_vault_export
+msgid "Allow to export vaults"
+msgstr ""
+
+#. module: vault
+#: model:res.groups,name:vault.group_vault_import
+msgid "Allow to import vaults"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_right__perm_share
+msgid "Allow to share a vault with new users"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_right__perm_write
+msgid "Allow to write to the vault"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_create
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_create
+msgid "Allowed Create"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_delete
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_delete
+msgid "Allowed Delete"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_read
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_read
+msgid "Allowed Read"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_share
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_share
+msgid "Allowed Share"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_entry__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_field__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_file__allowed_write
+#: model:ir.model.fields,field_description:vault.field_vault_right__allowed_write
+msgid "Allowed Write"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "An error occured. Please contact the user or administrator"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_right_overview_search
+msgid "By user"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_right_overview_search
+msgid "By vault"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_send_wizard
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_store_wizard
+#, python-format
+msgid "Cancel"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#, python-format
+msgid "Cancelled"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Characters:"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__child_ids
+msgid "Child"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+msgid "Childs"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_export_wizard
+msgid "Close"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__entry_name
+#: model:ir.model.fields,field_description:vault.field_vault_entry__complete_name
+#: model:ir.model.fields,field_description:vault.field_vault_field__entry_name
+#: model:ir.model.fields,field_description:vault.field_vault_file__entry_name
+msgid "Complete Name"
+msgstr ""
+
+#. module: vault
+#: model:ir.model,name:vault.model_res_config_settings
+msgid "Config Settings"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Confirm your password:"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+msgid "Content"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Copy to clipboard"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_create
+msgid "Create"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_entry__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_field__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_file__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_log__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_right__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__create_uid
+#: model:ir.model.fields,field_description:vault.field_vault_tag__create_uid
+msgid "Created by"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox.py:0
+#, python-format
+msgid "Created by %(name)s via %(ip)s"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_send_wizard.py:0
+#, python-format
+msgid "Created by %s"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__create_date
+#: model:ir.model.fields,field_description:vault.field_vault__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_entry__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_field__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_file__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_log__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_right__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__create_date
+#: model:ir.model.fields,field_description:vault.field_vault_tag__create_date
+msgid "Created on"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__crypted_content
+msgid "Crypted Content"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__current
+msgid "Current"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+msgid "Custom JSON format <b>.json</b>"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__content
+msgid "Database"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_delete
+msgid "Delete"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__display_name
+#: model:ir.model.fields,field_description:vault.field_vault__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_entry__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_field__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_file__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_log__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_right__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__display_name
+#: model:ir.model.fields,field_description:vault.field_vault_tag__display_name
+msgid "Display Name"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid "Do you really want to create a new key pair and set it active?"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__content
+msgid "Download"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#, python-format
+msgid "Enter"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Enter your password:"
+msgstr ""
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_open_entries
+#: model:ir.model.fields,field_description:vault.field_vault__entry_ids
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__entry_id
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Entries"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__entry_id
+#: model:ir.model.fields,field_description:vault.field_vault_field__entry_id
+#: model:ir.model.fields,field_description:vault.field_vault_file__entry_id
+#: model:ir.model.fields,field_description:vault.field_vault_log__entry_id
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__entry_id
+msgid "Entry"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_entry.py:0
+#: model:ir.model,name:vault.model_vault_entry
+#, python-format
+msgid "Entry inside a vault"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_log.py:0
+#, python-format
+msgid "Error"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__expiration
+msgid "Expiration"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__expired
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+msgid "Expired"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__expire_date
+msgid "Expires on"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_config_settings__group_vault_export
+msgid "Export Vaults"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault.py:0
+#: code:addons/vault/models/vault_entry.py:0
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+#, python-format
+msgid "Export to file"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_export_wizard.py:0
+#: model:ir.model,name:vault.model_vault_export_wizard
+#, python-format
+msgid "Export wizard for vaults"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/vault.esm.js:0
+#, python-format
+msgid "Failed to export keys to object store"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/vault.esm.js:0
+#, python-format
+msgid "Failed to export the keys to the database"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/vault.esm.js:0
+#, python-format
+msgid "Failed to import keys from database"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_field.py:0
+#: model:ir.model,name:vault.model_vault_field
+#, python-format
+msgid "Field of a vault"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__field_ids
+#: model:ir.model.fields,field_description:vault.field_vault_entry__field_ids
+msgid "Fields"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_file.py:0
+#: model:ir.model,name:vault.model_vault_file
+#, python-format
+msgid "File of a vault"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "File to share:"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__filename
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__filename
+msgid "Filename"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__file_ids
+#: model:ir.model.fields,field_description:vault.field_vault_entry__file_ids
+msgid "Files"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__fingerprint
+msgid "Fingerprint"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Generate"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Generate a new secret:"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_right_overview_search
+msgid "Grouped"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Hide"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__id
+#: model:ir.model.fields,field_description:vault.field_vault__id
+#: model:ir.model.fields,field_description:vault.field_vault_entry__id
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__id
+#: model:ir.model.fields,field_description:vault.field_vault_field__id
+#: model:ir.model.fields,field_description:vault.field_vault_file__id
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__id
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__id
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__id
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__id
+#: model:ir.model.fields,field_description:vault.field_vault_log__id
+#: model:ir.model.fields,field_description:vault.field_vault_right__id
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__id
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__id
+#: model:ir.model.fields,field_description:vault.field_vault_tag__id
+msgid "ID"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_inbox__expiration
+msgid "If expired the inbox can't be written using the link"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_inbox__accesses
+msgid "If this is 0 the inbox can't be written using the link"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+msgid "Import"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_config_settings__group_vault_import
+msgid "Import Vaults"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault.py:0
+#: code:addons/vault/models/vault_entry.py:0
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+#, python-format
+msgid "Import from file"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_import_wizard.py:0
+#: model:ir.model,name:vault.model_vault_import_wizard
+#, python-format
+msgid "Import wizard for vaults"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_import_wizard.py:0
+#: model:ir.model,name:vault.model_vault_import_wizard_path
+#, python-format
+msgid "Import wizard path for vaults"
+msgstr ""
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_vault_inbox
+#: model:ir.model.fields,field_description:vault.field_res_users__inbox_ids
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__inbox_id
+#: model:ir.ui.menu,name:vault.menu_vault_inbox
+msgid "Inbox"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__inbox_enabled
+msgid "Inbox Enabled"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__inbox_link
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__inbox_link
+msgid "Inbox Link"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__inbox_token
+msgid "Inbox Token"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__include_childs
+msgid "Include Childs"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_log.py:0
+#, python-format
+msgid "Information"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_import_wizard.py:0
+#, python-format
+msgid "Invalid file to import from"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/res_users_key.py:0
+#: code:addons/vault/models/res_users_key.py:0
+#: code:addons/vault/models/res_users_key.py:0
+#, python-format
+msgid "Invalid parameter"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Invalid token"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+msgid "Invalidate private key"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__iterations
+msgid "Iterations"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__iv
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__iv
+#: model:ir.model.fields,field_description:vault.field_vault_field__iv
+#: model:ir.model.fields,field_description:vault.field_vault_file__iv
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__iv
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__iv
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__iv
+msgid "Iv"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+msgid "Keepass Database <b>.kdbx</b>"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__key
+#: model:ir.model.fields,field_description:vault.field_vault_right__key
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__key
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__key
+msgid "Key"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/user_menu.esm.js:0
+#, python-format
+msgid "Key Management"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__key_user
+msgid "Key User"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Keyfile:"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__keys
+msgid "Keys"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key____last_update
+#: model:ir.model.fields,field_description:vault.field_vault____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_entry____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_field____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_file____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_inbox____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_log____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_right____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard____last_update
+#: model:ir.model.fields,field_description:vault.field_vault_tag____last_update
+msgid "Last Modified on"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_entry__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_field__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_file__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_log__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_right__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__write_uid
+#: model:ir.model.fields,field_description:vault.field_vault_tag__write_uid
+msgid "Last Updated by"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__write_date
+#: model:ir.model.fields,field_description:vault.field_vault__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_entry__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_field__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_file__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_log__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_right__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__write_date
+#: model:ir.model.fields,field_description:vault.field_vault_tag__write_date
+msgid "Last Updated on"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Length:"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__log_ids
+#: model:ir.model.fields,field_description:vault.field_vault_entry__log_ids
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__log_ids
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Log"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_log.py:0
+#: model:ir.model,name:vault.model_vault_log
+#, python-format
+msgid "Log entry of a vault"
+msgstr ""
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_res_users_keys
+msgid "Manage my keys"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_field__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_file__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_right__master_key
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__master_key
+msgid "Master Key"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_log__message
+msgid "Message"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Missing filename"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#, python-format
+msgid "Missing password"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__model
+msgid "Model"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_config_settings__module_vault_share
+msgid "Module Vault Share"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__name
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__name
+#: model:ir.model.fields,field_description:vault.field_vault_entry__name
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__name
+#: model:ir.model.fields,field_description:vault.field_vault_field__name
+#: model:ir.model.fields,field_description:vault.field_vault_file__name
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__name
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__name
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__name
+#: model:ir.model.fields,field_description:vault.field_vault_inbox_log__name
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__name
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__name
+#: model:ir.model.fields,field_description:vault.field_vault_tag__name
+msgid "Name"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "Name of your secret:"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_send_wizard.py:0
+#, python-format
+msgid "Neither a secret nor file was given"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+msgid "New inbox link"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+msgid "New private key"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "No secret found"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox.py:0
+#: code:addons/vault/wizards/vault_send_wizard.py:0
+#: model:ir.model.constraint,message:vault.constraint_vault_inbox_value_check
+#: model:ir.model.constraint,message:vault.constraint_vault_send_wizard_value_check
+#, python-format
+msgid "No value found"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+msgid "Not Expired"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__note
+#: model:ir.model.fields,field_description:vault.field_vault_entry__note
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_form
+msgid "Note"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_entry__user_id
+msgid "Owner"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__parent_id
+msgid "Parent"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__parent_id
+msgid "Parent Entry"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Password:"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__path
+msgid "Path to import"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_entry__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_field__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_file__perm_user
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_user
+msgid "Perm User"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/export.esm.js:0
+#: code:addons/vault/static/src/backend/import.esm.js:0
+#, python-format
+msgid "Please enter the password for the database"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/import.esm.js:0
+#, python-format
+msgid "Please enter the password for the keepass database"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/vault.esm.js:0
+#, python-format
+msgid "Please enter the password for your private key"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Please enter your password or upload a keyfile:"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Please specify a name"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__private
+msgid "Private"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__public
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__public
+msgid "Public"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__public_key
+msgid "Public Key"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Re-encrypt"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault__reencrypt_required
+msgid "Reencrypt Required"
+msgstr ""
+
+#. module: vault
+#: model:ir.actions.act_window,name:vault.action_vault_right
+#: model:ir.model.fields,field_description:vault.field_vault__right_ids
+#: model:ir.ui.menu,name:vault.menu_vault_right
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Rights"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__salt
+msgid "Salt"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_export_file.esm.js:0
+#: code:addons/vault/static/src/backend/fields/vault_file.esm.js:0
+#, python-format
+msgid "Save As..."
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Save in a vault"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__secret
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__secret
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__secret
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "Secret"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__secret_file
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__secret_file
+msgid "Secret File"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__secret_temporary
+msgid "Secret Temporary"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "Secret to share:"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_send_wizard
+msgid "Send"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Send the secret to an user"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_mixin.esm.js:0
+#, python-format
+msgid "Send the secret to another user"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_share
+msgid "Share"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#: code:addons/vault/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Show"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Something went wrong with the encryption"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "Special"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_log__state
+msgid "State"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_store_wizard
+msgid "Store"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_inbox_mixin.esm.js:0
+#, python-format
+msgid "Store the secret in a vault"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.inbox
+msgid "Submit secret"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/controllers/main.py:0
+#, python-format
+msgid "Successfully stored"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__tags
+msgid "Tags"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault.py:0
+#: code:addons/vault/models/vault_entry.py:0
+#: model:ir.model.constraint,message:vault.constraint_vault_entry_vault_uuid_uniq
+#: model:ir.model.constraint,message:vault.constraint_vault_uuid_uniq
+#, python-format
+msgid "The UUID must be unique."
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_export_file.esm.js:0
+#: code:addons/vault/static/src/backend/fields/vault_file.esm.js:0
+#, python-format
+msgid "The field is empty, there's nothing to save!"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+msgid "The files must end on one of the supported file type:"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid "The following entries are broken:"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/common/utils.esm.js:0
+#, python-format
+msgid "The passwords aren't matching"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/abstract_vault.py:0
+#, python-format
+msgid ""
+"The requested operation can not be completed due to security restrictions."
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_tag.py:0
+#: model:ir.model.constraint,message:vault.constraint_vault_tag_name_uniq
+#, python-format
+msgid "The tag must be unique!"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_right.py:0
+#: model:ir.model.constraint,message:vault.constraint_vault_right_user_uniq
+#, python-format
+msgid "The user must be unique"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__token
+msgid "Token"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/import.esm.js:0
+#, python-format
+msgid "Unsupported file to import"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_entry__url
+msgid "Url"
+msgstr ""
+
+#. module: vault
+#: model:ir.model,name:vault.model_res_users
+#: model:ir.model.fields,field_description:vault.field_res_users_key__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_log__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_right__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_send_wizard__user_id
+msgid "User"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/res_users_key.py:0
+#: model:ir.model,name:vault.model_res_users_key
+#, python-format
+msgid "User data of a vault"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,help:vault.field_vault_inbox__inbox_link
+msgid ""
+"Using this link you can write to the current inbox. If you want people to "
+"create new inboxes you should give them your inbox link from your key "
+"management."
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__uuid
+#: model:ir.model.fields,field_description:vault.field_vault__uuid
+#: model:ir.model.fields,field_description:vault.field_vault_entry__uuid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__uuid
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard_path__uuid
+msgid "Uuid"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_field__value
+#: model:ir.model.fields,field_description:vault.field_vault_file__value
+msgid "Value"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault.py:0
+#: model:ir.actions.act_window,name:vault.action_vault
+#: model:ir.model,name:vault.model_vault
+#: model:ir.model.fields,field_description:vault.field_vault_abstract_field__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_entry__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_export_wizard__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_field__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_file__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_import_wizard__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_inbox__user_id
+#: model:ir.model.fields,field_description:vault.field_vault_log__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_right__vault_id
+#: model:ir.model.fields,field_description:vault.field_vault_store_wizard__vault_id
+#: model:ir.ui.menu,name:vault.menu_vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+#, python-format
+msgid "Vault"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_field.esm.js:0
+#, python-format
+msgid "Vault Field"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_file.esm.js:0
+#, python-format
+msgid "Vault File"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_inbox_field.esm.js:0
+#, python-format
+msgid "Vault Inbox Field"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/fields/vault_inbox_file.esm.js:0
+#, python-format
+msgid "Vault Inbox File"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users__vault_right_ids
+msgid "Vault Right"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.res_config_settings_view_form
+msgid "Vault Share"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox_log.py:0
+#: model:ir.model,name:vault.model_vault_inbox_log
+#, python-format
+msgid "Vault inbox log"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/controller.esm.js:0
+#, python-format
+msgid "Vault is not supported"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_right.py:0
+#: model:ir.model,name:vault.model_vault_right
+#, python-format
+msgid "Vault rights"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox.py:0
+#: model:ir.model,name:vault.model_vault_inbox
+#, python-format
+msgid "Vault share incoming secrets"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_tag.py:0
+#: model:ir.model,name:vault.model_vault_tag
+#, python-format
+msgid "Vault tag"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_entry_search
+msgid "Vaults"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_form
+msgid "Verify"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_res_users_key__version
+msgid "Version"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_log.py:0
+#, python-format
+msgid "Warning"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_store_wizard.py:0
+#: model:ir.model,name:vault.model_vault_store_wizard
+#, python-format
+msgid "Wizard store a shared secret in a vault"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/wizards/vault_send_wizard.py:0
+#: model:ir.model,name:vault.model_vault_send_wizard
+#, python-format
+msgid "Wizard to send another user a secret"
+msgstr ""
+
+#. module: vault
+#: model:ir.model.fields,field_description:vault.field_vault_right__perm_write
+msgid "Write"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_inbox.py:0
+#, python-format
+msgid "Written by %(name)s via %(ip)s"
+msgstr ""
+
+#. module: vault
+#. odoo-python
+#: code:addons/vault/models/vault_entry.py:0
+#, python-format
+msgid "You can not create recursive entries."
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_send_wizard
+msgid ""
+"You can only send the secret to the user who has generated a key-pair.\n"
+"                        If an user is not showing please ask him to generate these."
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_users_form_keys_modif
+msgid ""
+"You will loose access to all vaults and your inbox. Do you want to continue?"
+msgstr ""
+
+#. module: vault
+#. odoo-javascript
+#: code:addons/vault/static/src/backend/templates.xml:0
+#, python-format
+msgid "a-z"
+msgstr ""
+
+#. module: vault
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_import_wizard
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_send_wizard
+#: model_terms:ir.ui.view,arch_db:vault.view_vault_store_wizard
+msgid "or"
+msgstr ""
diff --git a/vault/models/__init__.py b/vault/models/__init__.py
new file mode 100644
index 0000000000..d9d3e40ebe
--- /dev/null
+++ b/vault/models/__init__.py
@@ -0,0 +1,19 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import (
+    abstract_vault,
+    abstract_vault_field,
+    res_config_settings,
+    res_users,
+    res_users_key,
+    vault,
+    vault_entry,
+    vault_field,
+    vault_file,
+    vault_inbox,
+    vault_inbox_log,
+    vault_log,
+    vault_right,
+    vault_tag,
+)
diff --git a/vault/models/abstract_vault.py b/vault/models/abstract_vault.py
new file mode 100644
index 0000000000..614173056d
--- /dev/null
+++ b/vault/models/abstract_vault.py
@@ -0,0 +1,77 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo import _, api, models
+from odoo.exceptions import AccessError
+
+_logger = logging.getLogger(__name__)
+
+
+class AbstractVault(models.AbstractModel):
+    """Models must have the following fields:
+    `perm_user`: The permissions are computed for this user
+    `allowed_read`: The current user can read from the vault
+    `allowed_create`: The current user can read from the vault
+    `allowed_write`: The current user has write access to the vault
+    `allowed_share`: The current user can share the vault with other users
+    `allowed_delete`: The current user can delete the vault or entries of it
+    """
+
+    _name = "vault.abstract"
+    _description = _("Abstract model to implement general access rights")
+
+    @api.model
+    def raise_access_error(self):
+        raise AccessError(
+            _(
+                "The requested operation can not be completed due to security "
+                "restrictions."
+            )
+        )
+
+    def check_access_rule(self, operation):
+        super().check_access_rule(operation)
+
+        if self.env.su:
+            return
+
+        # We have to recompute if the user of the environment changed
+        if self.env.user != self.mapped("perm_user"):
+            vault = self if self._name == "vault" else self.mapped("vault_id")
+            vault._compute_access()
+
+        # Shortcut for vault.right because only the share right is required
+        if self._name == "vault.right":
+            if not self.filtered("allowed_share"):
+                self.raise_access_error()
+            return
+
+        # Check the operation and matching permissions
+        if operation == "read" and not self.filtered("allowed_read"):
+            self.raise_access_error()
+
+        if operation == "create" and not self.filtered("allowed_create"):
+            self.raise_access_error()
+
+        if operation == "write" and not self.filtered("allowed_write"):
+            self.raise_access_error()
+
+        if operation == "unlink" and not self.filtered("allowed_delete"):
+            self.raise_access_error()
+
+    def _log_entry(self, msg, state):
+        raise NotImplementedError()
+
+    def log_entry(self, msg):
+        return self._log_entry(msg, None)
+
+    def log_info(self, msg):
+        return self._log_entry(msg, "info")
+
+    def log_warn(self, msg):
+        return self._log_entry(msg, "warn")
+
+    def log_error(self, msg):
+        return self._log_entry(msg, "error")
diff --git a/vault/models/abstract_vault_field.py b/vault/models/abstract_vault_field.py
new file mode 100644
index 0000000000..691d7b7d03
--- /dev/null
+++ b/vault/models/abstract_vault_field.py
@@ -0,0 +1,57 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo import _, api, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class AbstractVaultField(models.AbstractModel):
+    _name = "vault.abstract.field"
+    _description = _("Abstract model to implement basic fields for encryption")
+
+    entry_id = fields.Many2one("vault.entry", ondelete="cascade", required=True)
+    entry_name = fields.Char(related="entry_id.complete_name")
+    vault_id = fields.Many2one(related="entry_id.vault_id")
+    master_key = fields.Char(compute="_compute_master_key", store=False)
+
+    perm_user = fields.Many2one(related="vault_id.perm_user", store=False)
+    allowed_read = fields.Boolean(related="vault_id.allowed_read", store=False)
+    allowed_create = fields.Boolean(related="vault_id.allowed_create", store=False)
+    allowed_write = fields.Boolean(related="vault_id.allowed_write", store=False)
+    allowed_share = fields.Boolean(related="vault_id.allowed_share", store=False)
+    allowed_delete = fields.Boolean(related="vault_id.allowed_delete", store=False)
+
+    name = fields.Char(required=True)
+    iv = fields.Char()
+
+    @api.depends("entry_id.vault_id.master_key")
+    def _compute_master_key(self):
+        for rec in self:
+            rec.master_key = rec.vault_id.master_key
+
+    def log_change(self, action):
+        if self.env.context.get("vault_skip_log"):
+            return
+
+        for rec in self:
+            rec.entry_id.log_info(
+                f"{action} value {rec.name} of {rec.entry_id.complete_name} "
+                f"by {self.env.user.display_name}"
+            )
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        res = super().create(vals_list)
+        res.log_change("Created")
+        return res
+
+    def unlink(self):
+        self.log_change("Deleted")
+        return super().unlink()
+
+    def write(self, values):
+        self.log_change("Changed")
+        return super().write(values)
diff --git a/vault/models/res_config_settings.py b/vault/models/res_config_settings.py
new file mode 100644
index 0000000000..105571263f
--- /dev/null
+++ b/vault/models/res_config_settings.py
@@ -0,0 +1,16 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from odoo import fields, models
+
+
+class ResConfigSettings(models.TransientModel):
+    _inherit = "res.config.settings"
+
+    module_vault_share = fields.Boolean()
+    group_vault_export = fields.Boolean(
+        "Export Vaults", implied_group="vault.group_vault_export"
+    )
+    group_vault_import = fields.Boolean(
+        "Import Vaults", implied_group="vault.group_vault_import"
+    )
diff --git a/vault/models/res_users.py b/vault/models/res_users.py
new file mode 100644
index 0000000000..ecf5d3c91e
--- /dev/null
+++ b/vault/models/res_users.py
@@ -0,0 +1,78 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+from uuid import uuid4
+
+from odoo import api, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class ResUsers(models.Model):
+    _inherit = "res.users"
+
+    active_key = fields.Many2one(
+        "res.users.key",
+        compute="_compute_active_key",
+        store=False,
+    )
+    keys = fields.One2many("res.users.key", "user_id", readonly=True)
+    vault_right_ids = fields.One2many("vault.right", "user_id", readonly=True)
+    inbox_ids = fields.One2many("vault.inbox", "user_id")
+    inbox_enabled = fields.Boolean(default=True)
+    inbox_link = fields.Char(compute="_compute_inbox_link", readonly=True, store=False)
+    inbox_token = fields.Char(default=lambda self: uuid4(), readonly=True)
+
+    @api.depends("keys", "keys.current")
+    def _compute_active_key(self):
+        for rec in self:
+            keys = rec.sudo().keys.filtered("current")
+            rec.active_key = keys[0] if keys else None
+
+    @api.depends("inbox_token")
+    def _compute_inbox_link(self):
+        base_url = self.env["ir.config_parameter"].sudo().get_param("web.base.url")
+        for rec in self:
+            rec.inbox_link = f"{base_url}/vault/inbox/{rec.inbox_token}"
+
+    @api.model
+    def action_get_vault(self):
+        action = self.sudo().env.ref("vault.action_res_users_keys")
+        result = action.read()[0]
+        result["res_id"] = self.env.uid
+        return result
+
+    def action_new_inbox_token(self):
+        self.ensure_one()
+        self.sudo().inbox_token = uuid4()
+        return self.action_get_vault()
+
+    def action_invalidate_key(self):
+        """Disable the current key and remove all accesses to the vaults"""
+        self.ensure_one()
+        self.keys.write({"current": False})
+        self.vault_right_ids.sudo().unlink()
+        self.inbox_ids.unlink()
+        self.env["vault"].search([])._compute_access()
+        return self.action_get_vault()
+
+    @api.model
+    def find_user_of_inbox(self, token):
+        return self.search([("inbox_token", "=", token), ("inbox_enabled", "=", True)])
+
+    def get_vault_keys(self):
+        self.ensure_one()
+
+        if not self.active_key:
+            return {}
+
+        return {
+            "iterations": self.active_key.iterations,
+            "iv": self.active_key.iv,
+            "private": self.active_key.private,
+            "public": self.active_key.public,
+            "salt": self.active_key.salt,
+            "uuid": self.active_key.uuid,
+            "version": self.active_key.version,
+        }
diff --git a/vault/models/res_users_key.py b/vault/models/res_users_key.py
new file mode 100644
index 0000000000..6c3ae5bc1b
--- /dev/null
+++ b/vault/models/res_users_key.py
@@ -0,0 +1,82 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+import re
+from hashlib import sha256
+from uuid import uuid4
+
+from odoo import _, api, fields, models
+from odoo.exceptions import ValidationError
+
+_logger = logging.getLogger(__name__)
+
+
+class ResUsersKey(models.Model):
+    _name = "res.users.key"
+    _description = _("User data of a vault")
+    _rec_name = "fingerprint"
+    _order = "create_date DESC"
+
+    user_id = fields.Many2one("res.users", required=True)
+    uuid = fields.Char(default=lambda self: uuid4(), required=True, readonly=True)
+    current = fields.Boolean(default=True, readonly=True)
+    fingerprint = fields.Char(compute="_compute_fingerprint", store=True)
+    public = fields.Char(required=True, readonly=True)
+    salt = fields.Char(required=True, readonly=True)
+    iv = fields.Char(required=True, readonly=True)
+    iterations = fields.Integer(required=True, readonly=True)
+    version = fields.Integer(readonly=True)
+    # Encrypted with master password of user
+    private = fields.Char(required=True, readonly=True)
+
+    @api.depends("public")
+    def _compute_fingerprint(self):
+        for rec in self:
+            if rec.public:
+                hashed = sha256(rec.public.encode()).hexdigest()
+                rec.fingerprint = ":".join(re.findall(r".{2}", hashed))
+            else:
+                rec.fingerprint = False
+
+    def _prepare_values(self, iterations, iv, private, public, salt, version):
+        return {
+            "iterations": iterations,
+            "iv": iv,
+            "private": private,
+            "public": public,
+            "salt": salt,
+            "user_id": self.env.uid,
+            "current": True,
+            "version": version,
+        }
+
+    def store(self, iterations, iv, private, public, salt, version):
+        if not all(isinstance(x, str) and x for x in [public, private, iv, salt]):
+            raise ValidationError(_("Invalid parameter"))
+
+        if not isinstance(iterations, int) or iterations < 4000:
+            raise ValidationError(_("Invalid parameter"))
+
+        if not isinstance(version, int):
+            raise ValidationError(_("Invalid parameter"))
+
+        domain = [
+            ("user_id", "=", self.env.uid),
+            ("private", "=", private),
+        ]
+        key = self.search(domain)
+        if not key:
+            # Disable all current keys
+            self.env.user.keys.write({"current": False})
+
+            rec = self.create(
+                self._prepare_values(iterations, iv, private, public, salt, version)
+            )
+            return rec.uuid
+
+        return False
+
+    def extract_public_key(self, user):
+        user = self.sudo().search([("user_id", "=", user), ("current", "=", True)])
+        return user.public or None
diff --git a/vault/models/vault.py b/vault/models/vault.py
new file mode 100644
index 0000000000..5aef99f230
--- /dev/null
+++ b/vault/models/vault.py
@@ -0,0 +1,165 @@
+# © 2021-2024 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+from uuid import uuid4
+
+from odoo import _, api, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class Vault(models.Model):
+    _name = "vault"
+    _description = _("Vault")
+    _inherit = ["vault.abstract"]
+    _order = "name"
+
+    user_id = fields.Many2one(
+        "res.users",
+        "Owner",
+        readonly=True,
+        default=lambda self: self.env.user,
+        required=True,
+    )
+    right_ids = fields.One2many(
+        "vault.right",
+        "vault_id",
+        "Rights",
+        default=lambda self: self._get_default_rights(),
+    )
+    entry_ids = fields.One2many("vault.entry", "vault_id", "Entries")
+    field_ids = fields.One2many("vault.field", "vault_id", "Fields")
+    file_ids = fields.One2many("vault.file", "vault_id", "Files")
+    log_ids = fields.One2many("vault.log", "vault_id", "Log", readonly=True)
+    reencrypt_required = fields.Boolean(default=False)
+
+    # Access control
+    perm_user = fields.Many2one("res.users", compute="_compute_access", store=False)
+    allowed_read = fields.Boolean(compute="_compute_access", store=False)
+    allowed_create = fields.Boolean(compute="_compute_access", store=False)
+    allowed_share = fields.Boolean(compute="_compute_access", store=False)
+    allowed_write = fields.Boolean(compute="_compute_access", store=False)
+    allowed_delete = fields.Boolean(compute="_compute_access", store=False)
+
+    master_key = fields.Char(
+        compute="_compute_master_key",
+        inverse="_inverse_master_key",
+        store=False,
+    )
+
+    uuid = fields.Char(default=lambda self: uuid4(), required=True, readonly=True)
+    name = fields.Char(required=True)
+    note = fields.Text()
+
+    _sql_constraints = [
+        ("uuid_uniq", "UNIQUE(uuid)", _("The UUID must be unique.")),
+    ]
+
+    @api.depends("right_ids.user_id")
+    def _compute_access(self):
+        user = self.env.user
+        for rec in self.sudo():
+            rec.perm_user = user.id
+
+            if user == rec.user_id:
+                rec.write(
+                    {
+                        "allowed_create": True,
+                        "allowed_share": True,
+                        "allowed_write": True,
+                        "allowed_delete": True,
+                        "allowed_read": True,
+                    }
+                )
+                continue
+
+            rights = rec.right_ids
+            rec.allowed_read = user in rights.mapped("user_id")
+            rec.allowed_create = user in rights.filtered("perm_create").mapped(
+                "user_id"
+            )
+            rec.allowed_share = user in rights.filtered("perm_share").mapped("user_id")
+            rec.allowed_write = user in rights.filtered("perm_write").mapped("user_id")
+            rec.allowed_delete = user in rights.filtered("perm_delete").mapped(
+                "user_id"
+            )
+
+    @api.depends("right_ids.key")
+    def _compute_master_key(self):
+        domain = [("user_id", "=", self.env.uid)]
+        for rec in self:
+            rights = rec.right_ids.filtered_domain(domain)
+            rec.master_key = rights[0].key if rights else False
+
+    def _inverse_master_key(self):
+        domain = [("user_id", "=", self.env.uid)]
+        for rec in self:
+            rights = rec.right_ids.filtered_domain(domain)
+            if rights and not rights.key:
+                rights.key = rec.master_key
+
+    def _get_default_rights(self):
+        return [
+            (
+                0,
+                0,
+                {
+                    "user_id": self.env.uid,
+                    "perm_create": True,
+                    "perm_write": True,
+                    "perm_delete": True,
+                    "perm_share": True,
+                },
+            )
+        ]
+
+    def _log_entry(self, msg, state):
+        self.ensure_one()
+        return (
+            self.env["vault.log"]
+            .sudo()
+            .create(
+                {
+                    "vault_id": self.id,
+                    "user_id": self.env.uid,
+                    "message": msg,
+                    "state": state,
+                }
+            )
+        )
+
+    def share_public_keys(self):
+        self.ensure_one()
+        result = []
+        for right in self.right_ids:
+            result.append({"user": right.user_id.id, "public": right.public_key})
+        return result
+
+    def action_open_import_wizard(self):
+        self.ensure_one()
+        wizard = self.env.ref("vault.view_vault_import_wizard")
+        return {
+            "name": _("Import from file"),
+            "type": "ir.actions.act_window",
+            "view_mode": "form",
+            "res_model": "vault.import.wizard",
+            "views": [(wizard.id, "form")],
+            "view_id": wizard.id,
+            "target": "new",
+            "context": {"default_vault_id": self.id},
+        }
+
+    def action_open_export_wizard(self):
+        self.ensure_one()
+        wizard = self.env.ref("vault.view_vault_export_wizard")
+        return {
+            "name": _("Export to file"),
+            "type": "ir.actions.act_window",
+            "view_mode": "form",
+            "res_model": "vault.export.wizard",
+            "views": [(wizard.id, "form")],
+            "view_id": wizard.id,
+            "target": "new",
+            "context": {"default_vault_id": self.id},
+        }
diff --git a/vault/models/vault_entry.py b/vault/models/vault_entry.py
new file mode 100644
index 0000000000..1f553c3561
--- /dev/null
+++ b/vault/models/vault_entry.py
@@ -0,0 +1,215 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# Copyright 2022 Tecnativa - Víctor Martínez
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+from datetime import datetime
+from uuid import uuid4
+
+from odoo import _, api, fields, models
+from odoo.exceptions import ValidationError
+
+_logger = logging.getLogger(__name__)
+
+
+class VaultEntry(models.Model):
+    _name = "vault.entry"
+    _description = _("Entry inside a vault")
+    _inherit = ["vault.abstract"]
+    _order = "complete_name"
+    _rec_name = "complete_name"
+
+    parent_id = fields.Many2one(
+        "vault.entry",
+        "Parent",
+        ondelete="cascade",
+        domain="[('vault_id', '=', vault_id)]",
+    )
+    child_ids = fields.One2many("vault.entry", "parent_id", "Child")
+
+    vault_id = fields.Many2one("vault", "Vault", ondelete="cascade", required=True)
+    user_id = fields.Many2one(related="vault_id.user_id")
+    field_ids = fields.One2many("vault.field", "entry_id", "Fields")
+    file_ids = fields.One2many("vault.file", "entry_id", "Files")
+    log_ids = fields.One2many("vault.log", "entry_id", "Log", readonly=True)
+
+    perm_user = fields.Many2one(related="vault_id.perm_user", store=False)
+    allowed_read = fields.Boolean(related="vault_id.allowed_read", store=False)
+    allowed_create = fields.Boolean(related="vault_id.allowed_create", store=False)
+    allowed_share = fields.Boolean(related="vault_id.allowed_share", store=False)
+    allowed_write = fields.Boolean(related="vault_id.allowed_write", store=False)
+    allowed_delete = fields.Boolean(related="vault_id.allowed_delete", store=False)
+
+    complete_name = fields.Char(
+        compute="_compute_complete_name",
+        store=True,
+        readonly=True,
+        recursive=True,
+    )
+    uuid = fields.Char(default=lambda self: uuid4(), required=True, copy=False)
+    name = fields.Char(required=True)
+    url = fields.Char()
+    note = fields.Text()
+    tags = fields.Many2many("vault.tag")
+    expire_date = fields.Datetime("Expires on", default=False)
+    expired = fields.Boolean(
+        compute="_compute_expired",
+        search="_search_expired",
+        store=False,
+    )
+
+    _sql_constraints = [
+        ("vault_uuid_uniq", "UNIQUE(vault_id, uuid)", _("The UUID must be unique.")),
+    ]
+
+    @api.constrains("parent_id")
+    def _check_parent_id(self):
+        if not self._check_recursion():
+            raise ValidationError(_("You can not create recursive entries."))
+
+    @api.depends("name", "parent_id.complete_name")
+    def _compute_complete_name(self):
+        for rec in self:
+            if rec.parent_id:
+                rec.complete_name = f"{rec.parent_id.complete_name} / {rec.name}"
+            else:
+                rec.complete_name = rec.name
+
+    @api.model
+    def search_panel_select_range(self, field_name, **kwargs):
+        """We add the following contexts related to searchpanel:
+        - entry_short_name: Show just the name instead of full path.
+        - from_search_panel: It will be used to overwrite domain.
+        Remove the limit of records (default is 200).
+        """
+        return super(
+            VaultEntry,
+            self.with_context(from_search_panel=True, entry_short_name=True),
+        ).search_panel_select_range(field_name, **kwargs)
+
+    def search_read(self, domain=None, fields=None, offset=0, limit=None, order=None):
+        """Changes related to searchpanel:
+        - Add a domain to only show records with children.
+        """
+        domain = domain if domain else []
+        if self.env.context.get("from_search_panel"):
+            domain += [("child_ids", "!=", False)]
+        return super().search_read(
+            domain=domain, fields=fields, offset=offset, limit=limit, order=order
+        )
+
+    def copy_data(self, default=None):
+        self.ensure_one()
+
+        if default is None:
+            default = {}
+
+        if "name" not in default:
+            default["name"] = _("%s (copy)", self.name)
+
+        if "field_ids" not in default:
+            default["field_ids"] = [
+                (0, 0, field.copy_data()[0]) for field in self.field_ids
+            ]
+        if "file_ids" not in default:
+            default["file_ids"] = [
+                (0, 0, field.copy_data()[0]) for field in self.file_ids
+            ]
+        return super().copy_data(default)
+
+    @api.depends("name", "complete_name")
+    def _compute_display_name(self):
+        if not self.env.context.get("entry_short_name", False):
+            return super()._compute_display_name()
+        for record in self:
+            record.display_name = record.name
+
+    @api.depends("expire_date")
+    def _compute_expired(self):
+        now = datetime.now()
+        for rec in self:
+            rec.expired = rec.expire_date and now > rec.expire_date
+
+    def _search_expired(self, operator, value):
+        if (operator not in ["=", "!="]) or (value not in [True, False]):
+            return []
+
+        if (operator, value) in [("=", True), ("!=", False)]:
+            return [("expire_date", "<", datetime.now())]
+
+        return ["|", ("expire_date", ">=", datetime.now()), ("expire_date", "=", False)]
+
+    def log_change(self, action):
+        if self.env.context.get("vault_skip_log"):
+            return
+
+        for rec in self:
+            rec.log_info(
+                _("%(action)s entry %(name)s by %(user)s")
+                % {
+                    "action": action,
+                    "name": rec.complete_name,
+                    "user": rec.env.user.display_name,
+                }
+            )
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        res = super().create(vals_list)
+        res.log_change("Created")
+        return res
+
+    def unlink(self):
+        self.log_change("Deleted")
+
+        return super().unlink()
+
+    def _log_entry(self, msg, state):
+        self.ensure_one()
+        return (
+            self.env["vault.log"]
+            .sudo()
+            .create(
+                {
+                    "vault_id": self.vault_id.id,
+                    "entry_id": self.id,
+                    "user_id": self.env.uid,
+                    "message": msg,
+                    "state": state,
+                }
+            )
+        )
+
+    def action_open_import_wizard(self):
+        self.ensure_one()
+        wizard = self.env.ref("vault.view_vault_import_wizard")
+        return {
+            "name": _("Import from file"),
+            "type": "ir.actions.act_window",
+            "view_mode": "form",
+            "res_model": "vault.import.wizard",
+            "views": [(wizard.id, "form")],
+            "view_id": wizard.id,
+            "target": "new",
+            "context": {
+                "default_vault_id": self.vault_id.id,
+                "default_parent_id": self.id,
+            },
+        }
+
+    def action_open_export_wizard(self):
+        self.ensure_one()
+        wizard = self.env.ref("vault.view_vault_export_wizard")
+        return {
+            "name": _("Export to file"),
+            "type": "ir.actions.act_window",
+            "view_mode": "form",
+            "res_model": "vault.export.wizard",
+            "views": [(wizard.id, "form")],
+            "view_id": wizard.id,
+            "target": "new",
+            "context": {
+                "default_vault_id": self.vault_id.id,
+                "default_entry_id": self.id,
+            },
+        }
diff --git a/vault/models/vault_field.py b/vault/models/vault_field.py
new file mode 100644
index 0000000000..26490b26e0
--- /dev/null
+++ b/vault/models/vault_field.py
@@ -0,0 +1,17 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo import _, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class VaultField(models.Model):
+    _name = "vault.field"
+    _description = _("Field of a vault")
+    _order = "name"
+    _inherit = ["vault.abstract.field", "vault.abstract"]
+
+    value = fields.Char(required=True)
diff --git a/vault/models/vault_file.py b/vault/models/vault_file.py
new file mode 100644
index 0000000000..011412d38e
--- /dev/null
+++ b/vault/models/vault_file.py
@@ -0,0 +1,25 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo import _, api, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class VaultFile(models.Model):
+    _name = "vault.file"
+    _description = _("File of a vault")
+    _order = "name"
+    _inherit = ["vault.abstract.field", "vault.abstract"]
+
+    value = fields.Binary(attachment=False)
+
+    @api.model
+    def search_read(self, *args, **kwargs):
+        if self.env.context.get("vault_reencrypt"):
+            return super(VaultFile, self.with_context(bin_size=False)).search_read(
+                *args, **kwargs
+            )
+        return super().search_read(*args, **kwargs)
diff --git a/vault/models/vault_inbox.py b/vault/models/vault_inbox.py
new file mode 100644
index 0000000000..d8c8028e22
--- /dev/null
+++ b/vault/models/vault_inbox.py
@@ -0,0 +1,114 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+from datetime import datetime, timedelta
+from uuid import uuid4
+
+from odoo import _, api, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class VaultInbox(models.Model):
+    _name = "vault.inbox"
+    _description = _("Vault share incoming secrets")
+
+    token = fields.Char(default=lambda self: uuid4(), readonly=True, copy=False)
+    inbox_link = fields.Char(
+        compute="_compute_inbox_link",
+        readonly=True,
+        help="Using this link you can write to the current inbox. If you want people "
+        "to create new inboxes you should give them your inbox link from your key "
+        "management.",
+    )
+    user_id = fields.Many2one(
+        "res.users",
+        "Vault",
+        required=True,
+    )
+    name = fields.Char(required=True)
+    secret = fields.Char(readonly=True)
+    filename = fields.Char()
+    secret_file = fields.Binary(attachment=False, readonly=True)
+    key = fields.Char(required=True)
+    iv = fields.Char(required=True)
+    accesses = fields.Integer(
+        "Access counter",
+        default=1,
+        help="If this is 0 the inbox can't be written using the link",
+    )
+    expiration = fields.Datetime(
+        default=lambda self: datetime.now() + timedelta(days=7),
+        help="If expired the inbox can't be written using the link",
+    )
+    log_ids = fields.One2many("vault.inbox.log", "inbox_id", "Log", readonly=True)
+
+    _sql_constraints = [
+        (
+            "value_check",
+            "CHECK(secret IS NOT NULL OR secret_file IS NOT NULL)",
+            _("No value found"),
+        ),
+    ]
+
+    @api.depends("token")
+    def _compute_inbox_link(self):
+        base_url = self.env["ir.config_parameter"].sudo().get_param("web.base.url")
+        for rec in self:
+            rec.inbox_link = f"{base_url}/vault/inbox/{rec.token}"
+
+    def read(self, *args, **kwargs):
+        # Always load the binary instead of the size
+        return super(VaultInbox, self.with_context(bin_size=False)).read(
+            *args, **kwargs
+        )
+
+    @api.model
+    def find_inbox(self, token):
+        return self.search([("token", "=", token)])
+
+    def store_in_inbox(
+        self,
+        name,
+        secret,
+        secret_file,
+        iv,
+        key,
+        user,
+        filename,
+        ip=None,
+    ):
+        log_info = {"name": user.name, "ip": ip or "n/a"}
+        if len(self) == 0:
+            log = _("Created by %(name)s via %(ip)s") % log_info
+            return self.create(
+                {
+                    "name": name,
+                    "accesses": 0,
+                    "iv": iv,
+                    "key": key,
+                    "secret": secret or None,
+                    "secret_file": secret_file or None,
+                    "filename": filename,
+                    "user_id": user.id,
+                    "log_ids": [(0, 0, {"name": log})],
+                }
+            )
+
+        self.ensure_one()
+        if self.accesses > 0 and datetime.now() < self.expiration:
+            log = _("Written by %(name)s via %(ip)s") % log_info
+
+            self.write(
+                {
+                    "accesses": self.accesses - 1,
+                    "iv": iv,
+                    "key": key,
+                    "secret": secret or None,
+                    "secret_file": secret_file or None,
+                    "filename": filename,
+                    "log_ids": [(0, 0, {"name": log})],
+                }
+            )
+            return self
diff --git a/vault/models/vault_inbox_log.py b/vault/models/vault_inbox_log.py
new file mode 100644
index 0000000000..e072283624
--- /dev/null
+++ b/vault/models/vault_inbox_log.py
@@ -0,0 +1,22 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo import _, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class VaultInboxLog(models.Model):
+    _name = "vault.inbox.log"
+    _description = _("Vault inbox log")
+    _order = "create_date DESC"
+
+    inbox_id = fields.Many2one(
+        "vault.inbox",
+        ondelete="cascade",
+        readonly=True,
+        required=True,
+    )
+    name = fields.Char(readonly=True)
diff --git a/vault/models/vault_log.py b/vault/models/vault_log.py
new file mode 100644
index 0000000000..3f44569c53
--- /dev/null
+++ b/vault/models/vault_log.py
@@ -0,0 +1,46 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo import _, api, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class VaultLog(models.Model):
+    _name = "vault.log"
+    _description = _("Log entry of a vault")
+    _order = "create_date DESC"
+    _rec_name = "message"
+
+    vault_id = fields.Many2one(
+        "vault",
+        "Vault",
+        ondelete="cascade",
+        required=True,
+        readonly=True,
+    )
+    entry_id = fields.Many2one(
+        "vault.entry",
+        "Entry",
+        ondelete="cascade",
+        readonly=True,
+    )
+    user_id = fields.Many2one("res.users", "User", required=True, readonly=True)
+    state = fields.Selection(lambda self: self._get_log_state(), readonly=True)
+    message = fields.Char(readonly=True, required=True)
+
+    def _get_log_state(self):
+        return [
+            ("info", _("Information")),
+            ("warn", _("Warning")),
+            ("error", _("Error")),
+        ]
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        res = super().create(vals_list)
+        if not self.env.context.get("skip_log", False):
+            _logger.info("Vault log: %s", res.message)
+        return res
diff --git a/vault/models/vault_right.py b/vault/models/vault_right.py
new file mode 100644
index 0000000000..1f9fc3bc77
--- /dev/null
+++ b/vault/models/vault_right.py
@@ -0,0 +1,110 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from odoo import _, api, fields, models
+
+
+class VaultRight(models.Model):
+    _name = "vault.right"
+    _description = _("Vault rights")
+    _inherit = ["vault.abstract"]
+    _order = "user_id"
+
+    vault_id = fields.Many2one(
+        "vault",
+        "Vault",
+        readonly=True,
+        required=True,
+        ondelete="cascade",
+    )
+    master_key = fields.Char(related="vault_id.master_key", readonly=True, store=False)
+    user_id = fields.Many2one(
+        "res.users",
+        "User",
+        domain=[("keys", "!=", False)],
+        required=True,
+    )
+    public_key = fields.Char(compute="_compute_public_key", readonly=True, store=False)
+    perm_create = fields.Boolean(
+        "Create",
+        default=lambda self: self._get_is_owner(),
+        help="Allow to create in the vault",
+    )
+    perm_write = fields.Boolean(
+        "Write",
+        default=lambda self: self._get_is_owner(),
+        help="Allow to write to the vault",
+    )
+    perm_share = fields.Boolean(
+        "Share",
+        default=lambda self: self._get_is_owner(),
+        help="Allow to share a vault with new users",
+    )
+    perm_delete = fields.Boolean(
+        "Delete",
+        default=lambda self: self._get_is_owner(),
+        help="Allow to delete a vault",
+    )
+
+    perm_user = fields.Many2one(related="vault_id.perm_user", store=False)
+    allowed_read = fields.Boolean(related="vault_id.allowed_read", store=False)
+    allowed_create = fields.Boolean(related="vault_id.allowed_create", store=False)
+    allowed_write = fields.Boolean(related="vault_id.allowed_write", store=False)
+    allowed_share = fields.Boolean(related="vault_id.allowed_share", store=False)
+    allowed_delete = fields.Boolean(related="vault_id.allowed_delete", store=False)
+
+    # Encrypted with the public key of the user
+    key = fields.Char()
+
+    _sql_constraints = (
+        ("user_uniq", "UNIQUE(user_id, vault_id)", _("The user must be unique")),
+    )
+
+    def _get_is_owner(self):
+        return self.env.user == self.vault_id.user_id
+
+    @api.depends("user_id")
+    def _compute_public_key(self):
+        for rec in self:
+            rec.public_key = rec.user_id.active_key.public
+
+    def log_access(self):
+        for rec in self:
+            rights = ", ".join(
+                sorted(
+                    ["read"]
+                    + [
+                        right
+                        for right in ["create", "write", "share", "delete"]
+                        if getattr(rec, f"perm_{right}", False)
+                    ]
+                )
+            )
+
+            rec.vault_id.log_info(
+                f"Grant access to user {rec.user_id.display_name}: {rights}"
+            )
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        res = super().create(vals_list)
+        if not res.allowed_share and not res.env.su:
+            self.raise_access_error()
+
+        res.log_access()
+        return res
+
+    def write(self, values):
+        res = super().write(values)
+        perms = ["perm_write", "perm_delete", "perm_share", "perm_create"]
+        if any(x in values for x in perms):
+            self.log_access()
+
+        return res
+
+    def unlink(self):
+        for rec in self:
+            rec.vault_id.log_info(f"Removed user {self.user_id.display_name}")
+            rec.vault_id.reencrypt_required = True
+
+        return super().unlink()
diff --git a/vault/models/vault_tag.py b/vault/models/vault_tag.py
new file mode 100644
index 0000000000..f50ae6de88
--- /dev/null
+++ b/vault/models/vault_tag.py
@@ -0,0 +1,16 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from odoo import _, fields, models
+
+
+class VaultTag(models.Model):
+    _name = "vault.tag"
+    _description = _("Vault tag")
+    _order = "name"
+
+    name = fields.Char(required=True)
+
+    _sql_constraints = [
+        ("name_uniq", "unique(name)", _("The tag must be unique!")),
+    ]
diff --git a/vault/readme/CONTRIBUTORS.rst b/vault/readme/CONTRIBUTORS.rst
new file mode 100644
index 0000000000..e202826121
--- /dev/null
+++ b/vault/readme/CONTRIBUTORS.rst
@@ -0,0 +1 @@
+* Florian Kantelberg <florian.kantelberg@initos.com>
diff --git a/vault/readme/DESCRIPTION.rst b/vault/readme/DESCRIPTION.rst
new file mode 100644
index 0000000000..50cf3c7679
--- /dev/null
+++ b/vault/readme/DESCRIPTION.rst
@@ -0,0 +1,7 @@
+This module implements a vault for secrets and files using end-to-end-encryption. The encryption and decryption happens in the browser using a vault specific shared master key. The master keys are encrypted using asymmetrically. For this the user has to enter a second password on the first login or if he needs to access data in a vault. The asymmetric keys are stored for a certain time in the browser storage.
+
+The server can never access the secrets with the information available. Only people registered in the vault can decrypt or encrypt values in a vault. The meta data isn't encrypted to be able to search/filter for entries more easily.
+
+This modules requires a secure context for the browser to work properly and therefore HTTPS support is required.
+
+The `vault-recovery <https://github.com/fkantelberg/vault-recovery>`_ project focuses on disaster recovery in case of an incident to recover secrets from old database backups or old exports.
diff --git a/vault/readme/ROADMAP.rst b/vault/readme/ROADMAP.rst
new file mode 100644
index 0000000000..ccaf5abc1d
--- /dev/null
+++ b/vault/readme/ROADMAP.rst
@@ -0,0 +1,14 @@
+* Field and file history for restoration
+
+* Import improvement
+
+ * Support challenge-response/FIDO2
+ * Support for argon2 and kdbx v4
+
+* When changing an entry from one vault to another existing vault, the values added on
+  this entry cannot be accessed, so the field vault is going to be readonly when it
+  is defined.
+
+  If you want to move entries between vaults you can use the export -> import option.
+
+* HTTPS or localhost (secure browser context) is required for the client side encryption
diff --git a/vault/security/ir.model.access.csv b/vault/security/ir.model.access.csv
new file mode 100644
index 0000000000..0863b98aa8
--- /dev/null
+++ b/vault/security/ir.model.access.csv
@@ -0,0 +1,16 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_vault,access_vault,model_vault,base.group_user,1,1,1,1
+access_vault_entry,access_vault_entry,model_vault_entry,base.group_user,1,1,1,1
+access_vault_export_wizard,access_vault_export_wizard,model_vault_export_wizard,base.group_user,1,1,1,1
+access_vault_field,access_vault_field,model_vault_field,base.group_user,1,1,1,1
+access_vault_file,access_vault_file,model_vault_file,base.group_user,1,1,1,1
+access_vault_import_wizard,access_vault_import_wizard,model_vault_import_wizard,base.group_user,1,1,1,1
+access_vault_import_wizard_path,access_vault_import_wizard_path,model_vault_import_wizard_path,base.group_user,1,1,1,1
+access_vault_inbox,access_vault_inbox,model_vault_inbox,base.group_user,1,1,1,1
+access_vault_inbox_log,access_vault_inbox_log,model_vault_inbox_log,base.group_user,1,1,1,1
+access_vault_log,access_vault_log,model_vault_log,base.group_user,1,0,0,0
+access_vault_right,access_vault_right,model_vault_right,base.group_user,1,1,1,1
+access_vault_send_wizard,access_vault_send_wizard,model_vault_send_wizard,base.group_user,1,1,1,1
+access_vault_store_wizard,access_vault_store_wizard,model_vault_store_wizard,base.group_user,1,1,1,1
+access_vault_tag,access_vault_tag,model_vault_tag,base.group_user,1,1,1,1
+access_vault_users_key,access_res_users_key,model_res_users_key,base.group_user,1,1,1,1
diff --git a/vault/security/ir_rule.xml b/vault/security/ir_rule.xml
new file mode 100644
index 0000000000..13f7cdb45f
--- /dev/null
+++ b/vault/security/ir_rule.xml
@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="vault_access_default" model="ir.rule">
+        <field name="name">vault.access.default</field>
+        <field name="model_id" ref="vault.model_vault" />
+        <field
+            name="domain_force"
+        >['|', ('user_id', '=', user.id), ('right_ids.user_id', '=', user.id)]</field>
+        <field name="groups" eval="[(4, ref('base.group_user'))]" />
+        <field name="perm_create" eval="1" />
+        <field name="perm_write" eval="1" />
+        <field name="perm_unlink" eval="1" />
+        <field name="perm_read" eval="1" />
+    </record>
+
+    <record id="vault_log_access_default" model="ir.rule">
+        <field name="name">vault.log.access.read</field>
+        <field name="model_id" ref="vault.model_vault_log" />
+        <field
+            name="domain_force"
+        >['|', ('vault_id.user_id', '=', user.id), ('vault_id.right_ids.user_id', '=', user.id)]</field>
+        <field name="groups" eval="[(4, ref('base.group_user'))]" />
+        <field name="perm_create" eval="1" />
+        <field name="perm_write" eval="1" />
+        <field name="perm_unlink" eval="1" />
+        <field name="perm_read" eval="1" />
+    </record>
+
+    <record id="vault_entry_access_default" model="ir.rule">
+        <field name="name">vault.entry.access.default</field>
+        <field name="model_id" ref="vault.model_vault_entry" />
+        <field
+            name="domain_force"
+        >['|', ('vault_id.user_id', '=', user.id), ('vault_id.right_ids.user_id', '=', user.id)]</field>
+        <field name="groups" eval="[(4, ref('base.group_user'))]" />
+        <field name="perm_create" eval="1" />
+        <field name="perm_write" eval="1" />
+        <field name="perm_unlink" eval="1" />
+        <field name="perm_read" eval="1" />
+    </record>
+
+     <record id="vault_field_access_default" model="ir.rule">
+        <field name="name">vault.field.access.default</field>
+        <field name="model_id" ref="vault.model_vault_field" />
+        <field
+            name="domain_force"
+        >['|', ('vault_id.user_id', '=', user.id), ('vault_id.right_ids.user_id', '=', user.id)]</field>
+        <field name="groups" eval="[(4, ref('base.group_user'))]" />
+        <field name="perm_create" eval="1" />
+        <field name="perm_write" eval="1" />
+        <field name="perm_unlink" eval="1" />
+        <field name="perm_read" eval="1" />
+    </record>
+
+    <record id="vault_file_access_default" model="ir.rule">
+        <field name="name">vault.file.access.default</field>
+        <field name="model_id" ref="vault.model_vault_file" />
+        <field
+            name="domain_force"
+        >['|', ('vault_id.user_id', '=', user.id), ('vault_id.right_ids.user_id', '=', user.id)]</field>
+        <field name="groups" eval="[(4, ref('base.group_user'))]" />
+        <field name="perm_create" eval="1" />
+        <field name="perm_write" eval="1" />
+        <field name="perm_unlink" eval="1" />
+        <field name="perm_read" eval="1" />
+    </record>
+
+    <record id="res_users_key_access_default" model="ir.rule">
+        <field name="name">res.users.key.access.default</field>
+        <field name="model_id" ref="vault.model_res_users_key" />
+        <field name="domain_force">[('user_id', '=', user.id)]</field>
+        <field name="groups" eval="[(4, ref('base.group_user'))]" />
+        <field name="perm_create" eval="1" />
+        <field name="perm_write" eval="1" />
+        <field name="perm_unlink" eval="1" />
+        <field name="perm_read" eval="1" />
+    </record>
+
+    <record id="vault_inbox_owner" model="ir.rule">
+        <field name="name">vault.inbox.access.owner</field>
+        <field name="model_id" ref="vault.model_vault_inbox" />
+        <field name="domain_force">[('user_id', '=', user.id)]</field>
+        <field name="perm_create" eval="1" />
+        <field name="perm_write" eval="1" />
+        <field name="perm_unlink" eval="1" />
+        <field name="perm_read" eval="1" />
+    </record>
+
+    <record id="vault_right_access_default" model="ir.rule">
+        <field name="name">vault.right.access.default</field>
+        <field name="model_id" ref="vault.model_vault_right" />
+        <field
+            name="domain_force"
+        >[('vault_id.right_ids.user_id', '=', user.id)]</field>
+        <field name="groups" eval="[(4, ref('base.group_user'))]" />
+        <field name="perm_create" eval="1" />
+        <field name="perm_write" eval="1" />
+        <field name="perm_unlink" eval="1" />
+        <field name="perm_read" eval="1" />
+    </record>
+
+    <record id="vault_inbox_log_owner" model="ir.rule">
+        <field name="name">vault.inbox.log.access.owner</field>
+        <field name="model_id" ref="vault.model_vault_inbox_log" />
+        <field name="domain_force">[('inbox_id.user_id', '=', user.id)]</field>
+        <field name="perm_create" eval="1" />
+        <field name="perm_write" eval="1" />
+        <field name="perm_unlink" eval="1" />
+        <field name="perm_read" eval="1" />
+    </record>
+</odoo>
diff --git a/vault/security/vault_security.xml b/vault/security/vault_security.xml
new file mode 100644
index 0000000000..a810f29538
--- /dev/null
+++ b/vault/security/vault_security.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="group_vault_export" model="res.groups">
+        <field name="name">Allow to export vaults</field>
+        <field name="category_id" ref="base.module_category_hidden" />
+        <field name="users" eval="[(4, ref('base.user_admin'))]" />
+    </record>
+    <record id="group_vault_import" model="res.groups">
+        <field name="name">Allow to import vaults</field>
+        <field name="category_id" ref="base.module_category_hidden" />
+        <field name="users" eval="[(4, ref('base.user_admin'))]" />
+    </record>
+</odoo>
diff --git a/vault/static/description/icon.png b/vault/static/description/icon.png
new file mode 100644
index 0000000000..d79aa6f575
Binary files /dev/null and b/vault/static/description/icon.png differ
diff --git a/vault/static/description/index.html b/vault/static/description/index.html
new file mode 100644
index 0000000000..99cd2f80d1
--- /dev/null
+++ b/vault/static/description/index.html
@@ -0,0 +1,447 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<meta name="generator" content="Docutils: https://docutils.sourceforge.io/" />
+<title>Vault</title>
+<style type="text/css">
+
+/*
+:Author: David Goodger (goodger@python.org)
+:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
+:Copyright: This stylesheet has been placed in the public domain.
+
+Default cascading style sheet for the HTML output of Docutils.
+
+See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
+customize this style sheet.
+*/
+
+/* used to remove borders from tables and images */
+.borderless, table.borderless td, table.borderless th {
+  border: 0 }
+
+table.borderless td, table.borderless th {
+  /* Override padding for "table.docutils td" with "! important".
+     The right padding separates the table cells. */
+  padding: 0 0.5em 0 0 ! important }
+
+.first {
+  /* Override more specific margin styles with "! important". */
+  margin-top: 0 ! important }
+
+.last, .with-subtitle {
+  margin-bottom: 0 ! important }
+
+.hidden {
+  display: none }
+
+.subscript {
+  vertical-align: sub;
+  font-size: smaller }
+
+.superscript {
+  vertical-align: super;
+  font-size: smaller }
+
+a.toc-backref {
+  text-decoration: none ;
+  color: black }
+
+blockquote.epigraph {
+  margin: 2em 5em ; }
+
+dl.docutils dd {
+  margin-bottom: 0.5em }
+
+object[type="image/svg+xml"], object[type="application/x-shockwave-flash"] {
+  overflow: hidden;
+}
+
+/* Uncomment (and remove this text!) to get bold-faced definition list terms
+dl.docutils dt {
+  font-weight: bold }
+*/
+
+div.abstract {
+  margin: 2em 5em }
+
+div.abstract p.topic-title {
+  font-weight: bold ;
+  text-align: center }
+
+div.admonition, div.attention, div.caution, div.danger, div.error,
+div.hint, div.important, div.note, div.tip, div.warning {
+  margin: 2em ;
+  border: medium outset ;
+  padding: 1em }
+
+div.admonition p.admonition-title, div.hint p.admonition-title,
+div.important p.admonition-title, div.note p.admonition-title,
+div.tip p.admonition-title {
+  font-weight: bold ;
+  font-family: sans-serif }
+
+div.attention p.admonition-title, div.caution p.admonition-title,
+div.danger p.admonition-title, div.error p.admonition-title,
+div.warning p.admonition-title, .code .error {
+  color: red ;
+  font-weight: bold ;
+  font-family: sans-serif }
+
+/* Uncomment (and remove this text!) to get reduced vertical space in
+   compound paragraphs.
+div.compound .compound-first, div.compound .compound-middle {
+  margin-bottom: 0.5em }
+
+div.compound .compound-last, div.compound .compound-middle {
+  margin-top: 0.5em }
+*/
+
+div.dedication {
+  margin: 2em 5em ;
+  text-align: center ;
+  font-style: italic }
+
+div.dedication p.topic-title {
+  font-weight: bold ;
+  font-style: normal }
+
+div.figure {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+div.footer, div.header {
+  clear: both;
+  font-size: smaller }
+
+div.line-block {
+  display: block ;
+  margin-top: 1em ;
+  margin-bottom: 1em }
+
+div.line-block div.line-block {
+  margin-top: 0 ;
+  margin-bottom: 0 ;
+  margin-left: 1.5em }
+
+div.sidebar {
+  margin: 0 0 0.5em 1em ;
+  border: medium outset ;
+  padding: 1em ;
+  background-color: #ffffee ;
+  width: 40% ;
+  float: right ;
+  clear: right }
+
+div.sidebar p.rubric {
+  font-family: sans-serif ;
+  font-size: medium }
+
+div.system-messages {
+  margin: 5em }
+
+div.system-messages h1 {
+  color: red }
+
+div.system-message {
+  border: medium outset ;
+  padding: 1em }
+
+div.system-message p.system-message-title {
+  color: red ;
+  font-weight: bold }
+
+div.topic {
+  margin: 2em }
+
+h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
+h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
+  margin-top: 0.4em }
+
+h1.title {
+  text-align: center }
+
+h2.subtitle {
+  text-align: center }
+
+hr.docutils {
+  width: 75% }
+
+img.align-left, .figure.align-left, object.align-left, table.align-left {
+  clear: left ;
+  float: left ;
+  margin-right: 1em }
+
+img.align-right, .figure.align-right, object.align-right, table.align-right {
+  clear: right ;
+  float: right ;
+  margin-left: 1em }
+
+img.align-center, .figure.align-center, object.align-center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+table.align-center {
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.align-left {
+  text-align: left }
+
+.align-center {
+  clear: both ;
+  text-align: center }
+
+.align-right {
+  text-align: right }
+
+/* reset inner alignment in figures */
+div.align-right {
+  text-align: inherit }
+
+/* div.align-center * { */
+/*   text-align: left } */
+
+.align-top    {
+  vertical-align: top }
+
+.align-middle {
+  vertical-align: middle }
+
+.align-bottom {
+  vertical-align: bottom }
+
+ol.simple, ul.simple {
+  margin-bottom: 1em }
+
+ol.arabic {
+  list-style: decimal }
+
+ol.loweralpha {
+  list-style: lower-alpha }
+
+ol.upperalpha {
+  list-style: upper-alpha }
+
+ol.lowerroman {
+  list-style: lower-roman }
+
+ol.upperroman {
+  list-style: upper-roman }
+
+p.attribution {
+  text-align: right ;
+  margin-left: 50% }
+
+p.caption {
+  font-style: italic }
+
+p.credits {
+  font-style: italic ;
+  font-size: smaller }
+
+p.label {
+  white-space: nowrap }
+
+p.rubric {
+  font-weight: bold ;
+  font-size: larger ;
+  color: maroon ;
+  text-align: center }
+
+p.sidebar-title {
+  font-family: sans-serif ;
+  font-weight: bold ;
+  font-size: larger }
+
+p.sidebar-subtitle {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+p.topic-title {
+  font-weight: bold }
+
+pre.address {
+  margin-bottom: 0 ;
+  margin-top: 0 ;
+  font: inherit }
+
+pre.literal-block, pre.doctest-block, pre.math, pre.code {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+pre.code .ln { color: grey; } /* line numbers */
+pre.code, code { background-color: #eeeeee }
+pre.code .comment, code .comment { color: #5C6576 }
+pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
+pre.code .literal.string, code .literal.string { color: #0C5404 }
+pre.code .name.builtin, code .name.builtin { color: #352B84 }
+pre.code .deleted, code .deleted { background-color: #DEB0A1}
+pre.code .inserted, code .inserted { background-color: #A3D289}
+
+span.classifier {
+  font-family: sans-serif ;
+  font-style: oblique }
+
+span.classifier-delimiter {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+span.interpreted {
+  font-family: sans-serif }
+
+span.option {
+  white-space: nowrap }
+
+span.pre {
+  white-space: pre }
+
+span.problematic {
+  color: red }
+
+span.section-subtitle {
+  /* font-size relative to parent (h1..h6 element) */
+  font-size: 80% }
+
+table.citation {
+  border-left: solid 1px gray;
+  margin-left: 1px }
+
+table.docinfo {
+  margin: 2em 4em }
+
+table.docutils {
+  margin-top: 0.5em ;
+  margin-bottom: 0.5em }
+
+table.footnote {
+  border-left: solid 1px black;
+  margin-left: 1px }
+
+table.docutils td, table.docutils th,
+table.docinfo td, table.docinfo th {
+  padding-left: 0.5em ;
+  padding-right: 0.5em ;
+  vertical-align: top }
+
+table.docutils th.field-name, table.docinfo th.docinfo-name {
+  font-weight: bold ;
+  text-align: left ;
+  white-space: nowrap ;
+  padding-left: 0 }
+
+/* "booktabs" style (no vertical lines) */
+table.docutils.booktabs {
+  border: 0px;
+  border-top: 2px solid;
+  border-bottom: 2px solid;
+  border-collapse: collapse;
+}
+table.docutils.booktabs * {
+  border: 0px;
+}
+table.docutils.booktabs th {
+  border-bottom: thin solid;
+  text-align: left;
+}
+
+h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
+h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
+  font-size: 100% }
+
+ul.auto-toc {
+  list-style-type: none }
+
+</style>
+</head>
+<body>
+<div class="document" id="vault">
+<h1 class="title">Vault</h1>
+
+<!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! This file is generated by oca-gen-addon-readme !!
+!! changes will be overwritten.                   !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! source digest: sha256:12d8822aab453f4a6f00d8151ec6cdef4c66ec07c08d88e6528c85f3526d0818
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/16.0/vault"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-vault"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
+<p>This module implements a vault for secrets and files using end-to-end-encryption. The encryption and decryption happens in the browser using a vault specific shared master key. The master keys are encrypted using asymmetrically. For this the user has to enter a second password on the first login or if he needs to access data in a vault. The asymmetric keys are stored for a certain time in the browser storage.</p>
+<p>The server can never access the secrets with the information available. Only people registered in the vault can decrypt or encrypt values in a vault. The meta data isn’t encrypted to be able to search/filter for entries more easily.</p>
+<p>This modules requires a secure context for the browser to work properly and therefore HTTPS support is required.</p>
+<p>The <a class="reference external" href="https://github.com/fkantelberg/vault-recovery">vault-recovery</a> project focuses on disaster recovery in case of an incident to recover secrets from old database backups or old exports.</p>
+<p><strong>Table of contents</strong></p>
+<div class="contents local topic" id="contents">
+<ul class="simple">
+<li><a class="reference internal" href="#known-issues-roadmap" id="toc-entry-1">Known issues / Roadmap</a></li>
+<li><a class="reference internal" href="#bug-tracker" id="toc-entry-2">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="toc-entry-3">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="toc-entry-4">Authors</a></li>
+<li><a class="reference internal" href="#contributors" id="toc-entry-5">Contributors</a></li>
+<li><a class="reference internal" href="#maintainers" id="toc-entry-6">Maintainers</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="section" id="known-issues-roadmap">
+<h1><a class="toc-backref" href="#toc-entry-1">Known issues / Roadmap</a></h1>
+<ul class="simple">
+<li>Field and file history for restoration</li>
+<li>Import improvement</li>
+</ul>
+<blockquote>
+<ul class="simple">
+<li>Support challenge-response/FIDO2</li>
+<li>Support for argon2 and kdbx v4</li>
+</ul>
+</blockquote>
+<ul>
+<li><p class="first">When changing an entry from one vault to another existing vault, the values added on
+this entry cannot be accessed, so the field vault is going to be readonly when it
+is defined.</p>
+<p>If you want to move entries between vaults you can use the export -&gt; import option.</p>
+</li>
+<li><p class="first">HTTPS or localhost (secure browser context) is required for the client side encryption</p>
+</li>
+</ul>
+</div>
+<div class="section" id="bug-tracker">
+<h1><a class="toc-backref" href="#toc-entry-2">Bug Tracker</a></h1>
+<p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/server-auth/issues">GitHub Issues</a>.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+<a class="reference external" href="https://github.com/OCA/server-auth/issues/new?body=module:%20vault%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+<p>Do not contact contributors directly about support or help with technical issues.</p>
+</div>
+<div class="section" id="credits">
+<h1><a class="toc-backref" href="#toc-entry-3">Credits</a></h1>
+<div class="section" id="authors">
+<h2><a class="toc-backref" href="#toc-entry-4">Authors</a></h2>
+<ul class="simple">
+<li>initOS GmbH</li>
+</ul>
+</div>
+<div class="section" id="contributors">
+<h2><a class="toc-backref" href="#toc-entry-5">Contributors</a></h2>
+<ul class="simple">
+<li>Florian Kantelberg &lt;<a class="reference external" href="mailto:florian.kantelberg&#64;initos.com">florian.kantelberg&#64;initos.com</a>&gt;</li>
+</ul>
+</div>
+<div class="section" id="maintainers">
+<h2><a class="toc-backref" href="#toc-entry-6">Maintainers</a></h2>
+<p>This module is maintained by the OCA.</p>
+<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
+<p>OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.</p>
+<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-auth/tree/16.0/vault">OCA/server-auth</a> project on GitHub.</p>
+<p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
+</div>
+</div>
+</div>
+</body>
+</html>
diff --git a/vault/static/lib/kdbxweb/kdbxweb.min.js b/vault/static/lib/kdbxweb/kdbxweb.min.js
new file mode 100644
index 0000000000..eee616aa20
--- /dev/null
+++ b/vault/static/lib/kdbxweb/kdbxweb.min.js
@@ -0,0 +1,2 @@
+/*! kdbxweb v1.10.0, (c) 2020 Antelle, opensource.org/licenses/MIT */
+!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t(require("crypto"),require("xmldom")):"function"==typeof define&&define.amd?define(["crypto","xmldom"],t):"object"==typeof exports?exports.kdbxweb=t(require("crypto"),require("xmldom")):e.kdbxweb=t(e.crypto,e.xmldom)}(this,(function(e,t){return function(e){var t={};function r(i){if(t[i])return t[i].exports;var n=t[i]={i:i,l:!1,exports:{}};return e[i].call(n.exports,n,n.exports,r),n.l=!0,n.exports}return r.m=e,r.c=t,r.d=function(e,t,i){r.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:i})},r.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.t=function(e,t){if(1&t&&(e=r(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var i=Object.create(null);if(r.r(i),Object.defineProperty(i,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var n in e)r.d(i,n,function(t){return e[t]}.bind(null,n));return i},r.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return r.d(t,"a",t),t},r.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},r.p="",r(r.s=29)}([function(e,t,r){"use strict";(function(t){var i=t.TextEncoder,n=t.TextDecoder;if(!i||!n){var o=r(40);i=o.TextEncoder,n=o.TextDecoder}var a=new i,s=new n;e.exports.arrayBufferEquals=function(e,t){if(e.byteLength!==t.byteLength)return!1;for(var r=new Uint8Array(e),i=new Uint8Array(t),n=0,o=r.length;n<o;n++)if(r[n]!==i[n])return!1;return!0},e.exports.bytesToString=function(e){return e instanceof ArrayBuffer&&(e=new Uint8Array(e)),s.decode(e)},e.exports.stringToBytes=function(e){return a.encode(e)},e.exports.base64ToBytes=function(e){if("undefined"==typeof atob&&"function"==typeof Buffer){var t=Buffer.from(e,"base64");return new Uint8Array(t)}for(var r=atob(e),i=new Uint8Array(r.length),n=0;n<r.length;n++)i[n]=r.charCodeAt(n);return i},e.exports.bytesToBase64=function(e){if(e instanceof ArrayBuffer&&(e=new Uint8Array(e)),"undefined"==typeof btoa&&"function"==typeof Buffer)return Buffer.from(e).toString("base64");for(var t="",r=0;r<e.length;r++)t+=String.fromCharCode(e[r]);return btoa(t)},e.exports.hexToBytes=function(e){for(var t=new Uint8Array(Math.ceil(e.length/2)),r=0;r<t.length;r++)t[r]=parseInt(e.substr(2*r,2),16);return t},e.exports.bytesToHex=function(e){e instanceof ArrayBuffer&&(e=new Uint8Array(e));for(var t="",r=0;r<e.length;r++){var i=e[r].toString(16);1===i.length&&(t+="0"),t+=i}return t},e.exports.arrayToBuffer=function(e){if(e instanceof ArrayBuffer)return e;var t=e.buffer;return 0===e.byteOffset&&e.byteLength===t.byteLength?t:e.buffer.slice(e.byteOffset,e.byteOffset+e.byteLength)},e.exports.zeroBuffer=function(e){e instanceof ArrayBuffer&&(e=new Uint8Array(e)),e.fill(0)}}).call(this,r(13))},function(e,t,r){"use strict";e.exports.Signatures={FileMagic:2594363651,Sig2Kdbx:3041655655,Sig2Kdb:3041655653},e.exports.ErrorCodes={NotImplemented:"NotImplemented",InvalidArg:"InvalidArg",BadSignature:"BadSignature",InvalidVersion:"InvalidVersion",Unsupported:"Unsupported",FileCorrupt:"FileCorrupt",InvalidKey:"InvalidKey",MergeError:"MergeError"},e.exports.CompressionAlgorithm={None:0,GZip:1},e.exports.CrsAlgorithm={Null:0,ArcFourVariant:1,Salsa20:2,ChaCha20:3},e.exports.KdfId={Argon2:"72Nt34wpREuR96mkA+MKDA==",Aes:"ydnzmmKKRGC/dA0IwYpP6g=="},e.exports.CipherId={Aes:"McHy5r9xQ1C+WAUhavxa/w==",ChaCha20:"1gOKK4tvTLWlJDOaMdu1mg=="},e.exports.AutoTypeObfuscationOptions={None:0,UseClipboard:1},e.exports.Defaults={KeyEncryptionRounds:3e5,MntncHistoryDays:365,HistoryMaxItems:10,HistoryMaxSize:6291456,RecycleBinName:"Recycle Bin"},e.exports.Icons={Key:0,World:1,Warning:2,NetworkServer:3,MarkedDirectory:4,UserCommunication:5,Parts:6,Notepad:7,WorldSocket:8,Identity:9,PaperReady:10,Digicam:11,IRCommunication:12,MultiKeys:13,Energy:14,Scanner:15,WorldStar:16,CDRom:17,Monitor:18,EMail:19,Configuration:20,ClipboardReady:21,PaperNew:22,Screen:23,EnergyCareful:24,EMailBox:25,Disk:26,Drive:27,PaperQ:28,TerminalEncrypted:29,Console:30,Printer:31,ProgramIcons:32,Run:33,Settings:34,WorldComputer:35,Archive:36,Homebanking:37,DriveWindows:39,Clock:39,EMailSearch:40,PaperFlag:41,Memory:42,TrashBin:43,Note:44,Expired:45,Info:46,Package:47,Folder:48,FolderOpen:49,FolderPackage:50,LockOpen:51,PaperLocked:52,Checked:53,Pen:54,Thumbnail:55,Book:56,List:57,UserKey:58,Tool:59,Home:60,Star:61,Tux:62,Feather:63,Apple:64,Wiki:65,Money:66,Certificate:67,BlackBerry:68}},function(e,t,r){"use strict";function i(e,t){this.name="KdbxError",this.code=e,this.message="Error "+e+(t?": "+t:"")}i.prototype=Error.prototype,e.exports=i},function(e,t,r){"use strict";(function(t){var i=r(0),n=r(2),o=r(1),a=r(24),s=t.crypto,d=s?s.subtle||s.webkitSubtle:null,h=t.process&&t.process.versions&&t.process.versions.node?r(42):null;function u(){}function l(){}u.prototype.importKey=function(e){var t=this;return d.importKey("raw",e,{name:"AES-CBC"},!1,["encrypt","decrypt"]).then((function(e){t.key=e}))},u.prototype.encrypt=function(e,t){return d.encrypt({name:"AES-CBC",iv:t},this.key,e)},u.prototype.decrypt=function(e,t){return d.decrypt({name:"AES-CBC",iv:t},this.key,e).catch((function(){throw new n(o.ErrorCodes.InvalidKey,"invalid key")}))},l.prototype.importKey=function(e){return this.key=e,Promise.resolve()},l.prototype.encrypt=function(e,t){var r=this;return Promise.resolve().then((function(){var n=h.createCipheriv("aes-256-cbc",Buffer.from(r.key),Buffer.from(t)),o=n.update(Buffer.from(e));return i.arrayToBuffer(Buffer.concat([o,n.final()]))}))},l.prototype.decrypt=function(e,t){var r=this;return Promise.resolve().then((function(){var n=h.createDecipheriv("aes-256-cbc",Buffer.from(r.key),Buffer.from(t)),o=n.update(Buffer.from(e));return i.arrayToBuffer(Buffer.concat([o,n.final()]))})).catch((function(){throw new n(o.ErrorCodes.InvalidKey,"invalid key")}))},e.exports.subtle=d,e.exports.webCrypto=s,e.exports.nodeCrypto=h,e.exports.sha256=function(e){return e.byteLength?d?d.digest({name:"SHA-256"},e):h?new Promise((function(t){t(h.createHash("sha256").update(Buffer.from(e)).digest().buffer)})):Promise.reject(new n(o.ErrorCodes.NotImplemented,"SHA256 not implemented")):Promise.resolve(i.arrayToBuffer(i.hexToBytes("e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")))},e.exports.sha512=function(e){return e.byteLength?d?d.digest({name:"SHA-512"},e):h?new Promise((function(t){t(h.createHash("sha512").update(Buffer.from(e)).digest().buffer)})):Promise.reject(new n(o.ErrorCodes.NotImplemented,"SHA512 not implemented")):Promise.resolve(i.arrayToBuffer(i.hexToBytes("cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e")))},e.exports.hmacSha256=function(e,t){if(d){var r={name:"HMAC",hash:{name:"SHA-256"}};return d.importKey("raw",e,r,!1,["sign"]).then((function(e){return d.sign(r,e,t)}))}return h?new Promise((function(r){r(h.createHmac("sha256",Buffer.from(e)).update(Buffer.from(t)).digest().buffer)})):Promise.reject(new n(o.ErrorCodes.NotImplemented,"HMAC-SHA256 not implemented"))},e.exports.random=function(e){if(d)return function(e){for(var t=new Uint8Array(e);e>0;){var r=e%65536;r=r>0?r:65536;var i=new Uint8Array(r);s.getRandomValues(i),e-=r,t.set(i,e)}return t}(e);if(h)return new Uint8Array(h.randomBytes(e));throw new n(o.ErrorCodes.NotImplemented,"Random not implemented")},e.exports.createAesCbc=function(){if(d)return new u;if(h)return new l;throw new n(o.ErrorCodes.NotImplemented,"AES-CBC not implemented")},e.exports.chacha20=function(e,t,r){return Promise.resolve().then((function(){var n=new a(new Uint8Array(t),new Uint8Array(r));return i.arrayToBuffer(n.encrypt(new Uint8Array(e)))}))},e.exports.argon2=function(e,t,r,i,a,s,d,h){return Promise.reject(new n(o.ErrorCodes.NotImplemented,"Argon2 not implemented"))},e.exports.configure=function(e,t,r){d=e,s=t,h=r}}).call(this,r(13))},function(e,t,r){"use strict";(function(t){var i=r(2),n=r(1),o=r(6),a=r(7),s=r(9),d=r(0),h=r(8),u=r(16),l=/\.\d\d\d/,c=t.DOMParser?t:r(44),f=t.DOMParser?void 0:{errorHandler:{error:function(e){throw e},fatalError:function(e){throw e}}},p=62135596800;function m(e){var t,r=f?new c.DOMParser(f):new c.DOMParser;try{t=r.parseFromString(e,"application/xml")}catch(e){throw new i(n.ErrorCodes.FileCorrupt,"bad xml: "+e.message)}if(!t.documentElement)throw new i(n.ErrorCodes.FileCorrupt,"bad xml");var o=t.getElementsByTagName("parsererror")[0];if(o)throw new i(n.ErrorCodes.FileCorrupt,"bad xml: "+o.textContent);return t}function y(e,t){var r=e.childNodes.length;if(0!==r){for(var i,n="\n"+"    ".repeat(t),o=t>0?"\n"+"    ".repeat(t-1):"",a=e.ownerDocument||e,s=[],d=0;d<r;d++)(i=e.childNodes[d]).nodeType!==a.TEXT_NODE&&i.nodeType!==a.PROCESSING_INSTRUCTION_NODE&&s.push(i);for(var h=0;h<s.length;h++){if(i=s[h],!(0===t&&0===h)){var u=a.createTextNode(n);e.insertBefore(u,i)}if(!i.nextSibling&&t>0){var l=a.createTextNode(o);e.appendChild(l)}y(i,t+1)}}}function g(e){if(e&&e.childNodes)return e.protectedValue?e.protectedValue.text:e.textContent}function _(e,t){e.textContent=t||""}function b(e){var t=g(e);return t?d.arrayToBuffer(d.base64ToBytes(t)):void 0}function v(e,t){"string"==typeof t&&(t=d.base64ToBytes(t)),_(e,t?d.bytesToBase64(d.arrayToBuffer(t)):void 0)}function w(e){switch(e&&e.toLowerCase&&e.toLowerCase()){case"true":return!0;case"false":return!1;case"null":return null}}function k(e,t){t(e);for(var r=0,i=e.childNodes,n=i.length;r<n;r++){var o=i[r];o.tagName&&k(o,t)}}e.exports.parse=m,e.exports.serialize=function(e,t){t&&y(e,0);var r=(new c.XMLSerializer).serializeToString(e);return t&&r.startsWith("<?")&&(r=r.replace(/^(<\?.*?\?>)</,"$1\n<")),r},e.exports.create=function(e){return m('<?xml version="1.0" encoding="utf-8" standalone="yes"?><'+e+"/>")},e.exports.getChildNode=function(e,t,r){if(e&&e.childNodes)for(var o=0,a=e.childNodes,s=a.length;o<s;o++)if(a[o].tagName===t)return a[o];if(r)throw new i(n.ErrorCodes.FileCorrupt,r);return null},e.exports.addChildNode=function(e,t){return e.appendChild((e.ownerDocument||e).createElement(t))},e.exports.getText=g,e.exports.setText=_,e.exports.getBytes=b,e.exports.setBytes=v,e.exports.getDate=function(e){var t=g(e);if(t){if(t.indexOf(":")>0)return new Date(t);var r=new DataView(d.arrayToBuffer(d.base64ToBytes(t))),i=new h(r.getUint32(0,!0),r.getUint32(4,!0)).value;return new Date(1e3*(i-p))}},e.exports.setDate=function(e,t,r){if(t)if(r){var i=Math.floor(t.getTime()/1e3)+p,n=new DataView(new ArrayBuffer(8)),o=h.from(i);n.setUint32(0,o.lo,!0),n.setUint32(4,o.hi,!0),_(e,d.bytesToBase64(n.buffer))}else _(e,t.toISOString().replace(l,""));else _(e,"")},e.exports.getNumber=function(e){var t=g(e);return t?+t:void 0},e.exports.setNumber=function(e,t){_(e,"number"!=typeof t||isNaN(t)?void 0:t.toString())},e.exports.getBoolean=function(e){var t=g(e);return t?w(t):void 0},e.exports.setBoolean=function(e,t){_(e,void 0===t?"":null===t?"null":t?"True":"False")},e.exports.strToBoolean=w,e.exports.getUuid=function(e){var t=b(e);return t?new a(t):void 0},e.exports.setUuid=function(e,t){v(e,t instanceof a?t.toBytes():t)},e.exports.getProtectedText=function(e){return e.protectedValue||e.textContent},e.exports.setProtectedText=function(e,t){t instanceof s?(e.protectedValue=t,e.setAttribute(o.Attr.Protected,"True")):_(e,t)},e.exports.getProtectedBinary=function(e){if(e.protectedValue)return e.protectedValue;var t=e.textContent,r=e.getAttribute(o.Attr.Ref);if(r)return{ref:r};if(t){var i=w(e.getAttribute(o.Attr.Compressed)),n=d.base64ToBytes(t);return i&&(n=u.ungzip(n)),d.arrayToBuffer(n)}},e.exports.setProtectedBinary=function(e,t){t instanceof s?(e.protectedValue=t,e.setAttribute(o.Attr.Protected,"True")):t&&t.ref?e.setAttribute(o.Attr.Ref,t.ref):v(e,t)},e.exports.setProtectedValues=function(e,t){k(e,(function(e){if(w(e.getAttribute(o.Attr.Protected)))try{var r=d.arrayToBuffer(d.base64ToBytes(e.textContent));if(r.byteLength){var a=t.getSalt(r.byteLength);e.protectedValue=new s(r,a)}}catch(t){throw new i(n.ErrorCodes.FileCorrupt,"bad protected value at line "+e.lineNumber+": "+t)}}))},e.exports.updateProtectedValuesSalt=function(e,t){k(e,(function(e){if(w(e.getAttribute(o.Attr.Protected))&&e.protectedValue){var r=t.getSalt(e.protectedValue.byteLength);e.protectedValue.setSalt(r),e.textContent=e.protectedValue.toString()}}))},e.exports.unprotectValues=function(e){k(e,(function(e){w(e.getAttribute(o.Attr.Protected))&&e.protectedValue&&(e.removeAttribute(o.Attr.Protected),e.setAttribute(o.Attr.ProtectedInMemPlainXml,"True"),e.textContent=e.protectedValue.getText())}))},e.exports.protectUnprotectedValues=function(e){k(e,(function(e){w(e.getAttribute(o.Attr.ProtectedInMemPlainXml))&&e.protectedValue&&(e.removeAttribute(o.Attr.ProtectedInMemPlainXml),e.setAttribute(o.Attr.Protected,"True"),e.textContent=e.protectedValue.toString())}))},e.exports.protectPlainValues=function(e){k(e,(function(e){w(e.getAttribute(o.Attr.ProtectedInMemPlainXml))&&(e.protectedValue=s.fromString(e.textContent),e.textContent=e.protectedValue.toString(),e.removeAttribute(o.Attr.ProtectedInMemPlainXml),e.setAttribute(o.Attr.Protected,"True"))}))}}).call(this,r(13))},function(e,t,r){"use strict";var i="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Int32Array;t.assign=function(e){for(var t=Array.prototype.slice.call(arguments,1);t.length;){var r=t.shift();if(r){if("object"!=typeof r)throw new TypeError(r+"must be non-object");for(var i in r)r.hasOwnProperty(i)&&(e[i]=r[i])}}return e},t.shrinkBuf=function(e,t){return e.length===t?e:e.subarray?e.subarray(0,t):(e.length=t,e)};var n={arraySet:function(e,t,r,i,n){if(t.subarray&&e.subarray)e.set(t.subarray(r,r+i),n);else for(var o=0;o<i;o++)e[n+o]=t[r+o]},flattenChunks:function(e){var t,r,i,n,o,a;for(i=0,t=0,r=e.length;t<r;t++)i+=e[t].length;for(a=new Uint8Array(i),n=0,t=0,r=e.length;t<r;t++)o=e[t],a.set(o,n),n+=o.length;return a}},o={arraySet:function(e,t,r,i,n){for(var o=0;o<i;o++)e[n+o]=t[r+o]},flattenChunks:function(e){return[].concat.apply([],e)}};t.setTyped=function(e){e?(t.Buf8=Uint8Array,t.Buf16=Uint16Array,t.Buf32=Int32Array,t.assign(t,n)):(t.Buf8=Array,t.Buf16=Array,t.Buf32=Array,t.assign(t,o))},t.setTyped(i)},function(e,t,r){"use strict";e.exports={Elem:{DocNode:"KeePassFile",Meta:"Meta",Root:"Root",Group:"Group",Entry:"Entry",Generator:"Generator",HeaderHash:"HeaderHash",SettingsChanged:"SettingsChanged",DbName:"DatabaseName",DbNameChanged:"DatabaseNameChanged",DbDesc:"DatabaseDescription",DbDescChanged:"DatabaseDescriptionChanged",DbDefaultUser:"DefaultUserName",DbDefaultUserChanged:"DefaultUserNameChanged",DbMntncHistoryDays:"MaintenanceHistoryDays",DbColor:"Color",DbKeyChanged:"MasterKeyChanged",DbKeyChangeRec:"MasterKeyChangeRec",DbKeyChangeForce:"MasterKeyChangeForce",RecycleBinEnabled:"RecycleBinEnabled",RecycleBinUuid:"RecycleBinUUID",RecycleBinChanged:"RecycleBinChanged",EntryTemplatesGroup:"EntryTemplatesGroup",EntryTemplatesGroupChanged:"EntryTemplatesGroupChanged",HistoryMaxItems:"HistoryMaxItems",HistoryMaxSize:"HistoryMaxSize",LastSelectedGroup:"LastSelectedGroup",LastTopVisibleGroup:"LastTopVisibleGroup",MemoryProt:"MemoryProtection",ProtTitle:"ProtectTitle",ProtUserName:"ProtectUserName",ProtPassword:"ProtectPassword",ProtUrl:"ProtectURL",ProtNotes:"ProtectNotes",CustomIcons:"CustomIcons",CustomIconItem:"Icon",CustomIconItemID:"UUID",CustomIconItemData:"Data",AutoType:"AutoType",History:"History",Name:"Name",Notes:"Notes",Uuid:"UUID",Icon:"IconID",CustomIconID:"CustomIconUUID",FgColor:"ForegroundColor",BgColor:"BackgroundColor",OverrideUrl:"OverrideURL",Times:"Times",Tags:"Tags",CreationTime:"CreationTime",LastModTime:"LastModificationTime",LastAccessTime:"LastAccessTime",ExpiryTime:"ExpiryTime",Expires:"Expires",UsageCount:"UsageCount",LocationChanged:"LocationChanged",GroupDefaultAutoTypeSeq:"DefaultAutoTypeSequence",EnableAutoType:"EnableAutoType",EnableSearching:"EnableSearching",String:"String",Binary:"Binary",Key:"Key",Value:"Value",AutoTypeEnabled:"Enabled",AutoTypeObfuscation:"DataTransferObfuscation",AutoTypeDefaultSeq:"DefaultSequence",AutoTypeItem:"Association",Window:"Window",KeystrokeSequence:"KeystrokeSequence",Binaries:"Binaries",IsExpanded:"IsExpanded",LastTopVisibleEntry:"LastTopVisibleEntry",DeletedObjects:"DeletedObjects",DeletedObject:"DeletedObject",DeletionTime:"DeletionTime",CustomData:"CustomData",StringDictExItem:"Item"},Attr:{Id:"ID",Ref:"Ref",Protected:"Protected",ProtectedInMemPlainXml:"ProtectInMemory",Compressed:"Compressed"},Val:{False:"False",True:"True"}}},function(e,t,r){"use strict";var i=r(0),n=r(10);function o(e){if(void 0===e&&(e=new ArrayBuffer(16)),"string"==typeof e&&(e=i.base64ToBytes(e)),this.id=16===e.byteLength?i.bytesToBase64(e):void 0,this.empty=!0,e)for(var t=new Uint8Array(e),r=0,n=t.length;r<n;r++)if(0!==t[r])return void(this.empty=!1)}o.prototype.equals=function(e){return e&&e.toString()===this.toString()||!1},Object.defineProperty(o.prototype,"bytes",{enumerable:!0,get:function(){return i.base64ToBytes(this.id)}}),o.random=function(){return new o(n.getBytes(16))},o.prototype.toString=function(){return this.id},o.prototype.valueOf=function(){return this.id},o.prototype.toBytes=function(){return this.id?i.base64ToBytes(this.id):void 0},e.exports=o},function(e,t,r){"use strict";function i(e,t){this.lo=e||0,this.hi=t||0}Object.defineProperty(i.prototype,"value",{enumerable:!0,get:function(){if(this.hi){if(this.hi>=2097152)throw new Error("too large number");return 4294967296*this.hi+this.lo}return this.lo}}),i.prototype.valueOf=function(){return this.value},i.from=function(e){if(e>9007199254740991)throw new Error("too large number");var t=e>>>0;return new i(t,(e-t)/4294967296>>>0)},e.exports=i},function(e,t,r){"use strict";var i=r(0),n=r(3),o=r(10),a=function(e,t){Object.defineProperty(this,"_value",{value:new Uint8Array(e)}),Object.defineProperty(this,"_salt",{value:new Uint8Array(t)})};a.prototype.toString=function(){return i.bytesToBase64(this._value)},a.fromString=function(e){for(var t=i.stringToBytes(e),r=o.getBytes(t.length),n=0,s=t.length;n<s;n++)t[n]^=r[n];return new a(i.arrayToBuffer(t),i.arrayToBuffer(r))},a.fromBinary=function(e){for(var t=new Uint8Array(e),r=o.getBytes(t.length),n=0,s=t.length;n<s;n++)t[n]^=r[n];return new a(i.arrayToBuffer(t),i.arrayToBuffer(r))},a.prototype.includes=function(e){if(0===e.length)return!1;var t,r,n=this._value,o=this._salt,a=i.stringToBytes(e),s=n.length,d=a.length,h=s-d;e:for(t=0;t<=h;t++){for(r=0;r<d;r++)if((n[t+r]^o[t+r])!==a[r])continue e;return!0}return!1},a.prototype.getHash=function(){var e=i.arrayToBuffer(this.getBinary());return n.sha256(e).then((function(t){return i.zeroBuffer(e),t}))},a.prototype.getText=function(){return i.bytesToString(this.getBinary())},a.prototype.getBinary=function(){for(var e=this._value,t=this._salt,r=new Uint8Array(e.byteLength),i=r.length-1;i>=0;i--)r[i]=e[i]^t[i];return r},a.prototype.setSalt=function(e){for(var t=new Uint8Array(e),r=this._value,i=this._salt,n=0,o=r.length;n<o;n++)r[n]=r[n]^i[n]^t[n],i[n]=t[n]},a.prototype.clone=function(){return new a(this._value,this._salt)},Object.defineProperty(a.prototype,"byteLength",{enumerable:!0,get:function(){return this._value.byteLength}}),e.exports=a},function(e,t,r){"use strict";for(var i=r(23),n=r(3),o=new Uint8Array(32),a=new Uint8Array(8),s=0;s<o.length;s++)o[s]=255*Math.random();for(var d=0;d<a.length;d++)a[s]=255*Math.random();var h=new i(o,a);e.exports.getBytes=function(e){if(!e)return new Uint8Array(0);h.getBytes(Math.round(Math.random()*e)+1);for(var t=h.getBytes(e),r=n.random(e),i=r.length-1;i>=0;--i)t[i]^=r[i];return t}},function(e,t,r){"use strict";function i(e){this._arrayBuffer=e||new ArrayBuffer(1024),this._dataView=new DataView(this._arrayBuffer),this._pos=0,this._canExpand=!e}["Int","Uint","Float"].forEach((function(e){("Float"===e?[4,8]:[1,2,4]).forEach((function(t){var r="get"+e+8*t;i.prototype[r]=function(e){var i=this._dataView[r].call(this._dataView,this._pos,e);return this._pos+=t,i};var n="set"+e+8*t;i.prototype[n]=function(e,r){this._checkCapacity(t),this._dataView[n].call(this._dataView,this._pos,e,r),this._pos+=t}}))})),i.prototype.getUint64=function(e){var t=this.getUint32(e),r=this.getUint32(e);return e?r*=4294967296:t*=4294967296,t+r},i.prototype.setUint64=function(e,t){t?(this.setUint32(4294967295&e,!0),this.setUint32(Math.floor(e/4294967296),!0)):(this._checkCapacity(8),this.setUint32(Math.floor(e/4294967296),!1),this.setUint32(4294967295&e,!1))},i.prototype.readBytes=function(e){var t=this._arrayBuffer.slice(this._pos,this._pos+e);return this._pos+=e,t},i.prototype.readBytesToEnd=function(){var e=this._arrayBuffer.byteLength-this._pos;return this.readBytes(e)},i.prototype.readBytesNoAdvance=function(e,t){return this._arrayBuffer.slice(e,t)},i.prototype.writeBytes=function(e){e instanceof ArrayBuffer&&(e=new Uint8Array(e)),this._checkCapacity(e.length),new Uint8Array(this._arrayBuffer).set(e,this._pos),this._pos+=e.length},i.prototype.getWrittenBytes=function(){return this._arrayBuffer.slice(0,this._pos)},i.prototype._checkCapacity=function(e){var t=this._arrayBuffer.byteLength-this._pos;if(this._canExpand&&t<e){for(var r=this._arrayBuffer.byteLength,i=this._pos+e;r<i;)r*=2;var n=new Uint8Array(r);n.set(new Uint8Array(this._arrayBuffer)),this._arrayBuffer=n.buffer,this._dataView=new DataView(this._arrayBuffer)}},Object.defineProperty(i.prototype,"pos",{enumerable:!0,get:function(){return this._pos}}),Object.defineProperty(i.prototype,"byteLength",{enumerable:!0,get:function(){return this._arrayBuffer.byteLength}}),e.exports=i},function(e,t,r){"use strict";e.exports={2:"need dictionary",1:"stream end",0:"","-1":"file error","-2":"stream error","-3":"data error","-4":"insufficient memory","-5":"buffer error","-6":"incompatible version"}},function(e,t){var r;r=function(){return this}();try{r=r||new Function("return this")()}catch(e){"object"==typeof window&&(r=window)}e.exports=r},function(e,t,r){"use strict";var i=r(2),n=r(1),o=r(0),a=r(8),s={UInt32:4,UInt64:5,Bool:8,Int32:12,Int64:13,String:24,Bytes:66};function d(){this._items=[],this._dict={},Object.preventExtensions(this)}d.ValueType=s,d.prototype.get=function(e){var t=this._dict[e];return t?t.value:void 0},d.prototype.keys=function(){return this._items.map((function(e){return e.key}))},Object.defineProperty(d.prototype,"length",{enumberable:!0,get:function(){return this._items.length}}),d.prototype.set=function(e,t,r){switch(t){case s.UInt32:if("number"!=typeof r||r<0)throw new i(n.ErrorCodes.InvalidArg);break;case s.UInt64:if(!(r instanceof a))throw new i(n.ErrorCodes.InvalidArg);break;case s.Bool:if("boolean"!=typeof r)throw new i(n.ErrorCodes.InvalidArg);break;case s.Int32:if("number"!=typeof r)throw new i(n.ErrorCodes.InvalidArg);break;case s.Int64:if(!(r instanceof a))throw new i(n.ErrorCodes.InvalidArg);break;case s.String:if("string"!=typeof r)throw new i(n.ErrorCodes.InvalidArg);break;case s.Bytes:if(r instanceof Uint8Array&&(r=o.arrayToBuffer(r)),!(r instanceof ArrayBuffer))throw new i(n.ErrorCodes.InvalidArg);break;default:throw new i(n.ErrorCodes.InvalidArg)}var d={key:e,type:t,value:r};if(this._dict[e]){var h=this._items.indexOf(this._dict[e]);this._items.splice(h,1,d)}else this._items.push(d);this._dict[e]=d},d.prototype.remove=function(e){this._items=this._items.filter((function(t){return t.key!==e})),delete this._dict[e]},d.read=function(e){var t=new d;for(t._readVersion(e);;){var r=t._readItem(e);if(!r)break;t._items.push(r),t._dict[r.key]=r}return t},d.prototype._readVersion=function(e){e.getUint8();var t=e.getUint8();if(0===t||t>1)throw new i(n.ErrorCodes.InvalidVersion)},d.prototype._readItem=function(e){var t=e.getUint8();if(!t)return!1;var r=e.getInt32(!0);if(r<=0)throw new i(n.ErrorCodes.FileCorrupt,"bad key length");var d,h=o.bytesToString(e.readBytes(r)),u=e.getInt32(!0);if(u<0)throw new i(n.ErrorCodes.FileCorrupt,"bad value length");switch(t){case s.UInt32:if(4!==u)throw new i(n.ErrorCodes.FileCorrupt,"bad uint32");d=e.getUint32(!0);break;case s.UInt64:if(8!==u)throw new i(n.ErrorCodes.FileCorrupt,"bad uint64");var l=e.getUint32(!0),c=e.getUint32(!0);d=new a(l,c);break;case s.Bool:if(1!==u)throw new i(n.ErrorCodes.FileCorrupt,"bad bool");d=0!==e.getUint8();break;case s.Int32:if(4!==u)throw new i(n.ErrorCodes.FileCorrupt,"bad int32");d=e.getInt32(!0);break;case s.Int64:if(8!==u)throw new i(n.ErrorCodes.FileCorrupt,"bad int64");var f=e.getUint32(!0),p=e.getUint32(!0);d=new a(f,p);break;case s.String:d=o.bytesToString(e.readBytes(u));break;case s.Bytes:d=e.readBytes(u);break;default:throw new i(n.ErrorCodes.FileCorrupt,"bad value type: "+t)}return{key:h,type:t,value:d}},d.prototype.write=function(e){this._writeVersion(e),Object.keys(this._items).forEach((function(t){this._writeItem(e,this._items[t])}),this),e.setUint8(0)},d.prototype._writeVersion=function(e){e.setUint16(256,!0)},d.prototype._writeItem=function(e,t){e.setUint8(t.type);var r=o.stringToBytes(t.key);switch(e.setInt32(r.length,!0),e.writeBytes(r),t.type){case s.UInt32:e.setInt32(4,!0),e.setUint32(t.value,!0);break;case s.UInt64:e.setInt32(8,!0),e.setUint32(t.value.lo,!0),e.setUint32(t.value.hi,!0);break;case s.Bool:e.setInt32(1,!0),e.setUint8(t.value?1:0);break;case s.Int32:e.setInt32(4,!0),e.setInt32(t.value,!0);break;case s.Int64:e.setInt32(8,!0),e.setUint32(t.value.lo,!0),e.setUint32(t.value.hi,!0);break;case s.String:var a=o.stringToBytes(t.value);e.setInt32(a.length,!0),e.writeBytes(a);break;case s.Bytes:var d=o.arrayToBuffer(t.value);e.setInt32(d.byteLength,!0),e.writeBytes(d);break;default:throw new i(n.ErrorCodes.Unsupported)}},e.exports=d},function(e,t,r){"use strict";var i=r(6),n=r(4),o={read:function(e){for(var t={},r=0,n=e.childNodes,a=n.length;r<a;r++){var s=n[r];s.tagName===i.Elem.StringDictExItem&&o._readItem(s,t)}return t},write:function(e,t){if(t){var r=n.addChildNode(e,i.Elem.CustomData);Object.keys(t).forEach((function(e){var o=t[e];if(o){var a=n.addChildNode(r,i.Elem.StringDictExItem);n.setText(n.addChildNode(a,i.Elem.Key),e),n.setText(n.addChildNode(a,i.Elem.Value),o)}}))}},_readItem:function(e,t){for(var r,o,a=0,s=e.childNodes,d=s.length;a<d;a++){var h=s[a];switch(h.tagName){case i.Elem.Key:r=n.getText(h);break;case i.Elem.Value:o=n.getText(h)}}r&&(t[r]=o)}};e.exports=o},function(e,t,r){"use strict";var i={};(0,r(5).assign)(i,r(32),r(35),r(21)),e.exports=i},function(e,t,r){"use strict";e.exports=function(e,t,r,i){for(var n=65535&e|0,o=e>>>16&65535|0,a=0;0!==r;){r-=a=r>2e3?2e3:r;do{o=o+(n=n+t[i++]|0)|0}while(--a);n%=65521,o%=65521}return n|o<<16|0}},function(e,t,r){"use strict";var i=function(){for(var e,t=[],r=0;r<256;r++){e=r;for(var i=0;i<8;i++)e=1&e?3988292384^e>>>1:e>>>1;t[r]=e}return t}();e.exports=function(e,t,r,n){var o=i,a=n+r;e^=-1;for(var s=n;s<a;s++)e=e>>>8^o[255&(e^t[s])];return-1^e}},function(e,t,r){"use strict";var i=r(5),n=!0,o=!0;try{String.fromCharCode.apply(null,[0])}catch(e){n=!1}try{String.fromCharCode.apply(null,new Uint8Array(1))}catch(e){o=!1}for(var a=new i.Buf8(256),s=0;s<256;s++)a[s]=s>=252?6:s>=248?5:s>=240?4:s>=224?3:s>=192?2:1;function d(e,t){if(t<65537&&(e.subarray&&o||!e.subarray&&n))return String.fromCharCode.apply(null,i.shrinkBuf(e,t));for(var r="",a=0;a<t;a++)r+=String.fromCharCode(e[a]);return r}a[254]=a[254]=1,t.string2buf=function(e){var t,r,n,o,a,s=e.length,d=0;for(o=0;o<s;o++)55296==(64512&(r=e.charCodeAt(o)))&&o+1<s&&56320==(64512&(n=e.charCodeAt(o+1)))&&(r=65536+(r-55296<<10)+(n-56320),o++),d+=r<128?1:r<2048?2:r<65536?3:4;for(t=new i.Buf8(d),a=0,o=0;a<d;o++)55296==(64512&(r=e.charCodeAt(o)))&&o+1<s&&56320==(64512&(n=e.charCodeAt(o+1)))&&(r=65536+(r-55296<<10)+(n-56320),o++),r<128?t[a++]=r:r<2048?(t[a++]=192|r>>>6,t[a++]=128|63&r):r<65536?(t[a++]=224|r>>>12,t[a++]=128|r>>>6&63,t[a++]=128|63&r):(t[a++]=240|r>>>18,t[a++]=128|r>>>12&63,t[a++]=128|r>>>6&63,t[a++]=128|63&r);return t},t.buf2binstring=function(e){return d(e,e.length)},t.binstring2buf=function(e){for(var t=new i.Buf8(e.length),r=0,n=t.length;r<n;r++)t[r]=e.charCodeAt(r);return t},t.buf2string=function(e,t){var r,i,n,o,s=t||e.length,h=new Array(2*s);for(i=0,r=0;r<s;)if((n=e[r++])<128)h[i++]=n;else if((o=a[n])>4)h[i++]=65533,r+=o-1;else{for(n&=2===o?31:3===o?15:7;o>1&&r<s;)n=n<<6|63&e[r++],o--;o>1?h[i++]=65533:n<65536?h[i++]=n:(n-=65536,h[i++]=55296|n>>10&1023,h[i++]=56320|1023&n)}return d(h,i)},t.utf8border=function(e,t){var r;for((t=t||e.length)>e.length&&(t=e.length),r=t-1;r>=0&&128==(192&e[r]);)r--;return r<0||0===r?t:r+a[e[r]]>t?r:t}},function(e,t,r){"use strict";e.exports=function(){this.input=null,this.next_in=0,this.avail_in=0,this.total_in=0,this.output=null,this.next_out=0,this.avail_out=0,this.total_out=0,this.msg="",this.state=null,this.data_type=2,this.adler=0}},function(e,t,r){"use strict";e.exports={Z_NO_FLUSH:0,Z_PARTIAL_FLUSH:1,Z_SYNC_FLUSH:2,Z_FULL_FLUSH:3,Z_FINISH:4,Z_BLOCK:5,Z_TREES:6,Z_OK:0,Z_STREAM_END:1,Z_NEED_DICT:2,Z_ERRNO:-1,Z_STREAM_ERROR:-2,Z_DATA_ERROR:-3,Z_BUF_ERROR:-5,Z_NO_COMPRESSION:0,Z_BEST_SPEED:1,Z_BEST_COMPRESSION:9,Z_DEFAULT_COMPRESSION:-1,Z_FILTERED:1,Z_HUFFMAN_ONLY:2,Z_RLE:3,Z_FIXED:4,Z_DEFAULT_STRATEGY:0,Z_BINARY:0,Z_TEXT:1,Z_UNKNOWN:2,Z_DEFLATED:8}},function(e,t,r){"use strict";var i=r(7),n=r(1),o=r(9),a=r(2),s=r(11),d=r(0),h=r(14),u=r(8),l=r(10),c=[{name:"EndOfHeader"},{name:"Comment"},{name:"CipherID"},{name:"CompressionFlags"},{name:"MasterSeed"},{name:"TransformSeed",ver:[3]},{name:"TransformRounds",ver:[3]},{name:"EncryptionIV"},{name:"ProtectedStreamKey",ver:[3]},{name:"StreamStartBytes",ver:[3]},{name:"InnerRandomStreamID",ver:[3]},{name:"KdfParameters",ver:[4]},{name:"PublicCustomData",ver:[4]}],f=[{name:"EndOfHeader"},{name:"InnerRandomStreamID"},{name:"InnerRandomStreamKey"},{name:"Binary",skipHeader:!0}],p={DefaultFileVersionMajor:4,DefaultFileVersionMinor:0,MaxFileVersionMajor:4,MaxFileVersionMinor:1,MaxSupportedVersion:4,FlagBinaryProtected:1,InnerHeaderBinaryFieldId:3,DefaultKdfAlgo:n.KdfId.Argon2,DefaultKdfSaltLength:32,DefaultKdfParallelism:1,DefaultKdfIterations:2,DefaultKdfMemory:1048576,DefaultKdfVersion:19},m={3:1,4:0},y=function(){this.versionMajor=void 0,this.versionMinor=void 0,this.dataCipherUuid=void 0,this.compression=void 0,this.masterSeed=void 0,this.transformSeed=void 0,this.keyEncryptionRounds=void 0,this.encryptionIV=void 0,this.protectedStreamKey=void 0,this.streamStartBytes=void 0,this.crsAlgorithm=void 0,this.endPos=void 0,this.kdfParameters=void 0,this.publicCustomData=void 0,Object.preventExtensions(this)};y.prototype._readSignature=function(e){if(e.byteLength<8)throw new a(n.ErrorCodes.FileCorrupt,"not enough data");var t=e.getUint32(!0),r=e.getUint32(!0);if(t!==n.Signatures.FileMagic||r!==n.Signatures.Sig2Kdbx)throw new a(n.ErrorCodes.BadSignature)},y.prototype._writeSignature=function(e){e.setUint32(n.Signatures.FileMagic,!0),e.setUint32(n.Signatures.Sig2Kdbx,!0)},y.prototype._readVersion=function(e){var t=e.getUint16(!0),r=e.getUint16(!0);if(r>p.MaxSupportedVersion)throw new a(n.ErrorCodes.InvalidVersion);this.versionMinor=t,this.versionMajor=r},y.prototype._writeVersion=function(e){e.setUint16(this.versionMinor,!0),e.setUint16(this.versionMajor,!0)},y.prototype._readCipherID=function(e){if(16!==e.byteLength)throw new a(n.ErrorCodes.Unsupported,"cipher");this.dataCipherUuid=new i(e)},y.prototype._writeCipherID=function(e){this._writeFieldSize(e,16),e.writeBytes(this.dataCipherUuid.bytes)},y.prototype._readCompressionFlags=function(e){var t=new DataView(e).getUint32(e,!0);if(t<0||t>=Object.keys(n.CompressionAlgorithm).length)throw new a(n.ErrorCodes.Unsupported,"compression");this.compression=t},y.prototype._writeCompressionFlags=function(e){this._writeFieldSize(e,4),e.setUint32(this.compression,!0)},y.prototype._readMasterSeed=function(e){this.masterSeed=e},y.prototype._writeMasterSeed=function(e){this._writeFieldBytes(e,this.masterSeed)},y.prototype._readTransformSeed=function(e){this.transformSeed=e},y.prototype._writeTransformSeed=function(e){this._writeFieldBytes(e,this.transformSeed)},y.prototype._readTransformRounds=function(e){this.keyEncryptionRounds=new s(e).getUint64(!0)},y.prototype._writeTransformRounds=function(e){this._writeFieldSize(e,8),e.setUint64(this.keyEncryptionRounds,!0)},y.prototype._readEncryptionIV=function(e){this.encryptionIV=e},y.prototype._writeEncryptionIV=function(e){this._writeFieldBytes(e,this.encryptionIV)},y.prototype._readProtectedStreamKey=function(e){this.protectedStreamKey=e},y.prototype._writeProtectedStreamKey=function(e){this._writeFieldBytes(e,this.protectedStreamKey)},y.prototype._readStreamStartBytes=function(e){this.streamStartBytes=e},y.prototype._writeStreamStartBytes=function(e){this._writeFieldBytes(e,this.streamStartBytes)},y.prototype._readInnerRandomStreamID=function(e){this.crsAlgorithm=new DataView(e).getUint32(e,!0)},y.prototype._writeInnerRandomStreamID=function(e){this._writeFieldSize(e,4),e.setUint32(this.crsAlgorithm,!0)},y.prototype._readInnerRandomStreamKey=function(e){this.protectedStreamKey=e},y.prototype._writeInnerRandomStreamKey=function(e){this._writeFieldBytes(e,this.protectedStreamKey)},y.prototype._readKdfParameters=function(e){this.kdfParameters=h.read(new s(e))},y.prototype._writeKdfParameters=function(e){var t=new s;this.kdfParameters.write(t),this._writeFieldBytes(e,t.getWrittenBytes())},y.prototype._readPublicCustomData=function(e){this.publicCustomData=h.read(new s(e))},y.prototype._hasPublicCustomData=function(){return this.publicCustomData},y.prototype._writePublicCustomData=function(e){if(this.publicCustomData){var t=new s;this.publicCustomData.write(t),this._writeFieldBytes(e,t.getWrittenBytes())}},y.prototype._readBinary=function(e,t){var r=new DataView(e).getUint8(0)&p.FlagBinaryProtected,i=e.slice(1),n=r?o.fromBinary(i):i,a=Object.keys(t.kdbx.binaries).length;t.kdbx.binaries[a]=n},y.prototype._writeBinary=function(e,t){if(!(this.versionMajor<4))for(var r=t.kdbx.binaries.hashOrder,i=0;i<r.length;i++){e.setUint8(p.InnerHeaderBinaryFieldId);var s=t.kdbx.binaries[r[i]];if(!s)throw new a(n.ErrorCodes.FileCorrupt,"no binary "+i);if(s instanceof o){var h=s.getBinary();this._writeFieldSize(e,h.byteLength+1),e.setUint8(p.FlagBinaryProtected),e.writeBytes(h),d.zeroBuffer(h)}else s=d.arrayToBuffer(s),this._writeFieldSize(e,s.byteLength+1),e.setUint8(0),e.writeBytes(s)}},y.prototype._writeEndOfHeader=function(e){this._writeFieldSize(e,4),e.setUint32(13675786)},y.prototype._readField=function(e,t,r){var i,n=e.getUint8(),o=this._readFieldSize(e);o>0&&(i=e.readBytes(o));var a=t[n];if(a){var s=this["_read"+a.name];s&&s.call(this,i,r)}return 0!==n},y.prototype._writeField=function(e,t,r,i){var n=r[t];if(n){if(n.ver&&n.ver.indexOf(this.versionMajor)<0)return;var o=this["_write"+n.name];if(o){var a=this["_has"+n.name];if(a&&!a.call(this))return;n.skipHeader||e.setUint8(t),o.call(this,e,i)}}},y.prototype._readFieldSize=function(e){return this.versionMajor>=4?e.getUint32(!0):e.getUint16(!0)},y.prototype._writeFieldSize=function(e,t){this.versionMajor>=4?e.setUint32(t,!0):e.setUint16(t,!0)},y.prototype._writeFieldBytes=function(e,t){this._writeFieldSize(e,t.byteLength),e.writeBytes(t)},y.prototype._validate=function(){if(void 0===this.dataCipherUuid)throw new a(n.ErrorCodes.FileCorrupt,"no cipher in header");if(void 0===this.compression)throw new a(n.ErrorCodes.FileCorrupt,"no compression in header");if(!this.masterSeed)throw new a(n.ErrorCodes.FileCorrupt,"no master seed in header");if(this.versionMajor<4&&!this.transformSeed)throw new a(n.ErrorCodes.FileCorrupt,"no transform seed in header");if(this.versionMajor<4&&!this.keyEncryptionRounds)throw new a(n.ErrorCodes.FileCorrupt,"no key encryption rounds in header");if(!this.encryptionIV)throw new a(n.ErrorCodes.FileCorrupt,"no encryption iv in header");if(this.versionMajor<4&&!this.protectedStreamKey)throw new a(n.ErrorCodes.FileCorrupt,"no protected stream key in header");if(this.versionMajor<4&&!this.streamStartBytes)throw new a(n.ErrorCodes.FileCorrupt,"no stream start bytes in header");if(this.versionMajor<4&&!this.crsAlgorithm)throw new a(n.ErrorCodes.FileCorrupt,"no crs algorithm in header");if(this.versionMajor>=4&&!this.kdfParameters)throw new a(n.ErrorCodes.FileCorrupt,"no kdf parameters in header")},y.prototype._validateInner=function(){if(!this.protectedStreamKey)throw new a(n.ErrorCodes.FileCorrupt,"no protected stream key in header");if(!this.crsAlgorithm)throw new a(n.ErrorCodes.FileCorrupt,"no crs algorithm in header")},y.prototype._createKdfParameters=function(e){switch(e||(e=p.DefaultKdfAlgo),e){case n.KdfId.Argon2:this.kdfParameters=new h,this.kdfParameters.set("$UUID",h.ValueType.Bytes,d.base64ToBytes(n.KdfId.Argon2)),this.kdfParameters.set("S",h.ValueType.Bytes,l.getBytes(p.DefaultKdfSaltLength)),this.kdfParameters.set("P",h.ValueType.UInt32,p.DefaultKdfParallelism),this.kdfParameters.set("I",h.ValueType.UInt64,new u(p.DefaultKdfIterations)),this.kdfParameters.set("M",h.ValueType.UInt64,new u(p.DefaultKdfMemory)),this.kdfParameters.set("V",h.ValueType.UInt32,p.DefaultKdfVersion);break;case n.KdfId.Aes:this.kdfParameters=new h,this.kdfParameters.set("$UUID",h.ValueType.Bytes,d.base64ToBytes(n.KdfId.Aes)),this.kdfParameters.set("S",h.ValueType.Bytes,l.getBytes(p.DefaultKdfSaltLength)),this.kdfParameters.set("R",h.ValueType.UInt64,new u(n.Defaults.KeyEncryptionRounds));break;default:throw new a(n.ErrorCodes.InvalidArg,"bad KDF algo")}},y.prototype.write=function(e){this._validate(),this._writeSignature(e),this._writeVersion(e);for(var t=1;t<c.length;t++)this._writeField(e,t,c);this._writeField(e,0,c),this.endPos=e.pos},y.prototype.writeInnerHeader=function(e,t){this._validateInner();for(var r=1;r<f.length;r++)this._writeField(e,r,f,t);this._writeField(e,0,f)},y.prototype.generateSalts=function(){if(this.masterSeed=l.getBytes(32),this.versionMajor<4)this.transformSeed=l.getBytes(32),this.streamStartBytes=l.getBytes(32),this.protectedStreamKey=l.getBytes(32),this.encryptionIV=l.getBytes(16);else{this.protectedStreamKey=l.getBytes(64),this.kdfParameters.set("S",h.ValueType.Bytes,l.getBytes(32));var e=this.dataCipherUuid.toString()===n.CipherId.ChaCha20?12:16;this.encryptionIV=l.getBytes(e)}},y.prototype.setVersion=function(e){if(3!==e&&4!==e)throw new a(n.ErrorCodes.InvalidArg,"bad file version");this.versionMajor=e,this.versionMinor=m[e],4===this.versionMajor?(this.kdfParameters||this._createKdfParameters(),this.crsAlgorithm=n.CrsAlgorithm.ChaCha20,this.keyEncryptionRounds=void 0):(this.kdfParameters=void 0,this.crsAlgorithm=n.CrsAlgorithm.Salsa20,this.keyEncryptionRounds=n.Defaults.KeyEncryptionRounds)},y.prototype.setKdf=function(e){this._createKdfParameters(e)},y.read=function(e,t){var r=new y;for(r._readSignature(e),r._readVersion(e);r._readField(e,c,t););return r.endPos=e.pos,r._validate(),r},y.prototype.readInnerHeader=function(e,t){for(;this._readField(e,f,t););this._validateInner()},y.create=function(){var e=new y;return e.versionMajor=p.DefaultFileVersionMajor,e.versionMinor=p.DefaultFileVersionMinor,e.dataCipherUuid=new i(n.CipherId.Aes),e.compression=n.CompressionAlgorithm.GZip,e.crsAlgorithm=n.CrsAlgorithm.ChaCha20,e._createKdfParameters(),e},y.MaxFileVersion=p.MaxFileVersionMajor,e.exports=y},function(e,t,r){"use strict";function i(e,t){this.rounds=20,this.sigmaWords=[1634760805,857760878,2036477234,1797285236],this.keyWords=[],this.nonceWords=[0,0],this.counterWords=[0,0],this.block=[],this.blockUsed=64,this.setKey(e),this.setNonce(t)}i.prototype.setKey=function(e){for(var t=0,r=0;t<8;t++,r+=4)this.keyWords[t]=255&e[r]|(255&e[r+1])<<8|(255&e[r+2])<<16|(255&e[r+3])<<24;this._reset()},i.prototype.setNonce=function(e){this.nonceWords[0]=255&e[0]|(255&e[1])<<8|(255&e[2])<<16|(255&e[3])<<24,this.nonceWords[1]=255&e[4]|(255&e[5])<<8|(255&e[6])<<16|(255&e[7])<<24,this._reset()},i.prototype.getBytes=function(e){for(var t=new Uint8Array(e),r=0;r<e;r++)64===this.blockUsed&&(this._generateBlock(),this._incrementCounter(),this.blockUsed=0),t[r]=this.block[this.blockUsed],this.blockUsed++;return t},i.prototype.getHexString=function(e){for(var t=["0","1","2","3","4","5","6","7","8","9","a","b","c","d","e","f"],r=[],i=this.getBytes(e),n=0;n<i.length;n++)r.push(t[i[n]>>4&15]),r.push(t[15&i[n]]);return r.join("")},i.prototype._reset=function(){this.counterWords[0]=0,this.counterWords[1]=0,this.blockUsed=64},i.prototype._incrementCounter=function(){this.counterWords[0]=this.counterWords[0]+1&4294967295,0===this.counterWords[0]&&(this.counterWords[1]=this.counterWords[1]+1&4294967295)},i.prototype._generateBlock=function(){for(var e,t=this.sigmaWords[0],r=this.keyWords[0],i=this.keyWords[1],n=this.keyWords[2],o=this.keyWords[3],a=this.sigmaWords[1],s=this.nonceWords[0],d=this.nonceWords[1],h=this.counterWords[0],u=this.counterWords[1],l=this.sigmaWords[2],c=this.keyWords[4],f=this.keyWords[5],p=this.keyWords[6],m=this.keyWords[7],y=this.sigmaWords[3],g=t,_=r,b=i,v=n,w=o,k=a,C=s,x=d,E=h,B=u,T=l,A=c,S=f,U=p,D=m,I=y,N=0;N<this.rounds;N+=2)g^=(e=(S^=(e=(E^=(e=(w^=(e=g+S)<<7|e>>>25)+g)<<9|e>>>23)+w)<<13|e>>>19)+E)<<18|e>>>14,k^=(e=(_^=(e=(U^=(e=(B^=(e=k+_)<<7|e>>>25)+k)<<9|e>>>23)+B)<<13|e>>>19)+U)<<18|e>>>14,T^=(e=(C^=(e=(b^=(e=(D^=(e=T+C)<<7|e>>>25)+T)<<9|e>>>23)+D)<<13|e>>>19)+b)<<18|e>>>14,I^=(e=(A^=(e=(x^=(e=(v^=(e=I+A)<<7|e>>>25)+I)<<9|e>>>23)+v)<<13|e>>>19)+x)<<18|e>>>14,g^=(e=(v^=(e=(b^=(e=(_^=(e=g+v)<<7|e>>>25)+g)<<9|e>>>23)+_)<<13|e>>>19)+b)<<18|e>>>14,k^=(e=(w^=(e=(x^=(e=(C^=(e=k+w)<<7|e>>>25)+k)<<9|e>>>23)+C)<<13|e>>>19)+x)<<18|e>>>14,T^=(e=(B^=(e=(E^=(e=(A^=(e=T+B)<<7|e>>>25)+T)<<9|e>>>23)+A)<<13|e>>>19)+E)<<18|e>>>14,I^=(e=(D^=(e=(U^=(e=(S^=(e=I+D)<<7|e>>>25)+I)<<9|e>>>23)+S)<<13|e>>>19)+U)<<18|e>>>14;g+=t,_+=r,b+=i,v+=n,w+=o,k+=a,C+=s,x+=d,E+=h,B+=u,T+=l,A+=c,S+=f,U+=p,D+=m,I+=y,this.block[0]=g>>>0&255,this.block[1]=g>>>8&255,this.block[2]=g>>>16&255,this.block[3]=g>>>24&255,this.block[4]=_>>>0&255,this.block[5]=_>>>8&255,this.block[6]=_>>>16&255,this.block[7]=_>>>24&255,this.block[8]=b>>>0&255,this.block[9]=b>>>8&255,this.block[10]=b>>>16&255,this.block[11]=b>>>24&255,this.block[12]=v>>>0&255,this.block[13]=v>>>8&255,this.block[14]=v>>>16&255,this.block[15]=v>>>24&255,this.block[16]=w>>>0&255,this.block[17]=w>>>8&255,this.block[18]=w>>>16&255,this.block[19]=w>>>24&255,this.block[20]=k>>>0&255,this.block[21]=k>>>8&255,this.block[22]=k>>>16&255,this.block[23]=k>>>24&255,this.block[24]=C>>>0&255,this.block[25]=C>>>8&255,this.block[26]=C>>>16&255,this.block[27]=C>>>24&255,this.block[28]=x>>>0&255,this.block[29]=x>>>8&255,this.block[30]=x>>>16&255,this.block[31]=x>>>24&255,this.block[32]=E>>>0&255,this.block[33]=E>>>8&255,this.block[34]=E>>>16&255,this.block[35]=E>>>24&255,this.block[36]=B>>>0&255,this.block[37]=B>>>8&255,this.block[38]=B>>>16&255,this.block[39]=B>>>24&255,this.block[40]=T>>>0&255,this.block[41]=T>>>8&255,this.block[42]=T>>>16&255,this.block[43]=T>>>24&255,this.block[44]=A>>>0&255,this.block[45]=A>>>8&255,this.block[46]=A>>>16&255,this.block[47]=A>>>24&255,this.block[48]=S>>>0&255,this.block[49]=S>>>8&255,this.block[50]=S>>>16&255,this.block[51]=S>>>24&255,this.block[52]=U>>>0&255,this.block[53]=U>>>8&255,this.block[54]=U>>>16&255,this.block[55]=U>>>24&255,this.block[56]=D>>>0&255,this.block[57]=D>>>8&255,this.block[58]=D>>>16&255,this.block[59]=D>>>24&255,this.block[60]=I>>>0&255,this.block[61]=I>>>8&255,this.block[62]=I>>>16&255,this.block[63]=I>>>24&255},e.exports=i},function(e,t,r){"use strict";function i(e,t){this.sigmaWords=[1634760805,857760878,2036477234,1797285236],this.block=new Uint8Array(64),this.blockUsed=64,this.x=new Uint32Array(16);var r=new Uint32Array(16);r[0]=this.sigmaWords[0],r[1]=this.sigmaWords[1],r[2]=this.sigmaWords[2],r[3]=this.sigmaWords[3],r[4]=o(e,0),r[5]=o(e,4),r[6]=o(e,8),r[7]=o(e,12),r[8]=o(e,16),r[9]=o(e,20),r[10]=o(e,24),r[11]=o(e,28),r[12]=0,12===t.length?(r[13]=o(t,0),r[14]=o(t,4),r[15]=o(t,8)):(r[13]=0,r[14]=o(t,0),r[15]=o(t,4)),this.input=r}function n(e,t,r,i,n){e[t]+=e[r],e[n]=s(e[n]^e[t],16),e[i]+=e[n],e[r]=s(e[r]^e[i],12),e[t]+=e[r],e[n]=s(e[n]^e[t],8),e[i]+=e[n],e[r]=s(e[r]^e[i],7)}function o(e,t){return e[t]|e[t+1]<<8|e[t+2]<<16|e[t+3]<<24}function a(e,t,r){e[t]=r,r>>>=8,e[t+1]=r,r>>>=8,e[t+2]=r,r>>>=8,e[t+3]=r}function s(e,t){return e<<t|e>>>32-t}i.prototype.getBytes=function(e){for(var t=new Uint8Array(e),r=0;r<e;r++)64===this.blockUsed&&(this._generateBlock(),this.blockUsed=0),t[r]=this.block[this.blockUsed],this.blockUsed++;return t},i.prototype._generateBlock=function(){var e,t=this.input,r=this.x,i=this.block;for(r.set(t),e=20;e>0;e-=2)n(r,0,4,8,12),n(r,1,5,9,13),n(r,2,6,10,14),n(r,3,7,11,15),n(r,0,5,10,15),n(r,1,6,11,12),n(r,2,7,8,13),n(r,3,4,9,14);for(e=16;e--;)r[e]+=t[e];for(e=16;e--;)a(i,4*e,r[e]);t[12]+=1,t[12]||(t[13]+=1)},i.prototype.encrypt=function(e){for(var t=e.length,r=new Uint8Array(t),i=0,n=this.block;i<t;){this._generateBlock();for(var o=Math.min(t-i,64),a=0;a<o;a++)r[i]=e[i]^n[a],i++}return r},e.exports=i},function(e,t,r){"use strict";var i=r(0),n=r(3),o=16;function a(e,t,r){for(var n=Promise.resolve(i.arrayToBuffer(t)),a=new Uint8Array(o*Math.min(r,1e4));r>0;){var d=Math.min(r,1e4);r-=d;var h=o*d;n=s(e,n,a.length===h?a.buffer:i.arrayToBuffer(a.subarray(0,h)))}return n.then((function(e){return new Uint8Array(e)}))}function s(e,t,r){return t.then((function(t){return e.encrypt(r,t)})).then((function(e){var t=i.arrayToBuffer(new Uint8Array(e).subarray(-32,-16));return i.zeroBuffer(e),t}))}e.exports.encrypt=function(e,t,r){var s=n.createAesCbc();return s.importKey(i.arrayToBuffer(t)).then((function(){for(var t=[],i=0;i<32;i+=o)t.push(a(s,e.subarray(i,i+o),r));return Promise.all(t)})).then((function(e){var t=new Uint8Array(32);return e.forEach((function(e,r){for(var n=r*o,a=0;a<o;++a)t[a+n]=e[a];i.zeroBuffer(e)})),t}))}},function(e,t,r){"use strict";var i=r(9),n=r(2),o=r(1),a=r(0),s=r(4),d=r(10),h=r(3),u=function(e,t,r){var i=this;this.ready=Promise.all([this.setPassword(e),this.setKeyFile(t),this.setChallengeResponse(r)]).then((function(){return i}))};u.prototype.setPassword=function(e){if(null!==e){if(e instanceof i){var t=this;return e.getHash().then((function(e){t.passwordHash=i.fromBinary(e)}))}return Promise.reject(new n(o.ErrorCodes.InvalidArg,"password"))}return this.passwordHash=null,Promise.resolve()},u.prototype.setKeyFile=function(e){if(e&&!(e instanceof ArrayBuffer)&&!(e instanceof Uint8Array))return Promise.reject(new n(o.ErrorCodes.InvalidArg,"keyFile"));if(e){if(32===e.byteLength)return this.keyFileHash=i.fromBinary(a.arrayToBuffer(e)),Promise.resolve();try{var t;if((t=a.bytesToString(a.arrayToBuffer(e))).match(/^[a-f\d]{64}$/i)){var r=a.hexToBytes(t);return void(this.keyFileHash=i.fromBinary(r))}var d=s.parse(t.trim()),u=s.getChildNode(d.documentElement,"Key"),l=s.getChildNode(u,"Data");this.keyFileHash=i.fromBinary(a.base64ToBytes(l.textContent))}catch(t){var c=this;return h.sha256(e).then((function(e){c.keyFileHash=i.fromBinary(e)}))}}else this.keyFileHash=null;return Promise.resolve()},u.prototype.setChallengeResponse=function(e){return this.challengeResponse=e,Promise.resolve()},u.prototype.getHash=function(e){var t=this;return this.ready.then((function(){return t.getChallengeResponse(e).then((function(e){var r=[];t.passwordHash&&r.push(t.passwordHash.getBinary()),t.keyFileHash&&r.push(t.keyFileHash.getBinary()),e&&r.push(new Uint8Array(e));var i=r.reduce((function(e,t){return e+t.byteLength}),0),n=new Uint8Array(i),o=0;return r.forEach((function(e){n.set(e,o),a.zeroBuffer(e),o+=e.length})),h.sha256(a.arrayToBuffer(n)).then((function(e){return a.zeroBuffer(n),e}))}))}))},u.prototype.getChallengeResponse=function(e){var t=this.challengeResponse;return Promise.resolve().then((function(){return t&&e?t(e).then((function(e){return h.sha256(a.arrayToBuffer(e)).then((function(t){return a.zeroBuffer(e),t}))})):null}))},u.createRandomKeyFile=function(){for(var e=d.getBytes(32),t=d.getBytes(32),r=0;r<32;r++)e[r]^=t[r],e[r]^=1e3*Math.random()%255;var i=a.bytesToBase64(e);return u.createKeyFileWithHash(i)},u.createKeyFileWithHash=function(e){var t='<?xml version="1.0" encoding="utf-8"?>\n<KeyFile>\n    <Meta>\n        <Version>1.00</Version>\n    </Meta>\n    <Key>\n       <Data>'+e+"</Data>\n   </Key>\n</KeyFile>";return a.stringToBytes(t)},e.exports=u},function(e,t,r){"use strict";var i=r(6),n=r(4),o=function(){this.creationTime=void 0,this.lastModTime=void 0,this.lastAccessTime=void 0,this.expiryTime=void 0,this.expires=void 0,this.usageCount=void 0,this.locationChanged=new Date,Object.preventExtensions(this)};o.prototype._readNode=function(e){switch(e.tagName){case i.Elem.CreationTime:this.creationTime=n.getDate(e);break;case i.Elem.LastModTime:this.lastModTime=n.getDate(e);break;case i.Elem.LastAccessTime:this.lastAccessTime=n.getDate(e);break;case i.Elem.ExpiryTime:this.expiryTime=n.getDate(e);break;case i.Elem.Expires:this.expires=n.getBoolean(e);break;case i.Elem.UsageCount:this.usageCount=n.getNumber(e);break;case i.Elem.LocationChanged:this.locationChanged=n.getDate(e)}},o.prototype.clone=function(){var e=new o;return e.creationTime=this.creationTime,e.lastModTime=this.lastModTime,e.lastAccessTime=this.lastAccessTime,e.expiryTime=this.expiryTime,e.expires=this.expires,e.usageCount=this.usageCount,e.locationChanged=this.locationChanged,e},o.prototype.update=function(){var e=new Date;this.lastModTime=e,this.lastAccessTime=e},o.prototype.write=function(e,t){var r=n.addChildNode(e,i.Elem.Times);t.setXmlDate(n.addChildNode(r,i.Elem.CreationTime),this.creationTime),t.setXmlDate(n.addChildNode(r,i.Elem.LastModTime),this.lastModTime),t.setXmlDate(n.addChildNode(r,i.Elem.LastAccessTime),this.lastAccessTime),t.setXmlDate(n.addChildNode(r,i.Elem.ExpiryTime),this.expiryTime),n.setBoolean(n.addChildNode(r,i.Elem.Expires),this.expires),n.setNumber(n.addChildNode(r,i.Elem.UsageCount),this.usageCount),t.setXmlDate(n.addChildNode(r,i.Elem.LocationChanged),this.locationChanged)},o.create=function(){var e=new o,t=new Date;return e.creationTime=t,e.lastModTime=t,e.lastAccessTime=t,e.expiryTime=t,e.expires=!1,e.usageCount=0,e.locationChanged=t,e},o.read=function(e){for(var t=new o,r=0,i=e.childNodes,n=i.length;r<n;r++){var a=i[r];a.tagName&&t._readNode(a)}return t},e.exports=o},function(e,t,r){"use strict";var i=r(9),n=r(6),o=r(4),a=r(1),s=r(15),d=r(7),h=r(27),u=/\s*[;,:]\s*/,l=function(){this.uuid=void 0,this.icon=void 0,this.customIcon=void 0,this.fgColor=void 0,this.bgColor=void 0,this.overrideUrl=void 0,this.tags=[],this.times=new h,this.fields={},this.binaries={},this.autoType={enabled:!0,obfuscation:a.AutoTypeObfuscationOptions.None,defaultSequence:void 0,items:[]},this.history=[],this.parentGroup=void 0,this.customData=void 0,this._editState=void 0,Object.preventExtensions(this)};l.prototype._readNode=function(e,t){switch(e.tagName){case n.Elem.Uuid:this.uuid=o.getUuid(e);break;case n.Elem.Icon:this.icon=o.getNumber(e)||a.Icons.Key;break;case n.Elem.CustomIconID:this.customIcon=o.getUuid(e);break;case n.Elem.FgColor:this.fgColor=o.getText(e);break;case n.Elem.BgColor:this.bgColor=o.getText(e);break;case n.Elem.OverrideUrl:this.overrideUrl=o.getText(e);break;case n.Elem.Tags:this.tags=this._stringToTags(o.getText(e));break;case n.Elem.Times:this.times=h.read(e);break;case n.Elem.String:this._readField(e);break;case n.Elem.Binary:this._readBinary(e,t);break;case n.Elem.AutoType:this._readAutoType(e);break;case n.Elem.History:this._readHistory(e,t);break;case n.Elem.CustomData:this._readCustomData(e)}},l.prototype._readField=function(e){var t=o.getChildNode(e,n.Elem.Key),r=o.getChildNode(e,n.Elem.Value),i=o.getText(t),a=o.getProtectedText(r);i&&(this.fields[i]=a)},l.prototype._writeFields=function(e){var t=this.fields;Object.keys(t).forEach((function(r){var i=t[r];if(null!=i){var a=o.addChildNode(e,n.Elem.String);o.setText(o.addChildNode(a,n.Elem.Key),r),o.setProtectedText(o.addChildNode(a,n.Elem.Value),i)}}))},l.prototype._readBinary=function(e,t){var r=o.getChildNode(e,n.Elem.Key),i=o.getChildNode(e,n.Elem.Value),a=o.getText(r),s=o.getProtectedBinary(i);a&&s&&(s.ref&&(s.ref=t.kdbx.binaries.idToHash[s.ref],s.ref?s.value=t.kdbx.binaries[s.ref]:s=null),s&&(this.binaries[a]=s))},l.prototype._writeBinaries=function(e,t){var r=this.binaries;Object.keys(r).forEach((function(i){var a=r[i];if(a){if(a.ref){var s=t.kdbx.binaries.hashOrder.indexOf(a.ref);if(s<0)return;a={ref:s.toString()}}var d=o.addChildNode(e,n.Elem.Binary);o.setText(o.addChildNode(d,n.Elem.Key),i),o.setProtectedBinary(o.addChildNode(d,n.Elem.Value),a)}}))},l.prototype._stringToTags=function(e){return e?e.split(u).filter((function(e){return e})):[]},l.prototype._readAutoType=function(e){for(var t=0,r=e.childNodes,i=r.length;t<i;t++){var s=r[t];switch(s.tagName){case n.Elem.AutoTypeEnabled:this.autoType.enabled=o.getBoolean(s),"boolean"!=typeof this.autoType.enabled&&(this.autoType.enabled=!0);break;case n.Elem.AutoTypeObfuscation:this.autoType.obfuscation=o.getNumber(s)||a.AutoTypeObfuscationOptions.None;break;case n.Elem.AutoTypeDefaultSeq:this.autoType.defaultSequence=o.getText(s);break;case n.Elem.AutoTypeItem:this._readAutoTypeItem(s)}}},l.prototype._readAutoTypeItem=function(e){for(var t={},r=0,i=e.childNodes,a=i.length;r<a;r++){var s=i[r];switch(s.tagName){case n.Elem.Window:t.window=o.getText(s);break;case n.Elem.KeystrokeSequence:t.keystrokeSequence=o.getText(s)}}this.autoType.items.push(t)},l.prototype._writeAutoType=function(e){var t=o.addChildNode(e,n.Elem.AutoType);o.setBoolean(o.addChildNode(t,n.Elem.AutoTypeEnabled),this.autoType.enabled),o.setNumber(o.addChildNode(t,n.Elem.AutoTypeObfuscation),this.autoType.obfuscation||a.AutoTypeObfuscationOptions.None),this.autoType.defaultSequence&&o.setText(o.addChildNode(t,n.Elem.AutoTypeDefaultSeq),this.autoType.defaultSequence);for(var r=0;r<this.autoType.items.length;r++){var i=this.autoType.items[r],s=o.addChildNode(t,n.Elem.AutoTypeItem);o.setText(o.addChildNode(s,n.Elem.Window),i.window),o.setText(o.addChildNode(s,n.Elem.KeystrokeSequence),i.keystrokeSequence)}},l.prototype._readHistory=function(e,t){for(var r=0,i=e.childNodes,o=i.length;r<o;r++){var a=i[r];switch(a.tagName){case n.Elem.Entry:this.history.push(l.read(a,t))}}},l.prototype._writeHistory=function(e,t){for(var r=o.addChildNode(e,n.Elem.History),i=0;i<this.history.length;i++)this.history[i].write(r,t)},l.prototype._readCustomData=function(e){this.customData=s.read(e)},l.prototype._writeCustomData=function(e){s.write(e,this.customData)},l.prototype._setField=function(e,t,r){this.fields[e]=r?i.fromString(t):t},l.prototype._addHistoryTombstone=function(e,t){this._editState||(this._editState={added:[],deleted:[]}),this._editState[e?"added":"deleted"].push(t.getTime())},l.prototype.write=function(e,t){var r=o.addChildNode(e,n.Elem.Entry);o.setUuid(o.addChildNode(r,n.Elem.Uuid),this.uuid),o.setNumber(o.addChildNode(r,n.Elem.Icon),this.icon||a.Icons.Key),this.customIcon&&o.setUuid(o.addChildNode(r,n.Elem.CustomIconID),this.customIcon),o.setText(o.addChildNode(r,n.Elem.FgColor),this.fgColor),o.setText(o.addChildNode(r,n.Elem.BgColor),this.bgColor),o.setText(o.addChildNode(r,n.Elem.OverrideUrl),this.overrideUrl),o.setText(o.addChildNode(r,n.Elem.Tags),this.tags.join(",")),this.times.write(r,t),this._writeFields(r),this._writeBinaries(r,t),this._writeAutoType(r),this._writeCustomData(r),e.tagName!==n.Elem.History&&this._writeHistory(r,t)},l.prototype.pushHistory=function(){var e=new l;e.copyFrom(this),this.history.push(e),this._addHistoryTombstone(!0,e.times.lastModTime)},l.prototype.removeHistory=function(e,t){void 0===t&&(t=1);for(var r=e;r<e+t;r++)r<this.history.length&&this._addHistoryTombstone(!1,this.history[r].times.lastModTime);this.history.splice(e,t)},l.prototype.copyFrom=function(e){this.uuid=e.uuid,this.icon=e.icon,this.customIcon=e.customIcon,this.fgColor=e.fgColor,this.bgColor=e.bgColor,this.overrideUrl=e.overrideUrl,this.tags=e.tags.slice(),this.times=e.times.clone(),this.fields={},Object.keys(e.fields).forEach((function(t){e.fields[t]instanceof i?this.fields[t]=e.fields[t].clone():this.fields[t]=e.fields[t]}),this),this.binaries={},Object.keys(e.binaries).forEach((function(t){e.binaries[t]instanceof i?this.binaries[t]=e.binaries[t].clone():e.binaries[t]&&e.binaries[t].ref?(this.binaries[t]={ref:e.binaries[t].ref},e.binaries[t].value&&(this.binaries[t].value=e.binaries[t].value)):this.binaries[t]=e.binaries[t]}),this),this.autoType=JSON.parse(JSON.stringify(e.autoType))},l.prototype.merge=function(e){var t=e.remote[this.uuid];if(t){var r=t.history.slice();if(this.times.lastModTime<t.times.lastModTime)this.pushHistory(),this.copyFrom(t);else if(this.times.lastModTime>t.times.lastModTime){if(!this.history.some((function(e){return+e.times.lastModTime==+t.times.lastModTime}))){var i=new l;i.copyFrom(t),r.push(i)}}this.history=this._mergeHistory(r,t.times.lastModTime)}},l.prototype._mergeHistory=function(e,t){this.history.sort((function(e,t){return e.times.lastModTime-t.times.lastModTime})),e.sort((function(e,t){return e.times.lastModTime-t.times.lastModTime}));var r={},i={};this.history.forEach((function(e){r[e.times.lastModTime.getTime()]=e})),e.forEach((function(e){i[e.times.lastModTime.getTime()]=e}));for(var n=0,o=0,a=[];n<this.history.length||o<e.length;){var s=this.history[n],d=e[o],h=s&&s.times.lastModTime.getTime(),u=d&&d.times.lastModTime.getTime();if(h!==u)if(!s||h>u){if(!this._editState||this._editState.deleted.indexOf(u)<0){var c=new l;c.copyFrom(d),a.push(c)}o++}else(this._editState&&this._editState.added.indexOf(h)>=0||h>t)&&a.push(s),n++;else a.push(s),n++,o++}return a},l.create=function(e,t){var r=new l(t);return r.uuid=d.random(),r.icon=a.Icons.Key,r.times=h.create(),r.parentGroup=t,r._setField("Title","",e.memoryProtection.title),r._setField("UserName",e.defaultUser||"",e.memoryProtection.userName),r._setField("Password","",e.memoryProtection.password),r._setField("URL","",e.memoryProtection.url),r._setField("Notes","",e.memoryProtection.notes),r.autoType.enabled="boolean"!=typeof t.enableAutoType||t.enableAutoType,r.autoType.obfuscation=a.AutoTypeObfuscationOptions.None,r},l.read=function(e,t,r){for(var i=new l,n=0,o=e.childNodes,a=o.length;n<a;n++){var s=o[n];s.tagName&&i._readNode(s,t)}if(!i.uuid){i.uuid=d.random();for(var h=0;h<i.history.length;h++)i.history[h].uuid=i.uuid}return i.parentGroup=r,i},e.exports=l},function(e,t,r){e.exports.Kdbx=r(30),e.exports.KdbxUuid=r(7),e.exports.KdbxError=r(2),e.exports.Credentials=r(26),e.exports.Consts=r(1),e.exports.ProtectedValue=r(9),e.exports.ByteUtils=r(0),e.exports.VarDictionary=r(14),e.exports.Int64=r(8),e.exports.Random=r(10),e.exports.CryptoEngine=r(3)},function(e,t,r){"use strict";var i=r(31),n=r(2),o=r(26),a=r(22),s=r(49),d=r(50),h=r(51),u=r(28),l=r(52),c=r(7),f=r(1),p=r(6),m=r(4),y=function(){this.header=void 0,this.credentials=void 0,this.meta=void 0,this.xml=void 0,this.binaries=new d,this.groups=[],this.deletedObjects=[],Object.preventExtensions(this)};y.create=function(e,t){if(!(e instanceof o))throw new n(f.ErrorCodes.InvalidArg,"credentials");var r=new y;return r.credentials=e,r.header=a.create(),r.meta=s.create(),r.meta._name=t,r.createDefaultGroup(),r.createRecycleBin(),r.meta._lastSelectedGroup=r.getDefaultGroup().id,r.meta._lastTopVisibleGroup=r.getDefaultGroup().id,r},y.load=function(e,t){if(!(e instanceof ArrayBuffer))return Promise.reject(new n(f.ErrorCodes.InvalidArg,"data"));if(!(t instanceof o))return Promise.reject(new n(f.ErrorCodes.InvalidArg,"credentials"));var r=new y;return r.credentials=t,new i(r).load(e)},y.loadXml=function(e,t){if("string"!=typeof e)return Promise.reject(new n(f.ErrorCodes.InvalidArg,"data"));if(!(t instanceof o))return Promise.reject(new n(f.ErrorCodes.InvalidArg,"credentials"));var r=new y;return r.credentials=t,new i(r).loadXml(e)},y.prototype.save=function(){return new i(this).save()},y.prototype.saveXml=function(e){return new i(this).saveXml(e)},y.prototype.createDefaultGroup=function(){if(!this.groups.length){var e=h.create(this.meta.name);e.icon=f.Icons.FolderOpen,e.expanded=!0,this.groups.push(e)}},y.prototype.createRecycleBin=function(){if(this.meta.recycleBinEnabled=!0,!this.meta.recycleBinUuid||!this.getGroup(this.meta.recycleBinUuid)){var e=this.getDefaultGroup(),t=h.create(f.Defaults.RecycleBinName,e);t.icon=f.Icons.TrashBin,t.enableAutoType=!1,t.enableSearching=!1,this.meta.recycleBinUuid=t.uuid,e.groups.push(t)}},y.prototype.createGroup=function(e,t){var r=h.create(t,e);return e.groups.push(r),r},y.prototype.createEntry=function(e){var t=u.create(this.meta,e);return e.entries.push(t),t},y.prototype.getDefaultGroup=function(){return this.groups[0]},y.prototype.getGroup=function(e,t){for(var r=t?t.groups:this.groups,i=0;i<r.length;i++){if(r[i].uuid.id===e.id)return r[i];var n=this.getGroup(e,r[i]);if(n)return n}},y.prototype.move=function(e,t,r){var i=e instanceof h?"groups":"entries",n=e.parentGroup[i],o=n.indexOf(e);if(!(o<0)){if(n.splice(o,1),t)"number"==typeof r&&r>=0?t[i].splice(r,0,e):t[i].push(e);else{var a=new Date;e instanceof h?e.forEach((function(e,t){this.addDeletedObject((e||t).uuid,a)}),this):this.addDeletedObject(e.uuid,a)}e.parentGroup=t,e.times.locationChanged=new Date}},y.prototype.addDeletedObject=function(e,t){var r=new l;r.uuid=e,r.deletionTime=t,this.deletedObjects.push(r)},y.prototype.remove=function(e){var t=null;this.meta.recycleBinEnabled&&(this.createRecycleBin(),t=this.getGroup(this.meta.recycleBinUuid)),this.move(e,t)},y.prototype.createBinary=function(e){return this.binaries.add(e)},y.prototype.importEntry=function(e,t,r){var i=new u,n=c.random();i.copyFrom(e),i.uuid=n,e.history.forEach((function(e){var t=new u;t.copyFrom(e),t.uuid=n,i.history.push(t)}));var o={},a={};return i.history.concat(i).forEach((function(e){e.customIcon&&(a[e.customIcon]=e.customIcon),Object.values(e.binaries).forEach((function(e){e.ref&&(o[e.ref]=e)}))})),Object.values(o).forEach((function(e){var t=r.binaries[e.ref];t&&!this.binaries[e.ref]&&(this.binaries[e.ref]=t)}),this),Object.values(a).forEach((function(e){var t=r.meta.customIcons[e];t&&(this.meta.customIcons[e]=t)}),this),t.entries.push(i),i.parentGroup=t,i.times.update(),i},y.prototype.cleanup=function(e){var t=new Date,r=e&&e.historyRules&&"number"==typeof this.meta.historyMaxItems&&this.meta.historyMaxItems>=0?this.meta.historyMaxItems:1/0,i={},n={},o=function(e){e&&e.customIcon&&(i[e.customIcon]=!0),e&&e.binaries&&Object.keys(e.binaries).forEach((function(t){e.binaries[t]&&e.binaries[t].ref&&(n[e.binaries[t].ref]=!0)}))};this.getDefaultGroup().forEach((function(e,t){e&&e.history.length>r&&e.removeHistory(0,e.history.length-r),e&&o(e),e&&e.history&&e.history.forEach((function(e){o(e)})),t&&t.customIcon&&(i[t.customIcon]=!0)})),e&&e.customIcons&&Object.keys(this.meta.customIcons).forEach((function(e){if(!i[e]){var r=new c(e);this.addDeletedObject(r,t),delete this.meta.customIcons[e]}}),this),e&&e.binaries&&Object.keys(this.binaries).forEach((function(e){n[e]||delete this.binaries[e]}),this)},y.prototype.merge=function(e){var t=this.getDefaultGroup(),r=e.getDefaultGroup();if(!t||!r)throw new n(f.ErrorCodes.MergeError,"no default group");if(!t.uuid.equals(r.uuid))throw new n(f.ErrorCodes.MergeError,"default group is different");var i=this._getObjectMap();e.deletedObjects.forEach((function(e){i.deleted[e.uuid]||(this.deletedObjects.push(e),i.deleted[e.uuid]=e.deletionTime)}),this),Object.keys(e.binaries).forEach((function(t){this.binaries[t]||i.deleted[t]||(this.binaries[t]=e.binaries[t])}),this),i.remote=e._getObjectMap().objects,this.meta.merge(e.meta,i),t.merge(i),this.cleanup({historyRules:!0,customIcons:!0,binaries:!0})},y.prototype.getLocalEditState=function(){var e={};return this.getDefaultGroup().forEach((function(t){t&&t._editState&&(e[t.uuid]=t._editState)})),this.meta._editState&&(e.meta=this.meta._editState),e},y.prototype.setLocalEditState=function(e){this.getDefaultGroup().forEach((function(t){t&&e[t.uuid]&&(t._editState=e[t.uuid])})),e.meta&&(this.meta._editState=e.meta)},y.prototype.removeLocalEditState=function(){this.getDefaultGroup().forEach((function(e){e&&(e._editState=void 0)})),this.meta._editState=void 0},y.prototype.upgrade=function(){this.setVersion(a.MaxFileVersion)},y.prototype.setVersion=function(e){this.meta.headerHash=null,this.meta.settingsChanged=new Date,this.header.setVersion(e)},y.prototype.setKdf=function(e){this.meta.headerHash=null,this.meta.settingsChanged=new Date,this.header.setKdf(e)},y.prototype._getObjectMap=function(){var e={},t={};return this.getDefaultGroup().forEach((function(t,r){var i=t||r;if(e[i.uuid])throw new n(f.ErrorCodes.MergeError,"Duplicate: "+i.uuid);e[i.uuid]=i})),this.deletedObjects.forEach((function(e){t[e.uuid]=e.deletionTime})),{objects:e,deleted:t}},y.prototype._loadFromXml=function(e){if(this.xml.documentElement.tagName!==p.Elem.DocNode)throw new n(f.ErrorCodes.FileCorrupt,"bad xml root");this._parseMeta(e);var t=this;return this.binaries.hash().then((function(){return t._parseRoot(e),t}))},y.prototype._parseMeta=function(e){var t=m.getChildNode(this.xml.documentElement,p.Elem.Meta,"no meta node");this.meta=s.read(t,e)},y.prototype._parseRoot=function(e){this.groups=[],this.deletedObjects=[];for(var t=0,r=m.getChildNode(this.xml.documentElement,p.Elem.Root,"no root node").childNodes,i=r.length;t<i;t++){var n=r[t];switch(n.tagName){case p.Elem.Group:this._readGroup(n,e);break;case p.Elem.DeletedObjects:this._readDeletedObjects(n)}}},y.prototype._readDeletedObjects=function(e){for(var t=0,r=e.childNodes,i=r.length;t<i;t++){var n=r[t];switch(n.tagName){case p.Elem.DeletedObject:this.deletedObjects.push(l.read(n))}}},y.prototype._readGroup=function(e,t){this.groups.push(h.read(e,t))},y.prototype._buildXml=function(e){var t=m.create(p.Elem.DocNode);this.meta.write(t.documentElement,e);var r=m.addChildNode(t.documentElement,p.Elem.Root);this.groups.forEach((function(t){t.write(r,e)}),this);var i=m.addChildNode(r,p.Elem.DeletedObjects);this.deletedObjects.forEach((function(t){t.write(i,e)}),this),this.xml=t},e.exports=y},function(e,t,r){"use strict";var i=r(16),n=r(2),o=r(22),a=r(43),s=r(3),d=r(11),h=r(0),u=r(4),l=r(8),c=r(1),f=r(45),p=r(46),m=r(47),y=r(25),g=r(48),_=function(e){this.kdbx=e};_.prototype.load=function(e){var t=new d(e),r=this.kdbx,i=this;return i.ctx=new a({kdbx:r}),r.credentials.ready.then((function(){if(r.header=o.read(t,i.ctx),3===r.header.versionMajor)return i._loadV3(t);if(4===r.header.versionMajor)return i._loadV4(t);throw new n(c.ErrorCodes.InvalidVersion,"bad version: "+r.header.versionMajor)}))},_.prototype._loadV3=function(e){var t=this.kdbx,r=this;return r._decryptXmlV3(t,e).then((function(i){return t.xml=u.parse(i),r._setProtectedValues().then((function(){return t._loadFromXml(r.ctx).then((function(){return r._checkHeaderHashV3(e).then((function(){return t}))}))}))}))},_.prototype._loadV4=function(e){var t=this;return t._getHeaderHash(e).then((function(r){var o=e.readBytes(r.byteLength);if(!h.arrayBufferEquals(o,r))throw new n(c.ErrorCodes.FileCorrupt,"header hash mismatch");return t._computeKeysV4().then((function(r){return t._getHeaderHmac(e,r.hmacKey).then((function(o){var a=e.readBytes(o.byteLength);if(!h.arrayBufferEquals(a,o))throw new n(c.ErrorCodes.InvalidKey);return p.decrypt(e.readBytesToEnd(),r.hmacKey).then((function(n){return h.zeroBuffer(r.hmacKey),t._decryptData(n,r.cipherKey).then((function(n){h.zeroBuffer(r.cipherKey),t.kdbx.header.compression===c.CompressionAlgorithm.GZip&&(n=i.ungzip(n)),e=new d(h.arrayToBuffer(n)),t.kdbx.header.readInnerHeader(e,t.ctx),n=e.readBytesToEnd();var o=h.bytesToString(n);return t.kdbx.xml=u.parse(o),t._setProtectedValues().then((function(){return t.kdbx._loadFromXml(t.ctx)}))}))}))}))}))}))},_.prototype.loadXml=function(e){var t=this.kdbx,r=new a({kdbx:t});return t.credentials.ready.then((function(){return t.header=o.create(),t.xml=u.parse(e),u.protectPlainValues(t.xml.documentElement),t._loadFromXml(r)}))},_.prototype.save=function(){var e=this.kdbx,t=this;return t.ctx=new a({kdbx:e}),e.binaries.assignIds(),e.credentials.ready.then((function(){var r=new d;if(e.header.generateSalts(),e.header.write(r),3===e.header.versionMajor)return t._saveV3(r);if(4===e.header.versionMajor)return t._saveV4(r);throw new n(c.ErrorCodes.InvalidVersion,"bad version: "+e.header.versionMajor)}))},_.prototype._saveV3=function(e){var t=this;return t._getHeaderHash(e).then((function(r){return t.kdbx.meta.headerHash=r,t.kdbx._buildXml(t.ctx),t._getProtectSaltGenerator().then((function(r){return u.updateProtectedValuesSalt(t.kdbx.xml.documentElement,r),t._encryptXmlV3().then((function(t){return e.writeBytes(t),e.getWrittenBytes()}))}))}))},_.prototype._saveV4=function(e){var t=this;return t.kdbx._buildXml(t.ctx),t._getHeaderHash(e).then((function(r){return e.writeBytes(r),t._computeKeysV4().then((function(r){return t._getHeaderHmac(e,r.hmacKey).then((function(n){return e.writeBytes(n),t._getProtectSaltGenerator().then((function(n){u.updateProtectedValuesSalt(t.kdbx.xml.documentElement,n);var o=u.serialize(t.kdbx.xml),a=new d;t.kdbx.header.writeInnerHeader(a,t.ctx);var s=a.getWrittenBytes(),l=h.arrayToBuffer(h.stringToBytes(o)),f=new ArrayBuffer(s.byteLength+l.byteLength),m=new Uint8Array(f);return m.set(new Uint8Array(s)),m.set(new Uint8Array(l),s.byteLength),h.zeroBuffer(l),h.zeroBuffer(s),t.kdbx.header.compression===c.CompressionAlgorithm.GZip&&(f=i.gzip(f)),t._encryptData(h.arrayToBuffer(f),r.cipherKey).then((function(t){return h.zeroBuffer(r.cipherKey),p.encrypt(t,r.hmacKey).then((function(t){return h.zeroBuffer(r.hmacKey),e.writeBytes(t),e.getWrittenBytes()}))}))}))}))}))}))},_.prototype.saveXml=function(e){var t=this.kdbx;return t.credentials.ready.then((function(){t.header.generateSalts();var r=new a({kdbx:t,exportXml:!0});t.binaries.assignIds(),t._buildXml(r),u.unprotectValues(t.xml.documentElement);var i=u.serialize(t.xml,e);return u.protectUnprotectedValues(t.xml.documentElement),i}))},_.prototype._decryptXmlV3=function(e,t){var r=t.readBytesToEnd(),n=this;return n._getMasterKeyV3().then((function(e){return n._decryptData(r,e).then((function(t){return h.zeroBuffer(e),t=n._trimStartBytesV3(t),f.decrypt(t).then((function(e){return n.kdbx.header.compression===c.CompressionAlgorithm.GZip&&(e=i.ungzip(e)),h.bytesToString(e)}))}))}))},_.prototype._encryptXmlV3=function(){var e=this.kdbx,t=this,r=u.serialize(e.xml),n=h.arrayToBuffer(h.stringToBytes(r));return e.header.compression===c.CompressionAlgorithm.GZip&&(n=i.gzip(n)),f.encrypt(h.arrayToBuffer(n)).then((function(r){var i=new Uint8Array(e.header.streamStartBytes),n=new Uint8Array(r.byteLength+i.length);return n.set(i),n.set(new Uint8Array(r),i.length),r=n,t._getMasterKeyV3().then((function(e){return t._encryptData(h.arrayToBuffer(r),e).then((function(t){return h.zeroBuffer(e),t}))}))}))},_.prototype._getMasterKeyV3=function(){var e=this.kdbx;return e.credentials.getHash().then((function(t){var r=e.header.transformSeed,i=e.header.keyEncryptionRounds,n=e.header.masterSeed;return e.credentials.getChallengeResponse(n).then((function(e){return y.encrypt(new Uint8Array(t),r,i).then((function(r){return h.zeroBuffer(t),s.sha256(r).then((function(t){h.zeroBuffer(r);var i=e?e.byteLength:0,o=new Uint8Array(n.byteLength+t.byteLength+i);return o.set(new Uint8Array(n),0),e&&o.set(new Uint8Array(e),n.byteLength),o.set(new Uint8Array(t),n.byteLength+i),h.zeroBuffer(t),h.zeroBuffer(n),e&&h.zeroBuffer(e),s.sha256(o.buffer).then((function(e){return h.zeroBuffer(o.buffer),e}))}))}))}))}))},_.prototype._trimStartBytesV3=function(e){var t=this.kdbx.header.streamStartBytes;if(e.byteLength<t.byteLength)throw new n(c.ErrorCodes.FileCorrupt,"short start bytes");if(!h.arrayBufferEquals(e.slice(0,this.kdbx.header.streamStartBytes.byteLength),t))throw new n(c.ErrorCodes.InvalidKey);return e.slice(t.byteLength)},_.prototype._setProtectedValues=function(){var e=this.kdbx;return this._getProtectSaltGenerator().then((function(t){u.setProtectedValues(e.xml.documentElement,t)}))},_.prototype._getProtectSaltGenerator=function(){return m.create(this.kdbx.header.protectedStreamKey,this.kdbx.header.crsAlgorithm)},_.prototype._getHeaderHash=function(e){var t=e.readBytesNoAdvance(0,this.kdbx.header.endPos);return s.sha256(t)},_.prototype._getHeaderHmac=function(e,t){var r=e.readBytesNoAdvance(0,this.kdbx.header.endPos);return p.getHmacKey(t,new l(4294967295,4294967295)).then((function(e){return s.hmacSha256(e,r)}))},_.prototype._checkHeaderHashV3=function(e){if(this.kdbx.meta.headerHash){var t=this.kdbx.meta.headerHash;return this._getHeaderHash(e).then((function(e){if(!h.arrayBufferEquals(t,e))throw new n(c.ErrorCodes.FileCorrupt,"header hash mismatch")}))}return Promise.resolve()},_.prototype._computeKeysV4=function(){var e=this,t=e.kdbx.header.masterSeed;if(!t||32!==t.byteLength)return Promise.reject(new n(c.ErrorCodes.FileCorrupt,"bad master seed"));var r=e.kdbx.header.kdfParameters,i=r.get("S");return e.kdbx.credentials.getHash(i).then((function(e){return g.encrypt(e,r).then((function(r){if(h.zeroBuffer(e),!r||32!==r.byteLength)return Promise.reject(new n(c.ErrorCodes.Unsupported,"bad derived key"));var i=new Uint8Array(65);return i.set(new Uint8Array(t),0),i.set(new Uint8Array(r),t.byteLength),i[64]=1,h.zeroBuffer(r),h.zeroBuffer(t),Promise.all([s.sha256(i.buffer.slice(0,64)),s.sha512(i.buffer)]).then((function(e){return h.zeroBuffer(i),{cipherKey:e[0],hmacKey:e[1]}}))}))}))},_.prototype._decryptData=function(e,t){switch(this.kdbx.header.dataCipherUuid.toString()){case c.CipherId.Aes:return this._transformDataV4Aes(e,t,!1);case c.CipherId.ChaCha20:return this._transformDataV4ChaCha20(e,t);default:return Promise.reject(new n(c.ErrorCodes.Unsupported,"unsupported cipher"))}},_.prototype._encryptData=function(e,t){switch(this.kdbx.header.dataCipherUuid.toString()){case c.CipherId.Aes:return this._transformDataV4Aes(e,t,!0);case c.CipherId.ChaCha20:return this._transformDataV4ChaCha20(e,t);default:return Promise.reject(new n(c.ErrorCodes.Unsupported,"unsupported cipher"))}},_.prototype._transformDataV4Aes=function(e,t,r){var i=this,n=s.createAesCbc();return n.importKey(t).then((function(){return r?n.encrypt(e,i.kdbx.header.encryptionIV):n.decrypt(e,i.kdbx.header.encryptionIV)}))},_.prototype._transformDataV4ChaCha20=function(e,t){return s.chacha20(e,t,this.kdbx.header.encryptionIV)},e.exports=_},function(e,t,r){"use strict";var i=r(33),n=r(5),o=r(19),a=r(12),s=r(20),d=Object.prototype.toString;function h(e){if(!(this instanceof h))return new h(e);this.options=n.assign({level:-1,method:8,chunkSize:16384,windowBits:15,memLevel:8,strategy:0,to:""},e||{});var t=this.options;t.raw&&t.windowBits>0?t.windowBits=-t.windowBits:t.gzip&&t.windowBits>0&&t.windowBits<16&&(t.windowBits+=16),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new s,this.strm.avail_out=0;var r=i.deflateInit2(this.strm,t.level,t.method,t.windowBits,t.memLevel,t.strategy);if(0!==r)throw new Error(a[r]);if(t.header&&i.deflateSetHeader(this.strm,t.header),t.dictionary){var u;if(u="string"==typeof t.dictionary?o.string2buf(t.dictionary):"[object ArrayBuffer]"===d.call(t.dictionary)?new Uint8Array(t.dictionary):t.dictionary,0!==(r=i.deflateSetDictionary(this.strm,u)))throw new Error(a[r]);this._dict_set=!0}}function u(e,t){var r=new h(t);if(r.push(e,!0),r.err)throw r.msg;return r.result}h.prototype.push=function(e,t){var r,a,s=this.strm,h=this.options.chunkSize;if(this.ended)return!1;a=t===~~t?t:!0===t?4:0,"string"==typeof e?s.input=o.string2buf(e):"[object ArrayBuffer]"===d.call(e)?s.input=new Uint8Array(e):s.input=e,s.next_in=0,s.avail_in=s.input.length;do{if(0===s.avail_out&&(s.output=new n.Buf8(h),s.next_out=0,s.avail_out=h),1!==(r=i.deflate(s,a))&&0!==r)return this.onEnd(r),this.ended=!0,!1;0!==s.avail_out&&(0!==s.avail_in||4!==a&&2!==a)||("string"===this.options.to?this.onData(o.buf2binstring(n.shrinkBuf(s.output,s.next_out))):this.onData(n.shrinkBuf(s.output,s.next_out)))}while((s.avail_in>0||0===s.avail_out)&&1!==r);return 4===a?(r=i.deflateEnd(this.strm),this.onEnd(r),this.ended=!0,0===r):2!==a||(this.onEnd(0),s.avail_out=0,!0)},h.prototype.onData=function(e){this.chunks.push(e)},h.prototype.onEnd=function(e){0===e&&("string"===this.options.to?this.result=this.chunks.join(""):this.result=n.flattenChunks(this.chunks)),this.chunks=[],this.err=e,this.msg=this.strm.msg},t.Deflate=h,t.deflate=u,t.deflateRaw=function(e,t){return(t=t||{}).raw=!0,u(e,t)},t.gzip=function(e,t){return(t=t||{}).gzip=!0,u(e,t)}},function(e,t,r){"use strict";var i,n=r(5),o=r(34),a=r(17),s=r(18),d=r(12),h=-2,u=258,l=262,c=103,f=113,p=666;function m(e,t){return e.msg=d[t],t}function y(e){return(e<<1)-(e>4?9:0)}function g(e){for(var t=e.length;--t>=0;)e[t]=0}function _(e){var t=e.state,r=t.pending;r>e.avail_out&&(r=e.avail_out),0!==r&&(n.arraySet(e.output,t.pending_buf,t.pending_out,r,e.next_out),e.next_out+=r,t.pending_out+=r,e.total_out+=r,e.avail_out-=r,t.pending-=r,0===t.pending&&(t.pending_out=0))}function b(e,t){o._tr_flush_block(e,e.block_start>=0?e.block_start:-1,e.strstart-e.block_start,t),e.block_start=e.strstart,_(e.strm)}function v(e,t){e.pending_buf[e.pending++]=t}function w(e,t){e.pending_buf[e.pending++]=t>>>8&255,e.pending_buf[e.pending++]=255&t}function k(e,t){var r,i,n=e.max_chain_length,o=e.strstart,a=e.prev_length,s=e.nice_match,d=e.strstart>e.w_size-l?e.strstart-(e.w_size-l):0,h=e.window,c=e.w_mask,f=e.prev,p=e.strstart+u,m=h[o+a-1],y=h[o+a];e.prev_length>=e.good_match&&(n>>=2),s>e.lookahead&&(s=e.lookahead);do{if(h[(r=t)+a]===y&&h[r+a-1]===m&&h[r]===h[o]&&h[++r]===h[o+1]){o+=2,r++;do{}while(h[++o]===h[++r]&&h[++o]===h[++r]&&h[++o]===h[++r]&&h[++o]===h[++r]&&h[++o]===h[++r]&&h[++o]===h[++r]&&h[++o]===h[++r]&&h[++o]===h[++r]&&o<p);if(i=u-(p-o),o=p-u,i>a){if(e.match_start=t,a=i,i>=s)break;m=h[o+a-1],y=h[o+a]}}}while((t=f[t&c])>d&&0!=--n);return a<=e.lookahead?a:e.lookahead}function C(e){var t,r,i,o,d,h,u,c,f,p,m=e.w_size;do{if(o=e.window_size-e.lookahead-e.strstart,e.strstart>=m+(m-l)){n.arraySet(e.window,e.window,m,m,0),e.match_start-=m,e.strstart-=m,e.block_start-=m,t=r=e.hash_size;do{i=e.head[--t],e.head[t]=i>=m?i-m:0}while(--r);t=r=m;do{i=e.prev[--t],e.prev[t]=i>=m?i-m:0}while(--r);o+=m}if(0===e.strm.avail_in)break;if(h=e.strm,u=e.window,c=e.strstart+e.lookahead,f=o,p=void 0,(p=h.avail_in)>f&&(p=f),r=0===p?0:(h.avail_in-=p,n.arraySet(u,h.input,h.next_in,p,c),1===h.state.wrap?h.adler=a(h.adler,u,p,c):2===h.state.wrap&&(h.adler=s(h.adler,u,p,c)),h.next_in+=p,h.total_in+=p,p),e.lookahead+=r,e.lookahead+e.insert>=3)for(d=e.strstart-e.insert,e.ins_h=e.window[d],e.ins_h=(e.ins_h<<e.hash_shift^e.window[d+1])&e.hash_mask;e.insert&&(e.ins_h=(e.ins_h<<e.hash_shift^e.window[d+3-1])&e.hash_mask,e.prev[d&e.w_mask]=e.head[e.ins_h],e.head[e.ins_h]=d,d++,e.insert--,!(e.lookahead+e.insert<3)););}while(e.lookahead<l&&0!==e.strm.avail_in)}function x(e,t){for(var r,i;;){if(e.lookahead<l){if(C(e),e.lookahead<l&&0===t)return 1;if(0===e.lookahead)break}if(r=0,e.lookahead>=3&&(e.ins_h=(e.ins_h<<e.hash_shift^e.window[e.strstart+3-1])&e.hash_mask,r=e.prev[e.strstart&e.w_mask]=e.head[e.ins_h],e.head[e.ins_h]=e.strstart),0!==r&&e.strstart-r<=e.w_size-l&&(e.match_length=k(e,r)),e.match_length>=3)if(i=o._tr_tally(e,e.strstart-e.match_start,e.match_length-3),e.lookahead-=e.match_length,e.match_length<=e.max_lazy_match&&e.lookahead>=3){e.match_length--;do{e.strstart++,e.ins_h=(e.ins_h<<e.hash_shift^e.window[e.strstart+3-1])&e.hash_mask,r=e.prev[e.strstart&e.w_mask]=e.head[e.ins_h],e.head[e.ins_h]=e.strstart}while(0!=--e.match_length);e.strstart++}else e.strstart+=e.match_length,e.match_length=0,e.ins_h=e.window[e.strstart],e.ins_h=(e.ins_h<<e.hash_shift^e.window[e.strstart+1])&e.hash_mask;else i=o._tr_tally(e,0,e.window[e.strstart]),e.lookahead--,e.strstart++;if(i&&(b(e,!1),0===e.strm.avail_out))return 1}return e.insert=e.strstart<2?e.strstart:2,4===t?(b(e,!0),0===e.strm.avail_out?3:4):e.last_lit&&(b(e,!1),0===e.strm.avail_out)?1:2}function E(e,t){for(var r,i,n;;){if(e.lookahead<l){if(C(e),e.lookahead<l&&0===t)return 1;if(0===e.lookahead)break}if(r=0,e.lookahead>=3&&(e.ins_h=(e.ins_h<<e.hash_shift^e.window[e.strstart+3-1])&e.hash_mask,r=e.prev[e.strstart&e.w_mask]=e.head[e.ins_h],e.head[e.ins_h]=e.strstart),e.prev_length=e.match_length,e.prev_match=e.match_start,e.match_length=2,0!==r&&e.prev_length<e.max_lazy_match&&e.strstart-r<=e.w_size-l&&(e.match_length=k(e,r),e.match_length<=5&&(1===e.strategy||3===e.match_length&&e.strstart-e.match_start>4096)&&(e.match_length=2)),e.prev_length>=3&&e.match_length<=e.prev_length){n=e.strstart+e.lookahead-3,i=o._tr_tally(e,e.strstart-1-e.prev_match,e.prev_length-3),e.lookahead-=e.prev_length-1,e.prev_length-=2;do{++e.strstart<=n&&(e.ins_h=(e.ins_h<<e.hash_shift^e.window[e.strstart+3-1])&e.hash_mask,r=e.prev[e.strstart&e.w_mask]=e.head[e.ins_h],e.head[e.ins_h]=e.strstart)}while(0!=--e.prev_length);if(e.match_available=0,e.match_length=2,e.strstart++,i&&(b(e,!1),0===e.strm.avail_out))return 1}else if(e.match_available){if((i=o._tr_tally(e,0,e.window[e.strstart-1]))&&b(e,!1),e.strstart++,e.lookahead--,0===e.strm.avail_out)return 1}else e.match_available=1,e.strstart++,e.lookahead--}return e.match_available&&(i=o._tr_tally(e,0,e.window[e.strstart-1]),e.match_available=0),e.insert=e.strstart<2?e.strstart:2,4===t?(b(e,!0),0===e.strm.avail_out?3:4):e.last_lit&&(b(e,!1),0===e.strm.avail_out)?1:2}function B(e,t,r,i,n){this.good_length=e,this.max_lazy=t,this.nice_length=r,this.max_chain=i,this.func=n}function T(){this.strm=null,this.status=0,this.pending_buf=null,this.pending_buf_size=0,this.pending_out=0,this.pending=0,this.wrap=0,this.gzhead=null,this.gzindex=0,this.method=8,this.last_flush=-1,this.w_size=0,this.w_bits=0,this.w_mask=0,this.window=null,this.window_size=0,this.prev=null,this.head=null,this.ins_h=0,this.hash_size=0,this.hash_bits=0,this.hash_mask=0,this.hash_shift=0,this.block_start=0,this.match_length=0,this.prev_match=0,this.match_available=0,this.strstart=0,this.match_start=0,this.lookahead=0,this.prev_length=0,this.max_chain_length=0,this.max_lazy_match=0,this.level=0,this.strategy=0,this.good_match=0,this.nice_match=0,this.dyn_ltree=new n.Buf16(1146),this.dyn_dtree=new n.Buf16(122),this.bl_tree=new n.Buf16(78),g(this.dyn_ltree),g(this.dyn_dtree),g(this.bl_tree),this.l_desc=null,this.d_desc=null,this.bl_desc=null,this.bl_count=new n.Buf16(16),this.heap=new n.Buf16(573),g(this.heap),this.heap_len=0,this.heap_max=0,this.depth=new n.Buf16(573),g(this.depth),this.l_buf=0,this.lit_bufsize=0,this.last_lit=0,this.d_buf=0,this.opt_len=0,this.static_len=0,this.matches=0,this.insert=0,this.bi_buf=0,this.bi_valid=0}function A(e){var t;return e&&e.state?(e.total_in=e.total_out=0,e.data_type=2,(t=e.state).pending=0,t.pending_out=0,t.wrap<0&&(t.wrap=-t.wrap),t.status=t.wrap?42:f,e.adler=2===t.wrap?0:1,t.last_flush=0,o._tr_init(t),0):m(e,h)}function S(e){var t,r=A(e);return 0===r&&((t=e.state).window_size=2*t.w_size,g(t.head),t.max_lazy_match=i[t.level].max_lazy,t.good_match=i[t.level].good_length,t.nice_match=i[t.level].nice_length,t.max_chain_length=i[t.level].max_chain,t.strstart=0,t.block_start=0,t.lookahead=0,t.insert=0,t.match_length=t.prev_length=2,t.match_available=0,t.ins_h=0),r}function U(e,t,r,i,o,a){if(!e)return h;var s=1;if(-1===t&&(t=6),i<0?(s=0,i=-i):i>15&&(s=2,i-=16),o<1||o>9||8!==r||i<8||i>15||t<0||t>9||a<0||a>4)return m(e,h);8===i&&(i=9);var d=new T;return e.state=d,d.strm=e,d.wrap=s,d.gzhead=null,d.w_bits=i,d.w_size=1<<d.w_bits,d.w_mask=d.w_size-1,d.hash_bits=o+7,d.hash_size=1<<d.hash_bits,d.hash_mask=d.hash_size-1,d.hash_shift=~~((d.hash_bits+3-1)/3),d.window=new n.Buf8(2*d.w_size),d.head=new n.Buf16(d.hash_size),d.prev=new n.Buf16(d.w_size),d.lit_bufsize=1<<o+6,d.pending_buf_size=4*d.lit_bufsize,d.pending_buf=new n.Buf8(d.pending_buf_size),d.d_buf=1*d.lit_bufsize,d.l_buf=3*d.lit_bufsize,d.level=t,d.strategy=a,d.method=r,S(e)}i=[new B(0,0,0,0,(function(e,t){var r=65535;for(r>e.pending_buf_size-5&&(r=e.pending_buf_size-5);;){if(e.lookahead<=1){if(C(e),0===e.lookahead&&0===t)return 1;if(0===e.lookahead)break}e.strstart+=e.lookahead,e.lookahead=0;var i=e.block_start+r;if((0===e.strstart||e.strstart>=i)&&(e.lookahead=e.strstart-i,e.strstart=i,b(e,!1),0===e.strm.avail_out))return 1;if(e.strstart-e.block_start>=e.w_size-l&&(b(e,!1),0===e.strm.avail_out))return 1}return e.insert=0,4===t?(b(e,!0),0===e.strm.avail_out?3:4):(e.strstart>e.block_start&&(b(e,!1),e.strm.avail_out),1)})),new B(4,4,8,4,x),new B(4,5,16,8,x),new B(4,6,32,32,x),new B(4,4,16,16,E),new B(8,16,32,32,E),new B(8,16,128,128,E),new B(8,32,128,256,E),new B(32,128,258,1024,E),new B(32,258,258,4096,E)],t.deflateInit=function(e,t){return U(e,t,8,15,8,0)},t.deflateInit2=U,t.deflateReset=S,t.deflateResetKeep=A,t.deflateSetHeader=function(e,t){return e&&e.state?2!==e.state.wrap?h:(e.state.gzhead=t,0):h},t.deflate=function(e,t){var r,n,a,d;if(!e||!e.state||t>5||t<0)return e?m(e,h):h;if(n=e.state,!e.output||!e.input&&0!==e.avail_in||n.status===p&&4!==t)return m(e,0===e.avail_out?-5:h);if(n.strm=e,r=n.last_flush,n.last_flush=t,42===n.status)if(2===n.wrap)e.adler=0,v(n,31),v(n,139),v(n,8),n.gzhead?(v(n,(n.gzhead.text?1:0)+(n.gzhead.hcrc?2:0)+(n.gzhead.extra?4:0)+(n.gzhead.name?8:0)+(n.gzhead.comment?16:0)),v(n,255&n.gzhead.time),v(n,n.gzhead.time>>8&255),v(n,n.gzhead.time>>16&255),v(n,n.gzhead.time>>24&255),v(n,9===n.level?2:n.strategy>=2||n.level<2?4:0),v(n,255&n.gzhead.os),n.gzhead.extra&&n.gzhead.extra.length&&(v(n,255&n.gzhead.extra.length),v(n,n.gzhead.extra.length>>8&255)),n.gzhead.hcrc&&(e.adler=s(e.adler,n.pending_buf,n.pending,0)),n.gzindex=0,n.status=69):(v(n,0),v(n,0),v(n,0),v(n,0),v(n,0),v(n,9===n.level?2:n.strategy>=2||n.level<2?4:0),v(n,3),n.status=f);else{var l=8+(n.w_bits-8<<4)<<8;l|=(n.strategy>=2||n.level<2?0:n.level<6?1:6===n.level?2:3)<<6,0!==n.strstart&&(l|=32),l+=31-l%31,n.status=f,w(n,l),0!==n.strstart&&(w(n,e.adler>>>16),w(n,65535&e.adler)),e.adler=1}if(69===n.status)if(n.gzhead.extra){for(a=n.pending;n.gzindex<(65535&n.gzhead.extra.length)&&(n.pending!==n.pending_buf_size||(n.gzhead.hcrc&&n.pending>a&&(e.adler=s(e.adler,n.pending_buf,n.pending-a,a)),_(e),a=n.pending,n.pending!==n.pending_buf_size));)v(n,255&n.gzhead.extra[n.gzindex]),n.gzindex++;n.gzhead.hcrc&&n.pending>a&&(e.adler=s(e.adler,n.pending_buf,n.pending-a,a)),n.gzindex===n.gzhead.extra.length&&(n.gzindex=0,n.status=73)}else n.status=73;if(73===n.status)if(n.gzhead.name){a=n.pending;do{if(n.pending===n.pending_buf_size&&(n.gzhead.hcrc&&n.pending>a&&(e.adler=s(e.adler,n.pending_buf,n.pending-a,a)),_(e),a=n.pending,n.pending===n.pending_buf_size)){d=1;break}d=n.gzindex<n.gzhead.name.length?255&n.gzhead.name.charCodeAt(n.gzindex++):0,v(n,d)}while(0!==d);n.gzhead.hcrc&&n.pending>a&&(e.adler=s(e.adler,n.pending_buf,n.pending-a,a)),0===d&&(n.gzindex=0,n.status=91)}else n.status=91;if(91===n.status)if(n.gzhead.comment){a=n.pending;do{if(n.pending===n.pending_buf_size&&(n.gzhead.hcrc&&n.pending>a&&(e.adler=s(e.adler,n.pending_buf,n.pending-a,a)),_(e),a=n.pending,n.pending===n.pending_buf_size)){d=1;break}d=n.gzindex<n.gzhead.comment.length?255&n.gzhead.comment.charCodeAt(n.gzindex++):0,v(n,d)}while(0!==d);n.gzhead.hcrc&&n.pending>a&&(e.adler=s(e.adler,n.pending_buf,n.pending-a,a)),0===d&&(n.status=c)}else n.status=c;if(n.status===c&&(n.gzhead.hcrc?(n.pending+2>n.pending_buf_size&&_(e),n.pending+2<=n.pending_buf_size&&(v(n,255&e.adler),v(n,e.adler>>8&255),e.adler=0,n.status=f)):n.status=f),0!==n.pending){if(_(e),0===e.avail_out)return n.last_flush=-1,0}else if(0===e.avail_in&&y(t)<=y(r)&&4!==t)return m(e,-5);if(n.status===p&&0!==e.avail_in)return m(e,-5);if(0!==e.avail_in||0!==n.lookahead||0!==t&&n.status!==p){var k=2===n.strategy?function(e,t){for(var r;;){if(0===e.lookahead&&(C(e),0===e.lookahead)){if(0===t)return 1;break}if(e.match_length=0,r=o._tr_tally(e,0,e.window[e.strstart]),e.lookahead--,e.strstart++,r&&(b(e,!1),0===e.strm.avail_out))return 1}return e.insert=0,4===t?(b(e,!0),0===e.strm.avail_out?3:4):e.last_lit&&(b(e,!1),0===e.strm.avail_out)?1:2}(n,t):3===n.strategy?function(e,t){for(var r,i,n,a,s=e.window;;){if(e.lookahead<=u){if(C(e),e.lookahead<=u&&0===t)return 1;if(0===e.lookahead)break}if(e.match_length=0,e.lookahead>=3&&e.strstart>0&&(i=s[n=e.strstart-1])===s[++n]&&i===s[++n]&&i===s[++n]){a=e.strstart+u;do{}while(i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&i===s[++n]&&n<a);e.match_length=u-(a-n),e.match_length>e.lookahead&&(e.match_length=e.lookahead)}if(e.match_length>=3?(r=o._tr_tally(e,1,e.match_length-3),e.lookahead-=e.match_length,e.strstart+=e.match_length,e.match_length=0):(r=o._tr_tally(e,0,e.window[e.strstart]),e.lookahead--,e.strstart++),r&&(b(e,!1),0===e.strm.avail_out))return 1}return e.insert=0,4===t?(b(e,!0),0===e.strm.avail_out?3:4):e.last_lit&&(b(e,!1),0===e.strm.avail_out)?1:2}(n,t):i[n.level].func(n,t);if(3!==k&&4!==k||(n.status=p),1===k||3===k)return 0===e.avail_out&&(n.last_flush=-1),0;if(2===k&&(1===t?o._tr_align(n):5!==t&&(o._tr_stored_block(n,0,0,!1),3===t&&(g(n.head),0===n.lookahead&&(n.strstart=0,n.block_start=0,n.insert=0))),_(e),0===e.avail_out))return n.last_flush=-1,0}return 4!==t?0:n.wrap<=0?1:(2===n.wrap?(v(n,255&e.adler),v(n,e.adler>>8&255),v(n,e.adler>>16&255),v(n,e.adler>>24&255),v(n,255&e.total_in),v(n,e.total_in>>8&255),v(n,e.total_in>>16&255),v(n,e.total_in>>24&255)):(w(n,e.adler>>>16),w(n,65535&e.adler)),_(e),n.wrap>0&&(n.wrap=-n.wrap),0!==n.pending?0:1)},t.deflateEnd=function(e){var t;return e&&e.state?42!==(t=e.state.status)&&69!==t&&73!==t&&91!==t&&t!==c&&t!==f&&t!==p?m(e,h):(e.state=null,t===f?m(e,-3):0):h},t.deflateSetDictionary=function(e,t){var r,i,o,s,d,u,l,c,f=t.length;if(!e||!e.state)return h;if(2===(s=(r=e.state).wrap)||1===s&&42!==r.status||r.lookahead)return h;for(1===s&&(e.adler=a(e.adler,t,f,0)),r.wrap=0,f>=r.w_size&&(0===s&&(g(r.head),r.strstart=0,r.block_start=0,r.insert=0),c=new n.Buf8(r.w_size),n.arraySet(c,t,f-r.w_size,r.w_size,0),t=c,f=r.w_size),d=e.avail_in,u=e.next_in,l=e.input,e.avail_in=f,e.next_in=0,e.input=t,C(r);r.lookahead>=3;){i=r.strstart,o=r.lookahead-2;do{r.ins_h=(r.ins_h<<r.hash_shift^r.window[i+3-1])&r.hash_mask,r.prev[i&r.w_mask]=r.head[r.ins_h],r.head[r.ins_h]=i,i++}while(--o);r.strstart=i,r.lookahead=2,C(r)}return r.strstart+=r.lookahead,r.block_start=r.strstart,r.insert=r.lookahead,r.lookahead=0,r.match_length=r.prev_length=2,r.match_available=0,e.next_in=u,e.input=l,e.avail_in=d,r.wrap=s,0},t.deflateInfo="pako deflate (from Nodeca project)"},function(e,t,r){"use strict";var i=r(5);function n(e){for(var t=e.length;--t>=0;)e[t]=0}var o=256,a=286,s=30,d=15,h=[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0],u=[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13],l=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7],c=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],f=new Array(576);n(f);var p=new Array(60);n(p);var m=new Array(512);n(m);var y=new Array(256);n(y);var g=new Array(29);n(g);var _,b,v,w=new Array(s);function k(e,t,r,i,n){this.static_tree=e,this.extra_bits=t,this.extra_base=r,this.elems=i,this.max_length=n,this.has_stree=e&&e.length}function C(e,t){this.dyn_tree=e,this.max_code=0,this.stat_desc=t}function x(e){return e<256?m[e]:m[256+(e>>>7)]}function E(e,t){e.pending_buf[e.pending++]=255&t,e.pending_buf[e.pending++]=t>>>8&255}function B(e,t,r){e.bi_valid>16-r?(e.bi_buf|=t<<e.bi_valid&65535,E(e,e.bi_buf),e.bi_buf=t>>16-e.bi_valid,e.bi_valid+=r-16):(e.bi_buf|=t<<e.bi_valid&65535,e.bi_valid+=r)}function T(e,t,r){B(e,r[2*t],r[2*t+1])}function A(e,t){var r=0;do{r|=1&e,e>>>=1,r<<=1}while(--t>0);return r>>>1}function S(e,t,r){var i,n,o=new Array(16),a=0;for(i=1;i<=d;i++)o[i]=a=a+r[i-1]<<1;for(n=0;n<=t;n++){var s=e[2*n+1];0!==s&&(e[2*n]=A(o[s]++,s))}}function U(e){var t;for(t=0;t<a;t++)e.dyn_ltree[2*t]=0;for(t=0;t<s;t++)e.dyn_dtree[2*t]=0;for(t=0;t<19;t++)e.bl_tree[2*t]=0;e.dyn_ltree[512]=1,e.opt_len=e.static_len=0,e.last_lit=e.matches=0}function D(e){e.bi_valid>8?E(e,e.bi_buf):e.bi_valid>0&&(e.pending_buf[e.pending++]=e.bi_buf),e.bi_buf=0,e.bi_valid=0}function I(e,t,r,i){var n=2*t,o=2*r;return e[n]<e[o]||e[n]===e[o]&&i[t]<=i[r]}function N(e,t,r){for(var i=e.heap[r],n=r<<1;n<=e.heap_len&&(n<e.heap_len&&I(t,e.heap[n+1],e.heap[n],e.depth)&&n++,!I(t,i,e.heap[n],e.depth));)e.heap[r]=e.heap[n],r=n,n<<=1;e.heap[r]=i}function P(e,t,r){var i,n,a,s,d=0;if(0!==e.last_lit)do{i=e.pending_buf[e.d_buf+2*d]<<8|e.pending_buf[e.d_buf+2*d+1],n=e.pending_buf[e.l_buf+d],d++,0===i?T(e,n,t):(T(e,(a=y[n])+o+1,t),0!==(s=h[a])&&B(e,n-=g[a],s),T(e,a=x(--i),r),0!==(s=u[a])&&B(e,i-=w[a],s))}while(d<e.last_lit);T(e,256,t)}function M(e,t){var r,i,n,o=t.dyn_tree,a=t.stat_desc.static_tree,s=t.stat_desc.has_stree,h=t.stat_desc.elems,u=-1;for(e.heap_len=0,e.heap_max=573,r=0;r<h;r++)0!==o[2*r]?(e.heap[++e.heap_len]=u=r,e.depth[r]=0):o[2*r+1]=0;for(;e.heap_len<2;)o[2*(n=e.heap[++e.heap_len]=u<2?++u:0)]=1,e.depth[n]=0,e.opt_len--,s&&(e.static_len-=a[2*n+1]);for(t.max_code=u,r=e.heap_len>>1;r>=1;r--)N(e,o,r);n=h;do{r=e.heap[1],e.heap[1]=e.heap[e.heap_len--],N(e,o,1),i=e.heap[1],e.heap[--e.heap_max]=r,e.heap[--e.heap_max]=i,o[2*n]=o[2*r]+o[2*i],e.depth[n]=(e.depth[r]>=e.depth[i]?e.depth[r]:e.depth[i])+1,o[2*r+1]=o[2*i+1]=n,e.heap[1]=n++,N(e,o,1)}while(e.heap_len>=2);e.heap[--e.heap_max]=e.heap[1],function(e,t){var r,i,n,o,a,s,h=t.dyn_tree,u=t.max_code,l=t.stat_desc.static_tree,c=t.stat_desc.has_stree,f=t.stat_desc.extra_bits,p=t.stat_desc.extra_base,m=t.stat_desc.max_length,y=0;for(o=0;o<=d;o++)e.bl_count[o]=0;for(h[2*e.heap[e.heap_max]+1]=0,r=e.heap_max+1;r<573;r++)(o=h[2*h[2*(i=e.heap[r])+1]+1]+1)>m&&(o=m,y++),h[2*i+1]=o,i>u||(e.bl_count[o]++,a=0,i>=p&&(a=f[i-p]),s=h[2*i],e.opt_len+=s*(o+a),c&&(e.static_len+=s*(l[2*i+1]+a)));if(0!==y){do{for(o=m-1;0===e.bl_count[o];)o--;e.bl_count[o]--,e.bl_count[o+1]+=2,e.bl_count[m]--,y-=2}while(y>0);for(o=m;0!==o;o--)for(i=e.bl_count[o];0!==i;)(n=e.heap[--r])>u||(h[2*n+1]!==o&&(e.opt_len+=(o-h[2*n+1])*h[2*n],h[2*n+1]=o),i--)}}(e,t),S(o,u,e.bl_count)}function F(e,t,r){var i,n,o=-1,a=t[1],s=0,d=7,h=4;for(0===a&&(d=138,h=3),t[2*(r+1)+1]=65535,i=0;i<=r;i++)n=a,a=t[2*(i+1)+1],++s<d&&n===a||(s<h?e.bl_tree[2*n]+=s:0!==n?(n!==o&&e.bl_tree[2*n]++,e.bl_tree[32]++):s<=10?e.bl_tree[34]++:e.bl_tree[36]++,s=0,o=n,0===a?(d=138,h=3):n===a?(d=6,h=3):(d=7,h=4))}function z(e,t,r){var i,n,o=-1,a=t[1],s=0,d=7,h=4;for(0===a&&(d=138,h=3),i=0;i<=r;i++)if(n=a,a=t[2*(i+1)+1],!(++s<d&&n===a)){if(s<h)do{T(e,n,e.bl_tree)}while(0!=--s);else 0!==n?(n!==o&&(T(e,n,e.bl_tree),s--),T(e,16,e.bl_tree),B(e,s-3,2)):s<=10?(T(e,17,e.bl_tree),B(e,s-3,3)):(T(e,18,e.bl_tree),B(e,s-11,7));s=0,o=n,0===a?(d=138,h=3):n===a?(d=6,h=3):(d=7,h=4)}}n(w);var O=!1;function V(e,t,r,n){B(e,0+(n?1:0),3),function(e,t,r,n){D(e),n&&(E(e,r),E(e,~r)),i.arraySet(e.pending_buf,e.window,t,r,e.pending),e.pending+=r}(e,t,r,!0)}t._tr_init=function(e){O||(!function(){var e,t,r,i,n,o=new Array(16);for(r=0,i=0;i<28;i++)for(g[i]=r,e=0;e<1<<h[i];e++)y[r++]=i;for(y[r-1]=i,n=0,i=0;i<16;i++)for(w[i]=n,e=0;e<1<<u[i];e++)m[n++]=i;for(n>>=7;i<s;i++)for(w[i]=n<<7,e=0;e<1<<u[i]-7;e++)m[256+n++]=i;for(t=0;t<=d;t++)o[t]=0;for(e=0;e<=143;)f[2*e+1]=8,e++,o[8]++;for(;e<=255;)f[2*e+1]=9,e++,o[9]++;for(;e<=279;)f[2*e+1]=7,e++,o[7]++;for(;e<=287;)f[2*e+1]=8,e++,o[8]++;for(S(f,287,o),e=0;e<s;e++)p[2*e+1]=5,p[2*e]=A(e,5);_=new k(f,h,257,a,d),b=new k(p,u,0,s,d),v=new k(new Array(0),l,0,19,7)}(),O=!0),e.l_desc=new C(e.dyn_ltree,_),e.d_desc=new C(e.dyn_dtree,b),e.bl_desc=new C(e.bl_tree,v),e.bi_buf=0,e.bi_valid=0,U(e)},t._tr_stored_block=V,t._tr_flush_block=function(e,t,r,i){var n,a,s=0;e.level>0?(2===e.strm.data_type&&(e.strm.data_type=function(e){var t,r=4093624447;for(t=0;t<=31;t++,r>>>=1)if(1&r&&0!==e.dyn_ltree[2*t])return 0;if(0!==e.dyn_ltree[18]||0!==e.dyn_ltree[20]||0!==e.dyn_ltree[26])return 1;for(t=32;t<o;t++)if(0!==e.dyn_ltree[2*t])return 1;return 0}(e)),M(e,e.l_desc),M(e,e.d_desc),s=function(e){var t;for(F(e,e.dyn_ltree,e.l_desc.max_code),F(e,e.dyn_dtree,e.d_desc.max_code),M(e,e.bl_desc),t=18;t>=3&&0===e.bl_tree[2*c[t]+1];t--);return e.opt_len+=3*(t+1)+5+5+4,t}(e),n=e.opt_len+3+7>>>3,(a=e.static_len+3+7>>>3)<=n&&(n=a)):n=a=r+5,r+4<=n&&-1!==t?V(e,t,r,i):4===e.strategy||a===n?(B(e,2+(i?1:0),3),P(e,f,p)):(B(e,4+(i?1:0),3),function(e,t,r,i){var n;for(B(e,t-257,5),B(e,r-1,5),B(e,i-4,4),n=0;n<i;n++)B(e,e.bl_tree[2*c[n]+1],3);z(e,e.dyn_ltree,t-1),z(e,e.dyn_dtree,r-1)}(e,e.l_desc.max_code+1,e.d_desc.max_code+1,s+1),P(e,e.dyn_ltree,e.dyn_dtree)),U(e),i&&D(e)},t._tr_tally=function(e,t,r){return e.pending_buf[e.d_buf+2*e.last_lit]=t>>>8&255,e.pending_buf[e.d_buf+2*e.last_lit+1]=255&t,e.pending_buf[e.l_buf+e.last_lit]=255&r,e.last_lit++,0===t?e.dyn_ltree[2*r]++:(e.matches++,t--,e.dyn_ltree[2*(y[r]+o+1)]++,e.dyn_dtree[2*x(t)]++),e.last_lit===e.lit_bufsize-1},t._tr_align=function(e){B(e,2,3),T(e,256,f),function(e){16===e.bi_valid?(E(e,e.bi_buf),e.bi_buf=0,e.bi_valid=0):e.bi_valid>=8&&(e.pending_buf[e.pending++]=255&e.bi_buf,e.bi_buf>>=8,e.bi_valid-=8)}(e)}},function(e,t,r){"use strict";var i=r(36),n=r(5),o=r(19),a=r(21),s=r(12),d=r(20),h=r(39),u=Object.prototype.toString;function l(e){if(!(this instanceof l))return new l(e);this.options=n.assign({chunkSize:16384,windowBits:0,to:""},e||{});var t=this.options;t.raw&&t.windowBits>=0&&t.windowBits<16&&(t.windowBits=-t.windowBits,0===t.windowBits&&(t.windowBits=-15)),!(t.windowBits>=0&&t.windowBits<16)||e&&e.windowBits||(t.windowBits+=32),t.windowBits>15&&t.windowBits<48&&0==(15&t.windowBits)&&(t.windowBits|=15),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new d,this.strm.avail_out=0;var r=i.inflateInit2(this.strm,t.windowBits);if(r!==a.Z_OK)throw new Error(s[r]);this.header=new h,i.inflateGetHeader(this.strm,this.header)}function c(e,t){var r=new l(t);if(r.push(e,!0),r.err)throw r.msg;return r.result}l.prototype.push=function(e,t){var r,s,d,h,l,c,f=this.strm,p=this.options.chunkSize,m=this.options.dictionary,y=!1;if(this.ended)return!1;s=t===~~t?t:!0===t?a.Z_FINISH:a.Z_NO_FLUSH,"string"==typeof e?f.input=o.binstring2buf(e):"[object ArrayBuffer]"===u.call(e)?f.input=new Uint8Array(e):f.input=e,f.next_in=0,f.avail_in=f.input.length;do{if(0===f.avail_out&&(f.output=new n.Buf8(p),f.next_out=0,f.avail_out=p),(r=i.inflate(f,a.Z_NO_FLUSH))===a.Z_NEED_DICT&&m&&(c="string"==typeof m?o.string2buf(m):"[object ArrayBuffer]"===u.call(m)?new Uint8Array(m):m,r=i.inflateSetDictionary(this.strm,c)),r===a.Z_BUF_ERROR&&!0===y&&(r=a.Z_OK,y=!1),r!==a.Z_STREAM_END&&r!==a.Z_OK)return this.onEnd(r),this.ended=!0,!1;f.next_out&&(0!==f.avail_out&&r!==a.Z_STREAM_END&&(0!==f.avail_in||s!==a.Z_FINISH&&s!==a.Z_SYNC_FLUSH)||("string"===this.options.to?(d=o.utf8border(f.output,f.next_out),h=f.next_out-d,l=o.buf2string(f.output,d),f.next_out=h,f.avail_out=p-h,h&&n.arraySet(f.output,f.output,d,h,0),this.onData(l)):this.onData(n.shrinkBuf(f.output,f.next_out)))),0===f.avail_in&&0===f.avail_out&&(y=!0)}while((f.avail_in>0||0===f.avail_out)&&r!==a.Z_STREAM_END);return r===a.Z_STREAM_END&&(s=a.Z_FINISH),s===a.Z_FINISH?(r=i.inflateEnd(this.strm),this.onEnd(r),this.ended=!0,r===a.Z_OK):s!==a.Z_SYNC_FLUSH||(this.onEnd(a.Z_OK),f.avail_out=0,!0)},l.prototype.onData=function(e){this.chunks.push(e)},l.prototype.onEnd=function(e){e===a.Z_OK&&("string"===this.options.to?this.result=this.chunks.join(""):this.result=n.flattenChunks(this.chunks)),this.chunks=[],this.err=e,this.msg=this.strm.msg},t.Inflate=l,t.inflate=c,t.inflateRaw=function(e,t){return(t=t||{}).raw=!0,c(e,t)},t.ungzip=c},function(e,t,r){"use strict";var i=r(5),n=r(17),o=r(18),a=r(37),s=r(38),d=-2,h=12,u=30;function l(e){return(e>>>24&255)+(e>>>8&65280)+((65280&e)<<8)+((255&e)<<24)}function c(){this.mode=0,this.last=!1,this.wrap=0,this.havedict=!1,this.flags=0,this.dmax=0,this.check=0,this.total=0,this.head=null,this.wbits=0,this.wsize=0,this.whave=0,this.wnext=0,this.window=null,this.hold=0,this.bits=0,this.length=0,this.offset=0,this.extra=0,this.lencode=null,this.distcode=null,this.lenbits=0,this.distbits=0,this.ncode=0,this.nlen=0,this.ndist=0,this.have=0,this.next=null,this.lens=new i.Buf16(320),this.work=new i.Buf16(288),this.lendyn=null,this.distdyn=null,this.sane=0,this.back=0,this.was=0}function f(e){var t;return e&&e.state?(t=e.state,e.total_in=e.total_out=t.total=0,e.msg="",t.wrap&&(e.adler=1&t.wrap),t.mode=1,t.last=0,t.havedict=0,t.dmax=32768,t.head=null,t.hold=0,t.bits=0,t.lencode=t.lendyn=new i.Buf32(852),t.distcode=t.distdyn=new i.Buf32(592),t.sane=1,t.back=-1,0):d}function p(e){var t;return e&&e.state?((t=e.state).wsize=0,t.whave=0,t.wnext=0,f(e)):d}function m(e,t){var r,i;return e&&e.state?(i=e.state,t<0?(r=0,t=-t):(r=1+(t>>4),t<48&&(t&=15)),t&&(t<8||t>15)?d:(null!==i.window&&i.wbits!==t&&(i.window=null),i.wrap=r,i.wbits=t,p(e))):d}function y(e,t){var r,i;return e?(i=new c,e.state=i,i.window=null,0!==(r=m(e,t))&&(e.state=null),r):d}var g,_,b=!0;function v(e){if(b){var t;for(g=new i.Buf32(512),_=new i.Buf32(32),t=0;t<144;)e.lens[t++]=8;for(;t<256;)e.lens[t++]=9;for(;t<280;)e.lens[t++]=7;for(;t<288;)e.lens[t++]=8;for(s(1,e.lens,0,288,g,0,e.work,{bits:9}),t=0;t<32;)e.lens[t++]=5;s(2,e.lens,0,32,_,0,e.work,{bits:5}),b=!1}e.lencode=g,e.lenbits=9,e.distcode=_,e.distbits=5}function w(e,t,r,n){var o,a=e.state;return null===a.window&&(a.wsize=1<<a.wbits,a.wnext=0,a.whave=0,a.window=new i.Buf8(a.wsize)),n>=a.wsize?(i.arraySet(a.window,t,r-a.wsize,a.wsize,0),a.wnext=0,a.whave=a.wsize):((o=a.wsize-a.wnext)>n&&(o=n),i.arraySet(a.window,t,r-n,o,a.wnext),(n-=o)?(i.arraySet(a.window,t,r-n,n,0),a.wnext=n,a.whave=a.wsize):(a.wnext+=o,a.wnext===a.wsize&&(a.wnext=0),a.whave<a.wsize&&(a.whave+=o))),0}t.inflateReset=p,t.inflateReset2=m,t.inflateResetKeep=f,t.inflateInit=function(e){return y(e,15)},t.inflateInit2=y,t.inflate=function(e,t){var r,c,f,p,m,y,g,_,b,k,C,x,E,B,T,A,S,U,D,I,N,P,M,F,z=0,O=new i.Buf8(4),V=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15];if(!e||!e.state||!e.output||!e.input&&0!==e.avail_in)return d;(r=e.state).mode===h&&(r.mode=13),m=e.next_out,f=e.output,g=e.avail_out,p=e.next_in,c=e.input,y=e.avail_in,_=r.hold,b=r.bits,k=y,C=g,P=0;e:for(;;)switch(r.mode){case 1:if(0===r.wrap){r.mode=13;break}for(;b<16;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}if(2&r.wrap&&35615===_){r.check=0,O[0]=255&_,O[1]=_>>>8&255,r.check=o(r.check,O,2,0),_=0,b=0,r.mode=2;break}if(r.flags=0,r.head&&(r.head.done=!1),!(1&r.wrap)||(((255&_)<<8)+(_>>8))%31){e.msg="incorrect header check",r.mode=u;break}if(8!=(15&_)){e.msg="unknown compression method",r.mode=u;break}if(b-=4,N=8+(15&(_>>>=4)),0===r.wbits)r.wbits=N;else if(N>r.wbits){e.msg="invalid window size",r.mode=u;break}r.dmax=1<<N,e.adler=r.check=1,r.mode=512&_?10:h,_=0,b=0;break;case 2:for(;b<16;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}if(r.flags=_,8!=(255&r.flags)){e.msg="unknown compression method",r.mode=u;break}if(57344&r.flags){e.msg="unknown header flags set",r.mode=u;break}r.head&&(r.head.text=_>>8&1),512&r.flags&&(O[0]=255&_,O[1]=_>>>8&255,r.check=o(r.check,O,2,0)),_=0,b=0,r.mode=3;case 3:for(;b<32;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}r.head&&(r.head.time=_),512&r.flags&&(O[0]=255&_,O[1]=_>>>8&255,O[2]=_>>>16&255,O[3]=_>>>24&255,r.check=o(r.check,O,4,0)),_=0,b=0,r.mode=4;case 4:for(;b<16;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}r.head&&(r.head.xflags=255&_,r.head.os=_>>8),512&r.flags&&(O[0]=255&_,O[1]=_>>>8&255,r.check=o(r.check,O,2,0)),_=0,b=0,r.mode=5;case 5:if(1024&r.flags){for(;b<16;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}r.length=_,r.head&&(r.head.extra_len=_),512&r.flags&&(O[0]=255&_,O[1]=_>>>8&255,r.check=o(r.check,O,2,0)),_=0,b=0}else r.head&&(r.head.extra=null);r.mode=6;case 6:if(1024&r.flags&&((x=r.length)>y&&(x=y),x&&(r.head&&(N=r.head.extra_len-r.length,r.head.extra||(r.head.extra=new Array(r.head.extra_len)),i.arraySet(r.head.extra,c,p,x,N)),512&r.flags&&(r.check=o(r.check,c,x,p)),y-=x,p+=x,r.length-=x),r.length))break e;r.length=0,r.mode=7;case 7:if(2048&r.flags){if(0===y)break e;x=0;do{N=c[p+x++],r.head&&N&&r.length<65536&&(r.head.name+=String.fromCharCode(N))}while(N&&x<y);if(512&r.flags&&(r.check=o(r.check,c,x,p)),y-=x,p+=x,N)break e}else r.head&&(r.head.name=null);r.length=0,r.mode=8;case 8:if(4096&r.flags){if(0===y)break e;x=0;do{N=c[p+x++],r.head&&N&&r.length<65536&&(r.head.comment+=String.fromCharCode(N))}while(N&&x<y);if(512&r.flags&&(r.check=o(r.check,c,x,p)),y-=x,p+=x,N)break e}else r.head&&(r.head.comment=null);r.mode=9;case 9:if(512&r.flags){for(;b<16;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}if(_!==(65535&r.check)){e.msg="header crc mismatch",r.mode=u;break}_=0,b=0}r.head&&(r.head.hcrc=r.flags>>9&1,r.head.done=!0),e.adler=r.check=0,r.mode=h;break;case 10:for(;b<32;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}e.adler=r.check=l(_),_=0,b=0,r.mode=11;case 11:if(0===r.havedict)return e.next_out=m,e.avail_out=g,e.next_in=p,e.avail_in=y,r.hold=_,r.bits=b,2;e.adler=r.check=1,r.mode=h;case h:if(5===t||6===t)break e;case 13:if(r.last){_>>>=7&b,b-=7&b,r.mode=27;break}for(;b<3;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}switch(r.last=1&_,b-=1,3&(_>>>=1)){case 0:r.mode=14;break;case 1:if(v(r),r.mode=20,6===t){_>>>=2,b-=2;break e}break;case 2:r.mode=17;break;case 3:e.msg="invalid block type",r.mode=u}_>>>=2,b-=2;break;case 14:for(_>>>=7&b,b-=7&b;b<32;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}if((65535&_)!=(_>>>16^65535)){e.msg="invalid stored block lengths",r.mode=u;break}if(r.length=65535&_,_=0,b=0,r.mode=15,6===t)break e;case 15:r.mode=16;case 16:if(x=r.length){if(x>y&&(x=y),x>g&&(x=g),0===x)break e;i.arraySet(f,c,p,x,m),y-=x,p+=x,g-=x,m+=x,r.length-=x;break}r.mode=h;break;case 17:for(;b<14;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}if(r.nlen=257+(31&_),_>>>=5,b-=5,r.ndist=1+(31&_),_>>>=5,b-=5,r.ncode=4+(15&_),_>>>=4,b-=4,r.nlen>286||r.ndist>30){e.msg="too many length or distance symbols",r.mode=u;break}r.have=0,r.mode=18;case 18:for(;r.have<r.ncode;){for(;b<3;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}r.lens[V[r.have++]]=7&_,_>>>=3,b-=3}for(;r.have<19;)r.lens[V[r.have++]]=0;if(r.lencode=r.lendyn,r.lenbits=7,M={bits:r.lenbits},P=s(0,r.lens,0,19,r.lencode,0,r.work,M),r.lenbits=M.bits,P){e.msg="invalid code lengths set",r.mode=u;break}r.have=0,r.mode=19;case 19:for(;r.have<r.nlen+r.ndist;){for(;A=(z=r.lencode[_&(1<<r.lenbits)-1])>>>16&255,S=65535&z,!((T=z>>>24)<=b);){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}if(S<16)_>>>=T,b-=T,r.lens[r.have++]=S;else{if(16===S){for(F=T+2;b<F;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}if(_>>>=T,b-=T,0===r.have){e.msg="invalid bit length repeat",r.mode=u;break}N=r.lens[r.have-1],x=3+(3&_),_>>>=2,b-=2}else if(17===S){for(F=T+3;b<F;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}b-=T,N=0,x=3+(7&(_>>>=T)),_>>>=3,b-=3}else{for(F=T+7;b<F;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}b-=T,N=0,x=11+(127&(_>>>=T)),_>>>=7,b-=7}if(r.have+x>r.nlen+r.ndist){e.msg="invalid bit length repeat",r.mode=u;break}for(;x--;)r.lens[r.have++]=N}}if(r.mode===u)break;if(0===r.lens[256]){e.msg="invalid code -- missing end-of-block",r.mode=u;break}if(r.lenbits=9,M={bits:r.lenbits},P=s(1,r.lens,0,r.nlen,r.lencode,0,r.work,M),r.lenbits=M.bits,P){e.msg="invalid literal/lengths set",r.mode=u;break}if(r.distbits=6,r.distcode=r.distdyn,M={bits:r.distbits},P=s(2,r.lens,r.nlen,r.ndist,r.distcode,0,r.work,M),r.distbits=M.bits,P){e.msg="invalid distances set",r.mode=u;break}if(r.mode=20,6===t)break e;case 20:r.mode=21;case 21:if(y>=6&&g>=258){e.next_out=m,e.avail_out=g,e.next_in=p,e.avail_in=y,r.hold=_,r.bits=b,a(e,C),m=e.next_out,f=e.output,g=e.avail_out,p=e.next_in,c=e.input,y=e.avail_in,_=r.hold,b=r.bits,r.mode===h&&(r.back=-1);break}for(r.back=0;A=(z=r.lencode[_&(1<<r.lenbits)-1])>>>16&255,S=65535&z,!((T=z>>>24)<=b);){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}if(A&&0==(240&A)){for(U=T,D=A,I=S;A=(z=r.lencode[I+((_&(1<<U+D)-1)>>U)])>>>16&255,S=65535&z,!(U+(T=z>>>24)<=b);){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}_>>>=U,b-=U,r.back+=U}if(_>>>=T,b-=T,r.back+=T,r.length=S,0===A){r.mode=26;break}if(32&A){r.back=-1,r.mode=h;break}if(64&A){e.msg="invalid literal/length code",r.mode=u;break}r.extra=15&A,r.mode=22;case 22:if(r.extra){for(F=r.extra;b<F;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}r.length+=_&(1<<r.extra)-1,_>>>=r.extra,b-=r.extra,r.back+=r.extra}r.was=r.length,r.mode=23;case 23:for(;A=(z=r.distcode[_&(1<<r.distbits)-1])>>>16&255,S=65535&z,!((T=z>>>24)<=b);){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}if(0==(240&A)){for(U=T,D=A,I=S;A=(z=r.distcode[I+((_&(1<<U+D)-1)>>U)])>>>16&255,S=65535&z,!(U+(T=z>>>24)<=b);){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}_>>>=U,b-=U,r.back+=U}if(_>>>=T,b-=T,r.back+=T,64&A){e.msg="invalid distance code",r.mode=u;break}r.offset=S,r.extra=15&A,r.mode=24;case 24:if(r.extra){for(F=r.extra;b<F;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}r.offset+=_&(1<<r.extra)-1,_>>>=r.extra,b-=r.extra,r.back+=r.extra}if(r.offset>r.dmax){e.msg="invalid distance too far back",r.mode=u;break}r.mode=25;case 25:if(0===g)break e;if(x=C-g,r.offset>x){if((x=r.offset-x)>r.whave&&r.sane){e.msg="invalid distance too far back",r.mode=u;break}x>r.wnext?(x-=r.wnext,E=r.wsize-x):E=r.wnext-x,x>r.length&&(x=r.length),B=r.window}else B=f,E=m-r.offset,x=r.length;x>g&&(x=g),g-=x,r.length-=x;do{f[m++]=B[E++]}while(--x);0===r.length&&(r.mode=21);break;case 26:if(0===g)break e;f[m++]=r.length,g--,r.mode=21;break;case 27:if(r.wrap){for(;b<32;){if(0===y)break e;y--,_|=c[p++]<<b,b+=8}if(C-=g,e.total_out+=C,r.total+=C,C&&(e.adler=r.check=r.flags?o(r.check,f,C,m-C):n(r.check,f,C,m-C)),C=g,(r.flags?_:l(_))!==r.check){e.msg="incorrect data check",r.mode=u;break}_=0,b=0}r.mode=28;case 28:if(r.wrap&&r.flags){for(;b<32;){if(0===y)break e;y--,_+=c[p++]<<b,b+=8}if(_!==(4294967295&r.total)){e.msg="incorrect length check",r.mode=u;break}_=0,b=0}r.mode=29;case 29:P=1;break e;case u:P=-3;break e;case 31:return-4;case 32:default:return d}return e.next_out=m,e.avail_out=g,e.next_in=p,e.avail_in=y,r.hold=_,r.bits=b,(r.wsize||C!==e.avail_out&&r.mode<u&&(r.mode<27||4!==t))&&w(e,e.output,e.next_out,C-e.avail_out)?(r.mode=31,-4):(k-=e.avail_in,C-=e.avail_out,e.total_in+=k,e.total_out+=C,r.total+=C,r.wrap&&C&&(e.adler=r.check=r.flags?o(r.check,f,C,e.next_out-C):n(r.check,f,C,e.next_out-C)),e.data_type=r.bits+(r.last?64:0)+(r.mode===h?128:0)+(20===r.mode||15===r.mode?256:0),(0===k&&0===C||4===t)&&0===P&&(P=-5),P)},t.inflateEnd=function(e){if(!e||!e.state)return d;var t=e.state;return t.window&&(t.window=null),e.state=null,0},t.inflateGetHeader=function(e,t){var r;return e&&e.state?0==(2&(r=e.state).wrap)?d:(r.head=t,t.done=!1,0):d},t.inflateSetDictionary=function(e,t){var r,i=t.length;return e&&e.state?0!==(r=e.state).wrap&&11!==r.mode?d:11===r.mode&&n(1,t,i,0)!==r.check?-3:w(e,t,i,i)?(r.mode=31,-4):(r.havedict=1,0):d},t.inflateInfo="pako inflate (from Nodeca project)"},function(e,t,r){"use strict";e.exports=function(e,t){var r,i,n,o,a,s,d,h,u,l,c,f,p,m,y,g,_,b,v,w,k,C,x,E,B;r=e.state,i=e.next_in,E=e.input,n=i+(e.avail_in-5),o=e.next_out,B=e.output,a=o-(t-e.avail_out),s=o+(e.avail_out-257),d=r.dmax,h=r.wsize,u=r.whave,l=r.wnext,c=r.window,f=r.hold,p=r.bits,m=r.lencode,y=r.distcode,g=(1<<r.lenbits)-1,_=(1<<r.distbits)-1;e:do{p<15&&(f+=E[i++]<<p,p+=8,f+=E[i++]<<p,p+=8),b=m[f&g];t:for(;;){if(f>>>=v=b>>>24,p-=v,0===(v=b>>>16&255))B[o++]=65535&b;else{if(!(16&v)){if(0==(64&v)){b=m[(65535&b)+(f&(1<<v)-1)];continue t}if(32&v){r.mode=12;break e}e.msg="invalid literal/length code",r.mode=30;break e}w=65535&b,(v&=15)&&(p<v&&(f+=E[i++]<<p,p+=8),w+=f&(1<<v)-1,f>>>=v,p-=v),p<15&&(f+=E[i++]<<p,p+=8,f+=E[i++]<<p,p+=8),b=y[f&_];r:for(;;){if(f>>>=v=b>>>24,p-=v,!(16&(v=b>>>16&255))){if(0==(64&v)){b=y[(65535&b)+(f&(1<<v)-1)];continue r}e.msg="invalid distance code",r.mode=30;break e}if(k=65535&b,p<(v&=15)&&(f+=E[i++]<<p,(p+=8)<v&&(f+=E[i++]<<p,p+=8)),(k+=f&(1<<v)-1)>d){e.msg="invalid distance too far back",r.mode=30;break e}if(f>>>=v,p-=v,k>(v=o-a)){if((v=k-v)>u&&r.sane){e.msg="invalid distance too far back",r.mode=30;break e}if(C=0,x=c,0===l){if(C+=h-v,v<w){w-=v;do{B[o++]=c[C++]}while(--v);C=o-k,x=B}}else if(l<v){if(C+=h+l-v,(v-=l)<w){w-=v;do{B[o++]=c[C++]}while(--v);if(C=0,l<w){w-=v=l;do{B[o++]=c[C++]}while(--v);C=o-k,x=B}}}else if(C+=l-v,v<w){w-=v;do{B[o++]=c[C++]}while(--v);C=o-k,x=B}for(;w>2;)B[o++]=x[C++],B[o++]=x[C++],B[o++]=x[C++],w-=3;w&&(B[o++]=x[C++],w>1&&(B[o++]=x[C++]))}else{C=o-k;do{B[o++]=B[C++],B[o++]=B[C++],B[o++]=B[C++],w-=3}while(w>2);w&&(B[o++]=B[C++],w>1&&(B[o++]=B[C++]))}break}}break}}while(i<n&&o<s);i-=w=p>>3,f&=(1<<(p-=w<<3))-1,e.next_in=i,e.next_out=o,e.avail_in=i<n?n-i+5:5-(i-n),e.avail_out=o<s?s-o+257:257-(o-s),r.hold=f,r.bits=p}},function(e,t,r){"use strict";var i=r(5),n=15,o=[3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258,0,0],a=[16,16,16,16,16,16,16,16,17,17,17,17,18,18,18,18,19,19,19,19,20,20,20,20,21,21,21,21,16,72,78],s=[1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577,0,0],d=[16,16,16,16,17,17,18,18,19,19,20,20,21,21,22,22,23,23,24,24,25,25,26,26,27,27,28,28,29,29,64,64];e.exports=function(e,t,r,h,u,l,c,f){var p,m,y,g,_,b,v,w,k,C=f.bits,x=0,E=0,B=0,T=0,A=0,S=0,U=0,D=0,I=0,N=0,P=null,M=0,F=new i.Buf16(16),z=new i.Buf16(16),O=null,V=0;for(x=0;x<=n;x++)F[x]=0;for(E=0;E<h;E++)F[t[r+E]]++;for(A=C,T=n;T>=1&&0===F[T];T--);if(A>T&&(A=T),0===T)return u[l++]=20971520,u[l++]=20971520,f.bits=1,0;for(B=1;B<T&&0===F[B];B++);for(A<B&&(A=B),D=1,x=1;x<=n;x++)if(D<<=1,(D-=F[x])<0)return-1;if(D>0&&(0===e||1!==T))return-1;for(z[1]=0,x=1;x<n;x++)z[x+1]=z[x]+F[x];for(E=0;E<h;E++)0!==t[r+E]&&(c[z[t[r+E]]++]=E);if(0===e?(P=O=c,b=19):1===e?(P=o,M-=257,O=a,V-=257,b=256):(P=s,O=d,b=-1),N=0,E=0,x=B,_=l,S=A,U=0,y=-1,g=(I=1<<A)-1,1===e&&I>852||2===e&&I>592)return 1;for(;;){v=x-U,c[E]<b?(w=0,k=c[E]):c[E]>b?(w=O[V+c[E]],k=P[M+c[E]]):(w=96,k=0),p=1<<x-U,B=m=1<<S;do{u[_+(N>>U)+(m-=p)]=v<<24|w<<16|k|0}while(0!==m);for(p=1<<x-1;N&p;)p>>=1;if(0!==p?(N&=p-1,N+=p):N=0,E++,0==--F[x]){if(x===T)break;x=t[r+c[E]]}if(x>A&&(N&g)!==y){for(0===U&&(U=A),_+=B,D=1<<(S=x-U);S+U<T&&!((D-=F[S+U])<=0);)S++,D<<=1;if(I+=1<<S,1===e&&I>852||2===e&&I>592)return 1;u[y=N&g]=A<<24|S<<16|_-l|0}}return 0!==N&&(u[_+N]=x-U<<24|64<<16|0),f.bits=A,0}},function(e,t,r){"use strict";e.exports=function(){this.text=0,this.time=0,this.xflags=0,this.os=0,this.extra=null,this.extra_len=0,this.name="",this.comment="",this.hcrc=0,this.done=!1}},function(e,t,r){var i=r(41);e.exports={TextEncoder:i.TextEncoder,TextDecoder:i.TextDecoder}},function(e,t,r){!function(t){"use strict";function r(e,t,r){return t<=e&&e<=r}function i(e){if(void 0===e)return{};if(e===Object(e))return e;throw TypeError("Could not convert argument to dictionary")}var n=-1;function o(e){this.tokens=[].slice.call(e),this.tokens.reverse()}o.prototype={endOfStream:function(){return!this.tokens.length},read:function(){return this.tokens.length?this.tokens.pop():n},prepend:function(e){if(Array.isArray(e))for(var t=e;t.length;)this.tokens.push(t.pop());else this.tokens.push(e)},push:function(e){if(Array.isArray(e))for(var t=e;t.length;)this.tokens.unshift(t.shift());else this.tokens.unshift(e)}};var a=-1;function s(e,t){if(e)throw TypeError("Decoder error");return t||65533}function d(e){return e=String(e).trim().toLowerCase(),Object.prototype.hasOwnProperty.call(h,e)?h[e]:null}var h={};[{encodings:[{labels:["unicode-1-1-utf-8","utf-8","utf8"],name:"UTF-8"}],heading:"The Encoding"}].forEach((function(e){e.encodings.forEach((function(e){e.labels.forEach((function(t){h[t]=e}))}))}));var u={},l={};function c(e,t){if(!(this instanceof c))throw TypeError("Called as a function. Did you forget 'new'?");e=void 0!==e?String(e):"utf-8",t=i(t),this._encoding=null,this._decoder=null,this._ignoreBOM=!1,this._BOMseen=!1,this._error_mode="replacement",this._do_not_flush=!1;var r=d(e);if(null===r||"replacement"===r.name)throw RangeError("Unknown encoding: "+e);if(!l[r.name])throw Error("Decoder not present. Did you forget to include encoding-indexes.js?");var n=this;return n._encoding=r,Boolean(t.fatal)&&(n._error_mode="fatal"),Boolean(t.ignoreBOM)&&(n._ignoreBOM=!0),n}function f(e,r){if(!(this instanceof f))throw TypeError("Called as a function. Did you forget 'new'?");r=i(r),this._encoding=null,this._encoder=null,this._do_not_flush=!1,this._fatal=Boolean(r.fatal)?"fatal":"replacement";return this._encoding=d("utf-8"),void 0!==e&&"console"in t&&console.warn("TextEncoder constructor called with encoding label, which is ignored."),this}function p(e){var t=e.fatal,i=0,o=0,d=0,h=128,u=191;this.handler=function(e,l){if(l===n&&0!==d)return d=0,s(t);if(l===n)return a;if(0===d){if(r(l,0,127))return l;if(r(l,194,223))d=1,i=31&l;else if(r(l,224,239))224===l&&(h=160),237===l&&(u=159),d=2,i=15&l;else{if(!r(l,240,244))return s(t);240===l&&(h=144),244===l&&(u=143),d=3,i=7&l}return null}if(!r(l,h,u))return i=d=o=0,h=128,u=191,e.prepend(l),s(t);if(h=128,u=191,i=i<<6|63&l,(o+=1)!==d)return null;var c=i;return i=d=o=0,c}}function m(e){e.fatal;this.handler=function(e,t){if(t===n)return a;if(r(t,0,127))return t;var i,o;r(t,128,2047)?(i=1,o=192):r(t,2048,65535)?(i=2,o=224):r(t,65536,1114111)&&(i=3,o=240);for(var s=[(t>>6*i)+o];i>0;){var d=t>>6*(i-1);s.push(128|63&d),i-=1}return s}}Object.defineProperty&&(Object.defineProperty(c.prototype,"encoding",{get:function(){return this._encoding.name.toLowerCase()}}),Object.defineProperty(c.prototype,"fatal",{get:function(){return"fatal"===this._error_mode}}),Object.defineProperty(c.prototype,"ignoreBOM",{get:function(){return this._ignoreBOM}})),c.prototype.decode=function(e,t){var r;r="object"==typeof e&&e instanceof ArrayBuffer?new Uint8Array(e):"object"==typeof e&&"buffer"in e&&e.buffer instanceof ArrayBuffer?new Uint8Array(e.buffer,e.byteOffset,e.byteLength):new Uint8Array(0),t=i(t),this._do_not_flush||(this._decoder=l[this._encoding.name]({fatal:"fatal"===this._error_mode}),this._BOMseen=!1),this._do_not_flush=Boolean(t.stream);for(var s,d=new o(r),h=[];;){var u=d.read();if(u===n)break;if((s=this._decoder.handler(d,u))===a)break;null!==s&&(Array.isArray(s)?h.push.apply(h,s):h.push(s))}if(!this._do_not_flush){do{if((s=this._decoder.handler(d,d.read()))===a)break;null!==s&&(Array.isArray(s)?h.push.apply(h,s):h.push(s))}while(!d.endOfStream());this._decoder=null}return function(e){var t,r;return t=["UTF-8","UTF-16LE","UTF-16BE"],r=this._encoding.name,-1===t.indexOf(r)||this._ignoreBOM||this._BOMseen||(e.length>0&&65279===e[0]?(this._BOMseen=!0,e.shift()):e.length>0&&(this._BOMseen=!0)),function(e){for(var t="",r=0;r<e.length;++r){var i=e[r];i<=65535?t+=String.fromCharCode(i):(i-=65536,t+=String.fromCharCode(55296+(i>>10),56320+(1023&i)))}return t}(e)}.call(this,h)},Object.defineProperty&&Object.defineProperty(f.prototype,"encoding",{get:function(){return this._encoding.name.toLowerCase()}}),f.prototype.encode=function(e,t){e=e?String(e):"",t=i(t),this._do_not_flush||(this._encoder=u[this._encoding.name]({fatal:"fatal"===this._fatal})),this._do_not_flush=Boolean(t.stream);for(var r,s=new o(function(e){for(var t=String(e),r=t.length,i=0,n=[];i<r;){var o=t.charCodeAt(i);if(o<55296||o>57343)n.push(o);else if(56320<=o&&o<=57343)n.push(65533);else if(55296<=o&&o<=56319)if(i===r-1)n.push(65533);else{var a=t.charCodeAt(i+1);if(56320<=a&&a<=57343){var s=1023&o,d=1023&a;n.push(65536+(s<<10)+d),i+=1}else n.push(65533)}i+=1}return n}(e)),d=[];;){var h=s.read();if(h===n)break;if((r=this._encoder.handler(s,h))===a)break;Array.isArray(r)?d.push.apply(d,r):d.push(r)}if(!this._do_not_flush){for(;(r=this._encoder.handler(s,s.read()))!==a;)Array.isArray(r)?d.push.apply(d,r):d.push(r);this._encoder=null}return new Uint8Array(d)},u["UTF-8"]=function(e){return new m(e)},l["UTF-8"]=function(e){return new p(e)},t.TextEncoder||(t.TextEncoder=f),t.TextDecoder||(t.TextDecoder=c),e.exports&&(e.exports={TextEncoder:t.TextEncoder,TextDecoder:t.TextDecoder})}(this)},function(t,r){t.exports=e},function(e,t,r){"use strict";var i=r(4),n=function(e){this.kdbx=e.kdbx,this.exportXml=e.exportXml||!1};n.prototype.setXmlDate=function(e,t){var r=this.kdbx.header.versionMajor>=4&&!this.exportXml;i.setDate(e,t,r)},e.exports=n},function(e,r){e.exports=t},function(e,t,r){"use strict";var i=r(11),n=r(2),o=r(1),a=r(0),s=r(3);e.exports.decrypt=function(e){return Promise.resolve().then((function(){var t,r=new i(e),d=[],h=0,u=0,l=function(){if(r.getUint32(!0),t=r.readBytes(32),(h=r.getUint32(!0))>0){u+=h;var e=r.readBytes(h);return s.sha256(e).then((function(r){if(a.arrayBufferEquals(r,t))return d.push(e),l();throw new n(o.ErrorCodes.FileCorrupt,"invalid hash block")}))}for(var i=new Uint8Array(u),c=0,f=0;f<d.length;f++)i.set(new Uint8Array(d[f]),c),c+=d[f].byteLength;return i.buffer};return l()}))},e.exports.encrypt=function(e){return Promise.resolve().then((function(){var t=e.byteLength,r=0,n=0,o=0,a=[],d=function(){if(t>0){var h=Math.min(1048576,t);t-=h;var u=e.slice(r,r+h);return s.sha256(u).then((function(e){var t=new ArrayBuffer(40),s=new i(t);return s.setUint32(n,!0),s.writeBytes(e),s.setUint32(h,!0),a.push(t),o+=t.byteLength,a.push(u),o+=u.byteLength,n++,r+=h,d()}))}var l=new ArrayBuffer(40);new DataView(l).setUint32(0,n,!0),a.push(l),o+=l.byteLength;for(var c=new Uint8Array(o),f=0,p=0;p<a.length;p++)c.set(new Uint8Array(a[p]),f),f+=a[p].byteLength;return c.buffer};return d()}))}},function(e,t,r){"use strict";var i=r(8),n=r(2),o=r(1),a=r(0),s=r(11),d=r(3);function h(e,t){var r=new Uint8Array(8+e.byteLength);r.set(new Uint8Array(e),8);var i=new DataView(r.buffer);return i.setUint32(0,t.lo,!0),i.setUint32(4,t.hi,!0),d.sha512(a.arrayToBuffer(r)).then((function(e){return a.zeroBuffer(r),e}))}function u(e,t,r,n){return h(e,new i(t)).then((function(e){var i=new Uint8Array(n.byteLength+4+8),o=new DataView(i.buffer);return i.set(new Uint8Array(n),12),o.setInt32(0,t,!0),o.setInt32(8,r,!0),d.hmacSha256(e,i.buffer)}))}e.exports.getHmacKey=h,e.exports.decrypt=function(e,t){var r=new s(e);return Promise.resolve().then((function(){var e,i=[],s=0,d=0,h=0,l=function(){if(e=r.readBytes(32),(d=r.getUint32(!0))>0){h+=d;var c=r.readBytes(d);return u(t,s,d,c).then((function(t){if(a.arrayBufferEquals(t,e))return i.push(c),s++,l();throw new n(o.ErrorCodes.FileCorrupt,"invalid hash block")}))}for(var f=new Uint8Array(h),p=0,m=0;m<i.length;m++)f.set(new Uint8Array(i[m]),p),p+=i[m].byteLength;return f.buffer};return l()}))},e.exports.encrypt=function(e,t){return Promise.resolve().then((function(){var r=e.byteLength,i=0,n=0,o=0,a=[],d=function(){var h=Math.min(1048576,r);r-=h;var l=e.slice(i,i+h);return u(t,n,h,l).then((function(e){var t=new ArrayBuffer(36),r=new s(t);if(r.writeBytes(e),r.setUint32(h,!0),a.push(t),o+=t.byteLength,l.byteLength>0)return a.push(l),o+=l.byteLength,n++,i+=h,d();for(var u=new Uint8Array(o),c=0,f=0;f<a.length;f++)u.set(new Uint8Array(a[f]),c),c+=a[f].byteLength;return u.buffer}))};return d()}))}},function(e,t,r){"use strict";var i=r(23),n=r(24),o=r(1),a=r(2),s=r(3),d=r(0),h=[232,48,9,75,151,32,93,42],u=function(e){this.algo=e};u.prototype.getSalt=function(e){return d.arrayToBuffer(this.algo.getBytes(e))},u.create=function(e,t){switch(t){case o.CrsAlgorithm.Salsa20:return s.sha256(d.arrayToBuffer(e)).then((function(e){var t=new Uint8Array(e),r=new i(t,h);return new u(r)}));case o.CrsAlgorithm.ChaCha20:return s.sha512(d.arrayToBuffer(e)).then((function(e){var t=new Uint8Array(e,0,32),r=new Uint8Array(e,32,12),i=new n(t,r);return new u(i)}));default:return Promise.reject(new a(o.ErrorCodes.Unsupported,"crsAlgorithm"))}},e.exports=u},function(e,t,r){"use strict";var i=r(1),n=r(0),o=r(14),a=r(8),s=r(3),d=r(2),h=r(25),u=[{name:"salt",field:"S",type:o.ValueType.Bytes},{name:"parallelism",field:"P",type:o.ValueType.UInt32},{name:"memory",field:"M",type:o.ValueType.UInt64},{name:"iterations",field:"I",type:o.ValueType.UInt64},{name:"version",field:"V",type:o.ValueType.UInt32},{name:"secretKey",field:"K",type:o.ValueType.Bytes},{name:"assocData",field:"A",type:o.ValueType.Bytes},{name:"rounds",field:"R",type:o.ValueType.UInt64}];function l(e){var t={};return u.forEach((function(r){var i=e.get(r.field);i&&(i instanceof a&&(i=i.value),t[r.name]=i)})),t}e.exports.encrypt=function(e,t){var r=t.get("$UUID");if(!(r&&r instanceof ArrayBuffer))return Promise.reject(new d(i.ErrorCodes.FileCorrupt,"no kdf uuid"));switch(n.bytesToBase64(r)){case i.KdfId.Argon2:return function(e,t){var r=l(t);if(!(r.salt instanceof ArrayBuffer)||32!==r.salt.byteLength)return Promise.reject(new d(i.ErrorCodes.FileCorrupt,"bad argon2 salt"));if("number"!=typeof r.parallelism||r.parallelism<1)return Promise.reject(new d(i.ErrorCodes.FileCorrupt,"bad argon2 parallelism"));if("number"!=typeof r.iterations||r.iterations<1)return Promise.reject(new d(i.ErrorCodes.FileCorrupt,"bad argon2 iterations"));if("number"!=typeof r.memory||r.memory<1||r.memory%1024!=0)return Promise.reject(new d(i.ErrorCodes.FileCorrupt,"bad argon2 memory"));if(19!==r.version&&16!==r.version)return Promise.reject(new d(i.ErrorCodes.FileCorrupt,"bad argon2 version"));if(r.secretKey)return Promise.reject(new d(i.ErrorCodes.Unsupported,"argon2 secret key"));if(r.assocData)return Promise.reject(new d(i.ErrorCodes.Unsupported,"argon2 assoc data"));return s.argon2(e,r.salt,r.memory/1024,r.iterations,32,r.parallelism,0,r.version)}(e,t);case i.KdfId.Aes:return function(e,t){var r=l(t);if(!(r.salt instanceof ArrayBuffer)||32!==r.salt.byteLength)return Promise.reject(new d(i.ErrorCodes.FileCorrupt,"bad aes salt"));if("number"!=typeof r.rounds||r.rounds<1)return Promise.reject(new d(i.ErrorCodes.FileCorrupt,"bad aes rounds"));return h.encrypt(new Uint8Array(e),new Uint8Array(r.salt),r.rounds).then((function(e){return s.sha256(e).then((function(t){return n.zeroBuffer(e),t}))}))}(e,t);default:return Promise.reject(new d(i.ErrorCodes.Unsupported,"bad kdf"))}}},function(e,t,r){"use strict";var i=r(6),n=r(7),o=r(15),a=r(4),s=r(1),d={Generator:"KdbxWeb"},h=function(){this.generator=void 0,this.headerHash=void 0,this.settingsChanged=void 0,this._name=void 0,this.nameChanged=void 0,this._desc=void 0,this.descChanged=void 0,this._defaultUser=void 0,this.defaultUserChanged=void 0,this._mntncHistoryDays=void 0,this._color=void 0,this.keyChanged=void 0,this._keyChangeRec=void 0,this._keyChangeForce=void 0,this._recycleBinEnabled=void 0,this._recycleBinUuid=void 0,this.recycleBinChanged=void 0,this._entryTemplatesGroup=void 0,this.entryTemplatesGroupChanged=void 0,this._historyMaxItems=void 0,this._historyMaxSize=void 0,this._lastSelectedGroup=void 0,this._lastTopVisibleGroup=void 0,this._memoryProtection={title:void 0,userName:void 0,password:void 0,url:void 0,notes:void 0},this.customData={},this.customIcons={},this._editState=void 0,Object.preventExtensions(this)},u={name:"nameChanged",desc:"descChanged",defaultUser:"defaultUserChanged",mntncHistoryDays:null,color:null,keyChangeRec:null,keyChangeForce:null,recycleBinEnabled:"recycleBinChanged",recycleBinUuid:"recycleBinChanged",entryTemplatesGroup:"entryTemplatesGroupChanged",historyMaxItems:null,historyMaxSize:null,lastSelectedGroup:null,lastTopVisibleGroup:null,memoryProtection:null};Object.keys(u).forEach((function(e){!function(e,t){var r="_"+e;Object.defineProperty(h.prototype,e,{enumerable:!0,get:function(){return this[r]},set:function(i){i!==this[r]&&(this[r]=i,t?this[t]=new Date:this._setPropModDate(e))}})}(e,u[e])})),h.prototype._setPropModDate=function(e){this._editState||(this._editState={}),this._editState[e]=(new Date).getTime()},h.prototype._readNode=function(e,t){switch(e.tagName){case i.Elem.Generator:this.generator=a.getText(e);break;case i.Elem.HeaderHash:this.headerHash=a.getBytes(e);break;case i.Elem.SettingsChanged:this.settingsChanged=a.getDate(e);break;case i.Elem.DbName:this._name=a.getText(e);break;case i.Elem.DbNameChanged:this.nameChanged=a.getDate(e);break;case i.Elem.DbDesc:this._desc=a.getText(e);break;case i.Elem.DbDescChanged:this.descChanged=a.getDate(e);break;case i.Elem.DbDefaultUser:this._defaultUser=a.getText(e);break;case i.Elem.DbDefaultUserChanged:this.defaultUserChanged=a.getDate(e);break;case i.Elem.DbMntncHistoryDays:this._mntncHistoryDays=a.getNumber(e);break;case i.Elem.DbColor:this._color=a.getText(e);break;case i.Elem.DbKeyChanged:this.keyChanged=a.getDate(e);break;case i.Elem.DbKeyChangeRec:this._keyChangeRec=a.getNumber(e);break;case i.Elem.DbKeyChangeForce:this._keyChangeForce=a.getNumber(e);break;case i.Elem.RecycleBinEnabled:this._recycleBinEnabled=a.getBoolean(e);break;case i.Elem.RecycleBinUuid:this._recycleBinUuid=a.getUuid(e);break;case i.Elem.RecycleBinChanged:this.recycleBinChanged=a.getDate(e);break;case i.Elem.EntryTemplatesGroup:this._entryTemplatesGroup=a.getUuid(e);break;case i.Elem.EntryTemplatesGroupChanged:this.entryTemplatesGroupChanged=a.getDate(e);break;case i.Elem.HistoryMaxItems:this._historyMaxItems=a.getNumber(e);break;case i.Elem.HistoryMaxSize:this._historyMaxSize=a.getNumber(e);break;case i.Elem.LastSelectedGroup:this._lastSelectedGroup=a.getUuid(e);break;case i.Elem.LastTopVisibleGroup:this._lastTopVisibleGroup=a.getUuid(e);break;case i.Elem.MemoryProt:this._readMemoryProtection(e);break;case i.Elem.CustomIcons:this._readCustomIcons(e);break;case i.Elem.Binaries:this._readBinaries(e,t);break;case i.Elem.CustomData:this._readCustomData(e)}},h.prototype._readMemoryProtection=function(e){for(var t=0,r=e.childNodes,n=r.length;t<n;t++){var o=r[t];switch(o.tagName){case i.Elem.ProtTitle:this.memoryProtection.title=a.getBoolean(o);break;case i.Elem.ProtUserName:this.memoryProtection.userName=a.getBoolean(o);break;case i.Elem.ProtPassword:this.memoryProtection.password=a.getBoolean(o);break;case i.Elem.ProtUrl:this.memoryProtection.url=a.getBoolean(o);break;case i.Elem.ProtNotes:this.memoryProtection.notes=a.getBoolean(o)}}},h.prototype._writeMemoryProtection=function(e){var t=a.addChildNode(e,i.Elem.MemoryProt);a.setBoolean(a.addChildNode(t,i.Elem.ProtTitle),this.memoryProtection.title),a.setBoolean(a.addChildNode(t,i.Elem.ProtUserName),this.memoryProtection.userName),a.setBoolean(a.addChildNode(t,i.Elem.ProtPassword),this.memoryProtection.password),a.setBoolean(a.addChildNode(t,i.Elem.ProtUrl),this.memoryProtection.url),a.setBoolean(a.addChildNode(t,i.Elem.ProtNotes),this.memoryProtection.notes)},h.prototype._readCustomIcons=function(e){for(var t=0,r=e.childNodes,n=r.length;t<n;t++){var o=r[t];o.tagName===i.Elem.CustomIconItem&&this._readCustomIcon(o)}},h.prototype._readCustomIcon=function(e){for(var t,r,n=0,o=e.childNodes,s=o.length;n<s;n++){var d=o[n];switch(d.tagName){case i.Elem.CustomIconItemID:t=a.getUuid(d);break;case i.Elem.CustomIconItemData:r=a.getBytes(d)}}t&&r&&(this.customIcons[t]=r)},h.prototype._writeCustomIcons=function(e){var t=a.addChildNode(e,i.Elem.CustomIcons),r=this.customIcons;Object.keys(r).forEach((function(e){var n=r[e];if(n){var o=a.addChildNode(t,i.Elem.CustomIconItem);a.setUuid(a.addChildNode(o,i.Elem.CustomIconItemID),e),a.setBytes(a.addChildNode(o,i.Elem.CustomIconItemData),n)}}))},h.prototype._readBinaries=function(e,t){for(var r=0,n=e.childNodes,o=n.length;r<o;r++){var a=n[r];a.tagName===i.Elem.Binary&&this._readBinary(a,t)}},h.prototype._readBinary=function(e,t){var r=e.getAttribute(i.Attr.Id),n=a.getProtectedBinary(e);r&&n&&(t.kdbx.binaries[r]=n)},h.prototype._writeBinaries=function(e,t){var r=a.addChildNode(e,i.Elem.Binaries),n=t.kdbx.binaries;n.hashOrder.forEach((function(e,t){var o=n[e];if(o){var s=a.addChildNode(r,i.Elem.Binary);s.setAttribute(i.Attr.Id,t.toString()),a.setProtectedBinary(s,o)}}))},h.prototype._readCustomData=function(e){this.customData=o.read(e)},h.prototype._writeCustomData=function(e){o.write(e,this.customData)},h.prototype.write=function(e,t){this.generator=d.generator;var r=a.addChildNode(e,i.Elem.Meta);a.setText(a.addChildNode(r,i.Elem.Generator),d.Generator),t.kdbx.header.versionMajor<4?a.setBytes(a.addChildNode(r,i.Elem.HeaderHash),this.headerHash):this.settingsChanged&&t.setXmlDate(a.addChildNode(r,i.Elem.SettingsChanged),this.settingsChanged),a.setText(a.addChildNode(r,i.Elem.DbName),this.name),t.setXmlDate(a.addChildNode(r,i.Elem.DbNameChanged),this.nameChanged),a.setText(a.addChildNode(r,i.Elem.DbDesc),this.desc),t.setXmlDate(a.addChildNode(r,i.Elem.DbDescChanged),this.descChanged),a.setText(a.addChildNode(r,i.Elem.DbDefaultUser),this.defaultUser),t.setXmlDate(a.addChildNode(r,i.Elem.DbDefaultUserChanged),this.defaultUserChanged),a.setText(a.addChildNode(r,i.Elem.DbMntncHistoryDays),this.mntncHistoryDays),a.setText(a.addChildNode(r,i.Elem.DbColor),this.color),t.setXmlDate(a.addChildNode(r,i.Elem.DbKeyChanged),this.keyChanged),a.setNumber(a.addChildNode(r,i.Elem.DbKeyChangeRec),this.keyChangeRec),a.setNumber(a.addChildNode(r,i.Elem.DbKeyChangeForce),this.keyChangeForce),a.setBoolean(a.addChildNode(r,i.Elem.RecycleBinEnabled),this.recycleBinEnabled),a.setUuid(a.addChildNode(r,i.Elem.RecycleBinUuid),this.recycleBinUuid),t.setXmlDate(a.addChildNode(r,i.Elem.RecycleBinChanged),this.recycleBinChanged),a.setUuid(a.addChildNode(r,i.Elem.EntryTemplatesGroup),this.entryTemplatesGroup),t.setXmlDate(a.addChildNode(r,i.Elem.EntryTemplatesGroupChanged),this.entryTemplatesGroupChanged),a.setNumber(a.addChildNode(r,i.Elem.HistoryMaxItems),this.historyMaxItems),a.setNumber(a.addChildNode(r,i.Elem.HistoryMaxSize),this.historyMaxSize),a.setUuid(a.addChildNode(r,i.Elem.LastSelectedGroup),this.lastSelectedGroup),a.setUuid(a.addChildNode(r,i.Elem.LastTopVisibleGroup),this.lastTopVisibleGroup),this._writeMemoryProtection(r),this._writeCustomIcons(r),(t.exportXml||t.kdbx.header.versionMajor<4)&&this._writeBinaries(r,t),this._writeCustomData(r)},h.prototype.merge=function(e,t){e.nameChanged>this.nameChanged&&(this._name=e.name,this.nameChanged=e.nameChanged),e.descChanged>this.descChanged&&(this._desc=e.desc,this.descChanged=e.descChanged),e.defaultUserChanged>this.defaultUserChanged&&(this._defaultUser=e.defaultUser,this.defaultUserChanged=e.defaultUserChanged),e.keyChanged>this.keyChanged&&(this.keyChanged=e.keyChanged),e.settingsChanged>this.settingsChanged&&(this.settingsChanged=e.settingsChanged),e.recycleBinChanged>this.recycleBinChanged&&(this._recycleBinEnabled=e.recycleBinEnabled,this._recycleBinUuid=e.recycleBinUuid,this.recycleBinChanged=e.recycleBinChanged),e.entryTemplatesGroupChanged>this.entryTemplatesGroupChanged&&(this._entryTemplatesGroup=e.entryTemplatesGroup,this.entryTemplatesGroupChanged=e.entryTemplatesGroupChanged),Object.keys(e.customData).forEach((function(r){this.customData[r]||t.deleted[r]||(this.customData[r]=e.customData[r])}),this),Object.keys(e.customIcons).forEach((function(r){this.customIcons[r]||t.deleted[r]||(this.customIcons[r]=e.customIcons[r])}),this),this._editState&&this._editState.historyMaxItems||(this.historyMaxItems=e.historyMaxItems),this._editState&&this._editState.historyMaxSize||(this.historyMaxSize=e.historyMaxSize),this._editState&&this._editState.keyChangeRec||(this.keyChangeRec=e.keyChangeRec),this._editState&&this._editState.keyChangeForce||(this.keyChangeForce=e.keyChangeForce),this._editState&&this._editState.mntncHistoryDays||(this.mntncHistoryDays=e.mntncHistoryDays),this._editState&&this._editState.color||(this.color=e.color)},h.create=function(){var e=new Date,t=new h;return t.generator=d.Generator,t.settingsChanged=e,t.mntncHistoryDays=s.Defaults.MntncHistoryDays,t.recycleBinEnabled=!0,t.historyMaxItems=s.Defaults.HistoryMaxItems,t.historyMaxSize=s.Defaults.HistoryMaxSize,t.nameChanged=e,t.descChanged=e,t.defaultUserChanged=e,t.recycleBinChanged=e,t.keyChangeRec=-1,t.keyChangeForce=-1,t.entryTemplatesGroup=new n,t.entryTemplatesGroupChanged=e,t.memoryProtection={title:!1,userName:!1,password:!0,url:!1,notes:!1},t},h.read=function(e,t){for(var r=new h,i=0,n=e.childNodes,o=n.length;i<o;i++){var a=n[i];a.tagName&&r._readNode(a,t)}return r},e.exports=h},function(e,t,r){"use strict";var i=r(9),n=r(3),o=r(0),a=function(){Object.defineProperties(this,{idToHash:{value:{}},hashOrder:{value:null,configurable:!0}})};a.prototype.hash=function(){var e=[],t=this;return Object.keys(t).forEach((function(r){var i=t[r];e.push(t.getBinaryHash(i).then((function(e){t.idToHash[r]=e,t[e]=t[r],delete t[r]})))})),Promise.all(e)},a.prototype.getBinaryHash=function(e){var t;return e instanceof i?t=e.getHash():(e instanceof ArrayBuffer||e instanceof Uint8Array)&&(e=o.arrayToBuffer(e),t=n.sha256(e)),t.then((function(e){return o.bytesToHex(e)}))},a.prototype.assignIds=function(){Object.defineProperty(this,"hashOrder",{value:Object.keys(this),configurable:!0})},a.prototype.add=function(e){var t=this;return this.getBinaryHash(e).then((function(r){return t[r]=e,{ref:r,value:e}}))},e.exports=a},function(e,t,r){"use strict";var i=r(6),n=r(4),o=r(1),a=r(15),s=r(27),d=r(7),h=r(28),u=function(){this.uuid=void 0,this.name=void 0,this.notes=void 0,this.icon=void 0,this.customIcon=void 0,this.times=new s,this.expanded=void 0,this.defaultAutoTypeSeq=void 0,this.enableAutoType=void 0,this.enableSearching=void 0,this.lastTopVisibleEntry=void 0,this.groups=[],this.entries=[],this.parentGroup=void 0,this.customData=void 0,Object.preventExtensions(this)};u.prototype._readNode=function(e,t){switch(e.tagName){case i.Elem.Uuid:this.uuid=n.getUuid(e);break;case i.Elem.Name:this.name=n.getText(e);break;case i.Elem.Notes:this.notes=n.getText(e);break;case i.Elem.Icon:this.icon=n.getNumber(e);break;case i.Elem.CustomIconID:this.customIcon=n.getUuid(e);break;case i.Elem.Times:this.times=s.read(e);break;case i.Elem.IsExpanded:this.expanded=n.getBoolean(e);break;case i.Elem.GroupDefaultAutoTypeSeq:this.defaultAutoTypeSeq=n.getText(e);break;case i.Elem.EnableAutoType:this.enableAutoType=n.getBoolean(e);break;case i.Elem.EnableSearching:this.enableSearching=n.getBoolean(e);break;case i.Elem.LastTopVisibleEntry:this.lastTopVisibleEntry=n.getUuid(e);break;case i.Elem.Group:this.groups.push(u.read(e,t,this));break;case i.Elem.Entry:this.entries.push(h.read(e,t,this));break;case i.Elem.CustomData:this.customData=a.read(e)}},u.prototype.write=function(e,t){var r=n.addChildNode(e,i.Elem.Group);n.setUuid(n.addChildNode(r,i.Elem.Uuid),this.uuid),n.setText(n.addChildNode(r,i.Elem.Name),this.name),n.setText(n.addChildNode(r,i.Elem.Notes),this.notes),n.setNumber(n.addChildNode(r,i.Elem.Icon),this.icon),this.customIcon&&n.setUuid(n.addChildNode(r,i.Elem.CustomIconID),this.customIcon),a.write(r,this.customData),this.times.write(r,t),n.setBoolean(n.addChildNode(r,i.Elem.IsExpanded),this.expanded),n.setText(n.addChildNode(r,i.Elem.GroupDefaultAutoTypeSeq),this.defaultAutoTypeSeq),n.setBoolean(n.addChildNode(r,i.Elem.EnableAutoType),this.enableAutoType),n.setBoolean(n.addChildNode(r,i.Elem.EnableSearching),this.enableSearching),n.setUuid(n.addChildNode(r,i.Elem.LastTopVisibleEntry),this.lastTopVisibleEntry),this.groups.forEach((function(e){e.write(r,t)})),this.entries.forEach((function(e){e.write(r,t)}))},u.prototype.forEach=function(e,t){e.call(t,void 0,this),this.entries.forEach((function(r){e.call(t,r)})),this.groups.forEach((function(r){r.forEach(e,t)}))},u.prototype.merge=function(e){var t=e.remote[this.uuid];t&&(t.times.lastModTime>this.times.lastModTime&&this.copyFrom(t),this.groups=this._mergeCollection(this.groups,t.groups,e),this.entries=this._mergeCollection(this.entries,t.entries,e),this.groups.forEach((function(t){t.merge(e)})),this.entries.forEach((function(t){t.merge(e)})))},u.prototype._mergeCollection=function(e,t,r){var i=[];return e.forEach((function(e){if(!r.deleted[e.uuid]){var t=r.remote[e.uuid];t?t.times.locationChanged<=e.times.locationChanged&&i.push(e):i.push(e)}}),this),t.forEach((function(e,n){if(!r.deleted[e.uuid]){var o=r.objects[e.uuid];if(o&&e.times.locationChanged>o.times.locationChanged)o.parentGroup=this,i.splice(this._findInsertIx(i,t,n),0,o);else if(!o){var a=new e.constructor;a.copyFrom(e),a.parentGroup=this,i.splice(this._findInsertIx(i,t,n),0,a)}}}),this),i},u.prototype._findInsertIx=function(e,t,r){for(var i=e.length,n=-1,o=0;o<=e.length;o++){var a=0,s=r>0?t[r-1].uuid.id:void 0,d=r+1<t.length?t[r+1].uuid.id:void 0,h=o>0?e[o-1].uuid.id:void 0,u=o<e.length?e[o].uuid.id:void 0;s||h?s===h&&(a+=5):a+=1,d||u?d===u&&(a+=5):a+=2,a>n&&(i=o,n=a)}return i},u.prototype.copyFrom=function(e){this.uuid=e.uuid,this.name=e.name,this.notes=e.notes,this.icon=e.icon,this.customIcon=e.customIcon,this.times=e.times.clone(),this.expanded=e.expanded,this.defaultAutoTypeSeq=e.defaultAutoTypeSeq,this.enableAutoType=e.enableAutoType,this.enableSearching=e.enableSearching,this.lastTopVisibleEntry=e.lastTopVisibleEntry},u.create=function(e,t){var r=new u;return r.uuid=d.random(),r.icon=o.Icons.Folder,r.times=s.create(),r.name=e,r.parentGroup=t,r.expanded=!0,r.enableAutoType=null,r.enableSearching=null,r.lastTopVisibleEntry=new d,r},u.read=function(e,t,r){for(var i=new u,n=0,o=e.childNodes,a=o.length;n<a;n++){var s=o[n];s.tagName&&i._readNode(s,t)}return i.uuid||(i.uuid=d.random()),i.parentGroup=r,i},e.exports=u},function(e,t,r){"use strict";var i=r(6),n=r(4),o=function(){this.uuid=void 0,this.deletionTime=void 0,Object.preventExtensions(this)};o.prototype._readNode=function(e){switch(e.tagName){case i.Elem.Uuid:this.uuid=n.getUuid(e);break;case i.Elem.DeletionTime:this.deletionTime=n.getDate(e)}},o.prototype.write=function(e,t){var r=n.addChildNode(e,i.Elem.DeletedObject);n.setUuid(n.addChildNode(r,i.Elem.Uuid),this.uuid),t.setXmlDate(n.addChildNode(r,i.Elem.DeletionTime),this.deletionTime)},o.read=function(e){for(var t=new o,r=0,i=e.childNodes,n=i.length;r<n;r++){var a=i[r];a.tagName&&t._readNode(a)}return t},e.exports=o}])}));
\ No newline at end of file
diff --git a/vault/static/src/backend/controller.esm.js b/vault/static/src/backend/controller.esm.js
new file mode 100644
index 0000000000..d3f4b6c42e
--- /dev/null
+++ b/vault/static/src/backend/controller.esm.js
@@ -0,0 +1,406 @@
+/** @odoo-module alias=vault.controller **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import {AlertDialog} from "@web/core/confirmation_dialog/confirmation_dialog";
+import Dialog from "web.Dialog";
+import {FormController} from "@web/views/form/form_controller";
+import Importer from "vault.import";
+import {ListController} from "@web/views/list/list_controller";
+import {_lt} from "@web/core/l10n/translation";
+import framework from "web.framework";
+import {patch} from "@web/core/utils/patch";
+import {useService} from "@web/core/utils/hooks";
+import utils from "vault.utils";
+import vault from "vault";
+
+patch(FormController.prototype, "vault", {
+    /**
+     * Re-encrypt the key if the user is getting selected
+     *
+     * @private
+     */
+    async _vaultSendWizard() {
+        const record = this.model.root;
+        if (record.resModel !== "vault.send.wizard") return;
+
+        if (!record.data.user_id || !record.data.public) return;
+
+        const key = await vault.unwrap(record.data.key);
+        await record.update({key_user: await vault.wrap_with(key, record.data.public)});
+    },
+
+    /**
+     * Re-encrypt the key if the entry is getting selected
+     *
+     * @private
+     * @param {Object} record
+     * @param {Object} changes
+     * @param {Object} options
+     */
+    async _vaultStoreWizard() {
+        const record = this.model.root;
+        if (
+            !record.data.entry_id ||
+            !record.data.master_key ||
+            !record.data.iv ||
+            !record.data.secret_temporary
+        )
+            return;
+
+        const key = await vault.unwrap(record.data.key);
+        const secret = await utils.sym_decrypt(
+            key,
+            record.data.secret_temporary,
+            record.data.iv
+        );
+        const master_key = await vault.unwrap(record.data.master_key);
+
+        await record.update({
+            secret: await utils.sym_encrypt(master_key, secret, record.data.iv),
+        });
+    },
+
+    /**
+     * Generate a new key pair for the current user
+     *
+     * @private
+     */
+    async _newVaultKeyPair() {
+        // Get the current private key
+        const private_key = await vault.get_private_key();
+
+        // Generate new keys
+        await vault.generate_keys();
+
+        const public_key = await vault.get_public_key();
+
+        // Re-encrypt the master keys
+        const master_keys = await this.rpc("/vault/rights/get");
+        let result = {};
+        for (const uuid in master_keys) {
+            result[uuid] = await utils.wrap(
+                await utils.unwrap(master_keys[uuid], private_key),
+                public_key
+            );
+        }
+
+        await this.rpc("/vault/rights/store", {keys: result});
+
+        // Re-encrypt the inboxes to not loose it
+        const inbox_keys = await this.rpc("/vault/inbox/get");
+        result = {};
+        for (const uuid in inbox_keys) {
+            result[uuid] = await utils.wrap(
+                await utils.unwrap(inbox_keys[uuid], private_key),
+                public_key
+            );
+        }
+
+        await this.rpc("/vault/inbox/store", {keys: result});
+    },
+
+    /**
+     * Generate a new key pair and re-encrypt the master keys of the vaults
+     *
+     * @private
+     */
+    async _vaultRegenerateKey() {
+        if (!utils.supported()) return;
+
+        var self = this;
+
+        Dialog.confirm(
+            self,
+            _lt("Do you really want to create a new key pair and set it active?"),
+            {
+                confirm_callback: function () {
+                    return self._newVaultKeyPair();
+                },
+            }
+        );
+    },
+
+    /**
+     * Handle the deletion of a vault.right field in the vault view properly by
+     * generating a new master key and re-encrypting everything in the vault to
+     * deny any future access to the vault.
+     *
+     * @private
+     * @param {Boolean} verify
+     * @param {Boolean} force
+     */
+    async _reencryptVault(verify = false, force = false) {
+        const record = this.model.root;
+
+        await vault._ensure_keys();
+
+        const self = this;
+        const master_key = await utils.generate_key();
+        const current_key = await vault.unwrap(record.data.master_key);
+
+        // This stores the additional changes made to rights, fields, and files
+        const changes = [];
+        const problems = [];
+
+        async function reencrypt(model, type) {
+            // Load the entire data from the database
+            const records = await self.model.orm.searchRead(
+                model,
+                [["vault_id", "=", record.resId]],
+                ["iv", "value", "name", "entry_name"],
+                {
+                    context: {vault_reencrypt: true},
+                    limit: 0,
+                }
+            );
+
+            for (const rec of records) {
+                const val = await utils.sym_decrypt(current_key, rec.value, rec.iv);
+                if (val === null) {
+                    problems.push(
+                        _.str.sprintf(
+                            _lt("%s '%s' of entry '%s'"),
+                            type,
+                            rec.name,
+                            rec.entry_name
+                        )
+                    );
+                    continue;
+                }
+
+                const iv = utils.generate_iv_base64();
+                const encrypted = await utils.sym_encrypt(master_key, val, iv);
+
+                changes.push({
+                    id: rec.id,
+                    model: model,
+                    value: encrypted,
+                    iv: iv,
+                });
+            }
+        }
+
+        framework.blockUI();
+        try {
+            // Update the rights. Load without limit
+            const rights = await self.model.orm.searchRead(
+                "vault.right",
+                [["vault_id", "=", record.resId]],
+                ["public_key"],
+                {limit: 0}
+            );
+
+            for (const right of rights) {
+                const key = await vault.wrap_with(master_key, right.public_key);
+
+                changes.push({
+                    id: right.id,
+                    model: "vault.right",
+                    key: key,
+                });
+            }
+
+            // Re-encrypt vault.field and vault.file
+            await reencrypt("vault.field", "Field");
+            await reencrypt("vault.file", "File");
+
+            if (problems.length && !force) {
+                framework.unblockUI();
+
+                Dialog.alert(self, "", {
+                    title: _lt("The following entries are broken:"),
+                    $content: $("<div/>").html(problems.join("<br>\n")),
+                });
+            }
+
+            if (!verify) {
+                await this.rpc("/vault/replace", {data: changes});
+                await this.model.root.load();
+            }
+        } finally {
+            framework.unblockUI();
+        }
+    },
+
+    /**
+     * Call the right importer in the import wizard onchange of the content field
+     *
+     * @private
+     */
+    async _vaultImportWizard() {
+        const record = this.model.root;
+        if (record.resModel !== "vault.import.wizard") return;
+
+        // Try to import the file on the fly and store the compatible JSON in the
+        // crypted_content field for the python backend
+        const importer = new Importer();
+        const data = await importer.import(
+            await vault.unwrap(record.data.master_key),
+            record.data.name,
+            atob(record.data.content)
+        );
+
+        if (data) await record.update({crypted_content: JSON.stringify(data)});
+    },
+
+    /**
+     * Ensure that a vault.right as the shared master_key set
+     *
+     * @private
+     * @param {Object} root
+     * @param {Object} right
+     */
+    async _vaultEnsureRightKey(root, right) {
+        if (!root.data.master_key || right.data.key) return;
+
+        const params = {user_id: right.data.user_id[0]};
+        const user = await this.rpc("/vault/public", params);
+
+        if (!user || !user.public_key) throw new TypeError("User has no public key");
+
+        await right.update({
+            key: await vault.share(root.data.master_key, user.public_key),
+        });
+    },
+
+    /**
+     * Ensures that the master_key of the vault and right lines are set
+     *
+     * @private
+     */
+    async _vaultEnsureKeys() {
+        const root = this.model.root;
+        if (root.resModel !== "vault") return;
+
+        if (!root.data.master_key)
+            await root.update({
+                master_key: await vault.wrap(await utils.generate_key()),
+            });
+
+        if (root.data.right_ids)
+            for (const right of root.data.right_ids.records)
+                await this._vaultEnsureRightKey(root, right);
+    },
+
+    /**
+     * Check the model of the form and call the above functions for the right case
+     *
+     * @private
+     * @param {Object} button
+     */
+    async _vaultAction(button) {
+        if (!utils.supported()) {
+            await this.dialogService.add(AlertDialog, {
+                title: _lt("Vault is not supported"),
+                body: _lt(
+                    "A secure browser context is required. Please switch to " +
+                        "https or contact your administrator"
+                ),
+            });
+            return false;
+        }
+
+        const root = this.model.root;
+        switch (root.resModel) {
+            case "res.users":
+                if (button && button.name === "vault_generate_key") {
+                    await this._vaultRegenerateKey();
+                    return false;
+                }
+                break;
+            case "vault":
+                if (button && button.name === "vault_reencrypt") {
+                    await this._reencryptVault(false, true);
+                    return false;
+                } else if (button && button.name === "vault_verify") {
+                    await this._reencryptVault(true, false);
+                    return false;
+                }
+
+                await this._vaultEnsureKeys();
+                break;
+
+            case "vault.send.wizard":
+                await this._vaultSendWizard();
+                break;
+
+            case "vault.store.wizard":
+                await this._vaultStoreWizard();
+                break;
+
+            case "vault.import.wizard":
+                await this._vaultImportWizard();
+                break;
+        }
+
+        return true;
+    },
+
+    /**
+     * Add the required rpc service to the controller which will be used to
+     * get/store information from/to the vault controller
+     */
+    setup() {
+        if (this.props.resModel === "vault" && !utils.supported()) {
+            this.props.preventCreate = true;
+            this.props.preventEdit = true;
+        }
+
+        this._super(...arguments);
+        this.rpc = useService("rpc");
+    },
+
+    /**
+     * Hook into the relevant functions
+     */
+    async create() {
+        const _super = this._super.bind(this);
+        if (this.model.root.isDirty) await this._vaultAction();
+
+        const ret = await _super(...arguments);
+        return ret;
+    },
+
+    async onPagerUpdate() {
+        const _super = this._super.bind(this);
+        if (this.model.root.isDirty) await this._vaultAction();
+        return await _super(...arguments);
+    },
+
+    async saveButtonClicked() {
+        const _super = this._super.bind(this);
+        if (this.model.root.isDirty) await this._vaultAction();
+        return await _super(...arguments);
+    },
+
+    async beforeLeave() {
+        const _super = this._super.bind(this);
+        if (this.model.root.isDirty) await this._vaultAction();
+        return await _super(...arguments);
+    },
+
+    async beforeUnload() {
+        const _super = this._super.bind(this);
+        if (this.model.root.isDirty) await this._vaultAction();
+        return await _super(...arguments);
+    },
+
+    async beforeExecuteActionButton(clickParams) {
+        const _super = this._super.bind(this);
+        if (clickParams.special !== "cancel") {
+            const _continue = await this._vaultAction(clickParams);
+            if (!_continue) return false;
+        }
+
+        return await _super(...arguments);
+    },
+});
+
+patch(ListController.prototype, "vault", {
+    setup() {
+        this._super(...arguments);
+        if (this.props.resModel === "vault" && !utils.supported())
+            this.props.showButtons = false;
+    },
+});
diff --git a/vault/static/src/backend/export.esm.js b/vault/static/src/backend/export.esm.js
new file mode 100644
index 0000000000..f14ac14cec
--- /dev/null
+++ b/vault/static/src/backend/export.esm.js
@@ -0,0 +1,128 @@
+/** @odoo-module alias=vault.export **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import {_lt} from "@web/core/l10n/translation";
+import utils from "vault.utils";
+
+// This class handles the export to different formats by using a standardize
+// JSON formatted data generated by the python backend.
+//
+// JSON format description:
+//
+// Entries are represented as objects with the following attributes
+//  `name`, `uuid`, `url`, `note`
+//     Specific fields of the entry. `uuid` is used for updating existing records
+//  `childs`
+//     Child entries
+//  `fields`, `files`
+//     List of encypted fields/files with `name`, `iv`, and `value`
+//
+export default class VaultExporter {
+    /**
+     * Encrypt a field of the above format properly for the backend to store.
+     * The changes are done inplace.
+     *
+     * @private
+     * @param {CryptoKey} master_key
+     * @param {Object} node
+     */
+    async _export_json_entry(master_key, node) {
+        const fields = [];
+        for (const field of node.fields || [])
+            fields.push({
+                name: field.name,
+                value: await utils.sym_decrypt(master_key, field.value, field.iv),
+            });
+
+        const files = [];
+        for (const file of node.files || [])
+            files.push({
+                name: file.name,
+                value: await utils.sym_decrypt(master_key, file.value, file.iv),
+            });
+
+        const childs = [];
+        for (const entry of node.childs || [])
+            childs.push(await this._export_json_entry(master_key, entry));
+
+        return {
+            name: node.name || "",
+            uuid: node.uuid || null,
+            url: node.url || "",
+            note: node.note || "",
+            childs: childs,
+            fields: fields,
+            files: files,
+        };
+    }
+
+    /**
+     * Decrypt the data fro the JSON export.
+     *
+     * @private
+     * @param {CryptoKey} master_key
+     * @param {Object} data
+     * @returns the encrypted entry for the database
+     */
+    async _export_json_data(master_key, data) {
+        const result = [];
+        for (const node of data)
+            result.push(await this._export_json_entry(master_key, node));
+        return JSON.stringify(result);
+    }
+
+    /**
+     * Export using JSON format. The database is stored in the `data` field of the JSON
+     * type and is an encrypted JSON object. For the encryption the needed encryption
+     * parameter `iv`, `salt` and `iterations` are stored in the file.
+     * This will add `iv` to fields and files and encrypt the `value`
+     *
+     * @private
+     * @param {CryptoKey} master_key
+     * @param {String} data
+     * @returns the encrypted entry for the database
+     */
+    async _export_json(master_key, data) {
+        // Get the password for the exported file from the user
+        const askpass = await utils.askpass(
+            _lt("Please enter the password for the database")
+        );
+        let password = askpass.password || "";
+        if (askpass.keyfile)
+            password += await utils.digest(utils.toBinary(askpass.keyfile));
+
+        const iv = utils.generate_iv_base64();
+        const salt = utils.generate_bytes(utils.SaltLength).buffer;
+        const iterations = utils.Derive.iterations;
+        const key = await utils.derive_key(password, salt, iterations);
+
+        // Unwrap the master key and decrypt the entries
+        const content = await this._export_json_data(master_key, JSON.parse(data));
+        return {
+            type: "encrypted",
+            iv: iv,
+            salt: utils.toBase64(salt),
+            data: await utils.sym_encrypt(key, content, iv),
+            iterations: iterations,
+        };
+    }
+
+    /**
+     * The main export functions which checks the file ending and calls the right function
+     * to handle the rest of the export
+     *
+     * @private
+     * @param {CryptoKey} master_key
+     * @param {String} filename
+     * @param {String} content
+     * @returns the data importable by the backend or false on error
+     */
+    async export(master_key, filename, content) {
+        if (!utils.supported()) return false;
+
+        if (filename.endsWith(".json"))
+            return await this._export_json(master_key, content);
+        return false;
+    }
+}
diff --git a/vault/static/src/backend/fields/templates.xml b/vault/static/src/backend/fields/templates.xml
new file mode 100644
index 0000000000..b5619af48b
--- /dev/null
+++ b/vault/static/src/backend/fields/templates.xml
@@ -0,0 +1,121 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<templates id="template" xml:space="preserve">
+    <t t-name="vault.Field.buttons.send" owl="1">
+        <button
+            t-if="sendButton"
+            t-on-click="_onSendValue"
+            class="btn btn-secondary btn-sm fa fa-share-alt o_vault_send"
+            title="Send the secret to an user"
+            aria-label="Send the secret to an user"
+        />
+    </t>
+
+    <t t-name="vault.Field.buttons" owl="1">
+        <button
+            t-if="!state.decrypted &amp;&amp; showButton"
+            t-on-click="_onShowValue"
+            class="btn btn-secondary btn-sm fa fa-eye o_vault_show"
+            title="Show"
+            aria-label="Show"
+        />
+        <button
+            t-elif="showButton"
+            t-on-click="_onShowValue"
+            class="btn btn-secondary btn-sm fa fa-eye-slash o_vault_show"
+            title="Hide"
+            aria-label="Hide"
+        />
+        <button
+            t-if="copyButton"
+            t-on-click="_onCopyValue"
+            class="btn btn-secondary btn-sm fa fa-clipboard o_vault_clipboard"
+            title="Copy to clipboard"
+            aria-label="Copy to clipboard"
+        />
+        <t t-call="vault.Field.buttons.send" />
+    </t>
+
+    <t t-name="vault.FieldVault" owl="1">
+        <div class="o_vault o_vault_error" t-if="!supported()">
+            <span>*******</span>
+        </div>
+        <div class="o_vault" t-elif="props.readonly">
+            <span class="o_vault_buttons">
+                <t t-call="vault.Field.buttons" />
+            </span>
+            <span t-esc="formattedValue" t-ref="span" />
+        </div>
+        <div class="o_vault" t-else="">
+            <span class="o_vault_buttons">
+                <button
+                    t-if="generateButton"
+                    t-on-click="_onGenerateValue"
+                    class="btn btn-secondary btn-sm fa fa-lock o_vault_generate"
+                    title="Generate"
+                    aria-label="Generate"
+                />
+            </span>
+            <input class="o_input" type="text" t-esc="formattedValue" t-ref="input" />
+        </div>
+    </t>
+
+    <t
+        t-name="vault.FileVault"
+        t-inherit="web.BinaryField"
+        t-inherit-mode="primary"
+        owl="1"
+    >
+        <xpath expr="//button[hasclass('o_clear_file_button')]" position="after">
+            <t t-call="vault.Field.buttons.send" />
+        </xpath>
+    </t>
+
+    <t t-name="vault.FieldVaultInbox" owl="1">
+        <div class="o_vault o_vault_error" t-if="!supported()">
+            <span>*******</span>
+        </div>
+        <div class="o_vault" t-elif="props.value">
+            <span class="o_vault_buttons">
+                <t t-call="vault.Field.buttons" />
+                <button
+                    t-if="saveButton"
+                    t-on-click="_onSaveValue"
+                    class="btn btn-secondary btn-sm fa fa-save"
+                    title="Save in a vault"
+                    aria-label="Save in a vault"
+                />
+            </span>
+
+            <span class="o_vault_inbox" t-esc="formattedValue" t-ref="span" />
+        </div>
+    </t>
+
+    <t t-name="vault.FileVaultInbox" owl="1">
+        <div class="o_vault o_vault_error" t-if="!supported()">
+            <span>*******</span>
+        </div>
+        <div class="o_vault" t-elif="props.value">
+            <span class="o_vault_buttons">
+                <button
+                    t-if="saveButton"
+                    t-on-click="_onSaveValue"
+                    class="btn btn-secondary btn-sm fa fa-save"
+                    title="Save in a vault"
+                    aria-label="Save in a vault"
+                />
+            </span>
+
+            <a class="o_form_uri" href="#" t-on-click.prevent="onFileDownload">
+                <span class="fa fa-download me-2" />
+                <t t-if="state.fileName" t-esc="state.fileName" />
+            </a>
+        </div>
+    </t>
+
+    <t t-name="vault.FileVaultExport" owl="1">
+        <a class="o_form_uri" href="#" t-on-click.prevent="onFileDownload">
+            <span class="fa fa-download me-2" />
+            <t t-if="state.fileName" t-esc="state.fileName" />
+        </a>
+    </t>
+</templates>
diff --git a/vault/static/src/backend/fields/vault_export_file.esm.js b/vault/static/src/backend/fields/vault_export_file.esm.js
new file mode 100644
index 0000000000..779a31d612
--- /dev/null
+++ b/vault/static/src/backend/fields/vault_export_file.esm.js
@@ -0,0 +1,45 @@
+/** @odoo-module alias=vault.export.file **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import {BinaryField} from "@web/views/fields/binary/binary_field";
+import Exporter from "vault.export";
+import VaultMixin from "vault.mixin";
+import {_lt} from "@web/core/l10n/translation";
+import {downloadFile} from "@web/core/network/download";
+import {registry} from "@web/core/registry";
+import utils from "vault.utils";
+
+export default class VaultExportFile extends VaultMixin(BinaryField) {
+    /**
+     * Call the exporter and download the finalized file
+     */
+    async onFileDownload() {
+        if (!this.props.value) {
+            this.do_warn(
+                _lt("Save As..."),
+                _lt("The field is empty, there's nothing to save!")
+            );
+        } else if (utils.supported()) {
+            const exporter = new Exporter();
+            const content = JSON.stringify(
+                await exporter.export(
+                    await this._getMasterKey(),
+                    this.state.fileName,
+                    this.props.value
+                )
+            );
+
+            const buffer = new ArrayBuffer(content.length);
+            const arr = new Uint8Array(buffer);
+            for (let i = 0; i < content.length; i++) arr[i] = content.charCodeAt(i);
+
+            const blob = new Blob([arr]);
+            await downloadFile(blob, this.state.fileName || "");
+        }
+    }
+}
+
+VaultExportFile.template = "vault.FileVaultExport";
+
+registry.category("fields").add("vault_export_file", VaultExportFile);
diff --git a/vault/static/src/backend/fields/vault_field.esm.js b/vault/static/src/backend/fields/vault_field.esm.js
new file mode 100644
index 0000000000..a12deb9db8
--- /dev/null
+++ b/vault/static/src/backend/fields/vault_field.esm.js
@@ -0,0 +1,200 @@
+/** @odoo-module alias=vault.field **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import {Component, useEffect, useRef, useState} from "@odoo/owl";
+import {useBus, useService} from "@web/core/utils/hooks";
+import VaultMixin from "vault.mixin";
+import {_lt} from "@web/core/l10n/translation";
+import {getActiveHotkey} from "@web/core/hotkeys/hotkey_service";
+import {registry} from "@web/core/registry";
+import utils from "vault.utils";
+
+export default class VaultField extends VaultMixin(Component) {
+    setup() {
+        super.setup();
+
+        this.action = useService("action");
+        this.input = useRef("input");
+        this.span = useRef("span");
+        this.state = useState({
+            decrypted: false,
+            decryptedValue: "",
+            isDirty: false,
+            lastSetValue: null,
+        });
+
+        const self = this;
+        useEffect(
+            (inputEl) => {
+                if (inputEl) {
+                    const onInput = self.onInput.bind(self);
+                    const onKeydown = self.onKeydown.bind(self);
+
+                    inputEl.addEventListener("input", onInput);
+                    inputEl.addEventListener("keydown", onKeydown);
+                    return () => {
+                        inputEl.removeEventListener("input", onInput);
+                        inputEl.removeEventListener("keydown", onKeydown);
+                    };
+                }
+            },
+            () => [self.input.el]
+        );
+
+        useEffect(() => {
+            const isInvalid = self.props.record
+                ? self.props.record.isInvalid(self.props.name)
+                : false;
+
+            if (self.input.el && !self.state.isDirty && !isInvalid) {
+                Promise.resolve(self.getValue()).then((val) => {
+                    if (!self.input.el) return;
+
+                    if (val) self.input.el.value = val;
+                    else if (val !== "")
+                        self.props.record.setInvalidField(self.props.name);
+                });
+                self.state.lastSetValue = self.input.el.value;
+            }
+        });
+
+        useBus(self.env.bus, "RELATIONAL_MODEL:WILL_SAVE_URGENTLY", () =>
+            self.commitChanges(true)
+        );
+        useBus(self.env.bus, "RELATIONAL_MODEL:NEED_LOCAL_CHANGES", (ev) =>
+            ev.detail.proms.push(self.commitChanges())
+        );
+    }
+
+    /**
+     * Open a dialog to generate a new secret
+     *
+     * @param {Object} ev
+     */
+    async _onGenerateValue(ev) {
+        ev.stopPropagation();
+
+        const password = await utils.generate_pass();
+        await this.storeValue(password);
+    }
+
+    /**
+     * Toggle between visible and invisible secret
+     *
+     * @param {Object} ev
+     */
+    async _onShowValue(ev) {
+        ev.stopPropagation();
+
+        this.state.decrypted = !this.state.decrypted;
+        if (this.state.decrypted) {
+            this.state.decryptedValue = await this._decrypt(this.props.value);
+        } else {
+            this.state.decryptedValue = "";
+        }
+
+        await this.showValue();
+    }
+
+    /**
+     * Copy the decrypted secret to the clipboard
+     *
+     * @param {Object} ev
+     */
+    async _onCopyValue(ev) {
+        ev.stopPropagation();
+
+        const value = await this._decrypt(this.props.value);
+        await navigator.clipboard.writeText(value);
+    }
+
+    /**
+     * Send the secret to an inbox of an user
+     *
+     * @param {Object} ev
+     */
+    async _onSendValue(ev) {
+        ev.stopPropagation();
+
+        await this.sendValue(this.props.value, "");
+    }
+
+    /**
+     * Get the decrypted value or a placeholder
+     *
+     * @returns the decrypted value or a placeholder
+     */
+    get formattedValue() {
+        if (!this.props.value) return "";
+        if (this.state.decrypted) return this.state.decryptedValue || "*******";
+        return "*******";
+    }
+
+    /**
+     * Decrypt the value of the field
+     *
+     * @returns decrypted value
+     */
+    async getValue() {
+        return await this._decrypt(this.props.value);
+    }
+
+    /**
+     * Update the value shown
+     */
+    async showValue() {
+        this.span.el.innerHTML = this.formattedValue;
+    }
+
+    /**
+     * Handle input event and set the state to dirty
+     *
+     * @param {Object} ev
+     */
+    onInput(ev) {
+        ev.stopPropagation();
+
+        this.state.isDirty = ev.target.value !== this.lastSetValue;
+        if (this.props.setDirty) this.props.setDirty(this.state.isDirty);
+    }
+
+    /**
+     * Commit the changes of the input field to the record
+     *
+     * @param {Boolean} urgent
+     */
+    async commitChanges(urgent) {
+        if (!this.input.el) return;
+
+        this.state.isDirty = this.input.el.value !== this.lastSetValue;
+        if (this.state.isDirty || urgent) {
+            this.state.isDirty = false;
+
+            const val = this.input.el.value || false;
+            if (val !== (this.state.lastSetValue || false)) {
+                this.state.lastSetValue = this.input.el.value;
+                await this.storeValue(val);
+                this.props.setDirty(this.state.isDirty);
+            }
+        }
+    }
+
+    /**
+     * Handle keyboard events and trigger changes
+     *
+     * @param {Object} ev
+     */
+    onKeydown(ev) {
+        ev.stopPropagation();
+
+        const hotkey = getActiveHotkey(ev);
+        if (["enter", "tab", "shift+tab"].includes(hotkey)) this.commitChanges(false);
+    }
+}
+
+VaultField.displayName = _lt("Vault Field");
+VaultField.supportedTypes = ["char"];
+VaultField.template = "vault.FieldVault";
+
+registry.category("fields").add("vault_field", VaultField);
diff --git a/vault/static/src/backend/fields/vault_file.esm.js b/vault/static/src/backend/fields/vault_file.esm.js
new file mode 100644
index 0000000000..e2aba7eff0
--- /dev/null
+++ b/vault/static/src/backend/fields/vault_file.esm.js
@@ -0,0 +1,61 @@
+/** @odoo-module alias=vault.file **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import {BinaryField} from "@web/views/fields/binary/binary_field";
+import VaultMixin from "vault.mixin";
+import {_lt} from "@web/core/l10n/translation";
+import {downloadFile} from "@web/core/network/download";
+import {registry} from "@web/core/registry";
+import {useService} from "@web/core/utils/hooks";
+import utils from "vault.utils";
+
+export default class VaultFile extends VaultMixin(BinaryField) {
+    setup() {
+        super.setup();
+
+        this.action = useService("action");
+    }
+
+    async update({data, name}) {
+        const encrypted = await this._encrypt(data);
+        return await super.update({data: encrypted, name: name});
+    }
+
+    /**
+     * Send the secret to an inbox of an user
+     *
+     * @param {Object} ev
+     */
+    async _onSendValue(ev) {
+        ev.stopPropagation();
+
+        await this.sendValue("", this.props.value, this.state.fileName);
+    }
+
+    /**
+     * Decrypt the file and download it
+     */
+    async onFileDownload() {
+        if (!this.props.value) {
+            this.do_warn(
+                _lt("Save As..."),
+                _lt("The field is empty, there's nothing to save!")
+            );
+        } else if (utils.supported()) {
+            const decrypted = await this._decrypt(this.props.value);
+            const base64 = atob(decrypted);
+            const buffer = new ArrayBuffer(base64.length);
+            const arr = new Uint8Array(buffer);
+            for (let i = 0; i < base64.length; i++) arr[i] = base64.charCodeAt(i);
+
+            const blob = new Blob([arr]);
+            await downloadFile(blob, this.state.fileName || "");
+        }
+    }
+}
+
+VaultFile.displayName = _lt("Vault File");
+VaultFile.template = "vault.FileVault";
+
+registry.category("fields").add("vault_file", VaultFile);
diff --git a/vault/static/src/backend/fields/vault_inbox_field.esm.js b/vault/static/src/backend/fields/vault_inbox_field.esm.js
new file mode 100644
index 0000000000..fd9ae7bbfa
--- /dev/null
+++ b/vault/static/src/backend/fields/vault_inbox_field.esm.js
@@ -0,0 +1,49 @@
+/** @odoo-module alias=vault.inbox.field **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import VaultField from "vault.field";
+import VaultInboxMixin from "vault.inbox.mixin";
+import {_lt} from "@web/core/l10n/translation";
+import {registry} from "@web/core/registry";
+import utils from "vault.utils";
+import vault from "vault";
+
+export default class VaultInboxField extends VaultInboxMixin(VaultField) {
+    /**
+     * Save the content in an entry of a vault
+     *
+     * @private
+     */
+    async _onSaveValue() {
+        await this.saveValue("vault.field", this.props.value);
+    }
+
+    /**
+     * Decrypt the data with the private key of the vault
+     *
+     * @private
+     * @param {String} data
+     * @returns the decrypted data
+     */
+    async _decrypt(data) {
+        if (!utils.supported()) return null;
+
+        const iv = this.props.record.data[this.props.fieldIV];
+        const wrapped_key = this.props.record.data[this.props.fieldKey];
+
+        if (!iv || !wrapped_key) return false;
+
+        const key = await vault.unwrap(wrapped_key);
+        return await utils.sym_decrypt(key, data, iv);
+    }
+}
+
+VaultInboxField.defaultProps = {
+    ...VaultField.defaultProps,
+    fieldKey: "key",
+};
+VaultInboxField.displayName = _lt("Vault Inbox Field");
+VaultInboxField.template = "vault.FieldVaultInbox";
+
+registry.category("fields").add("vault_inbox_field", VaultInboxField);
diff --git a/vault/static/src/backend/fields/vault_inbox_file.esm.js b/vault/static/src/backend/fields/vault_inbox_file.esm.js
new file mode 100644
index 0000000000..224af9e122
--- /dev/null
+++ b/vault/static/src/backend/fields/vault_inbox_file.esm.js
@@ -0,0 +1,49 @@
+/** @odoo-module alias=vault.inbox.file **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import VaultFile from "vault.file";
+import VaultInboxMixin from "vault.inbox.mixin";
+import {_lt} from "@web/core/l10n/translation";
+import {registry} from "@web/core/registry";
+import utils from "vault.utils";
+import vault from "vault";
+
+export default class VaultInboxFile extends VaultInboxMixin(VaultFile) {
+    /**
+     * Save the content in an entry of a vault
+     *
+     * @private
+     */
+    async _onSaveValue() {
+        await this.saveValue("vault.file", this.props.value, this.state.fileName);
+    }
+
+    /**
+     * Decrypt the data with the private key of the vault
+     *
+     * @private
+     * @param {String} data
+     * @returns the decrypted data
+     */
+    async _decrypt(data) {
+        if (!utils.supported()) return null;
+
+        const iv = this.props.record.data[this.props.fieldIV];
+        const wrapped_key = this.props.record.data[this.props.fieldKey];
+
+        if (!iv || !wrapped_key) return false;
+
+        const key = await vault.unwrap(wrapped_key);
+        return await utils.sym_decrypt(key, data, iv);
+    }
+}
+
+VaultInboxFile.defaultProps = {
+    ...VaultFile.defaultProps,
+    fieldKey: "key",
+};
+VaultInboxFile.displayName = _lt("Vault Inbox File");
+VaultInboxFile.template = "vault.FileVaultInbox";
+
+registry.category("fields").add("vault_inbox_file", VaultInboxFile);
diff --git a/vault/static/src/backend/fields/vault_inbox_mixin.esm.js b/vault/static/src/backend/fields/vault_inbox_mixin.esm.js
new file mode 100644
index 0000000000..9bc3f2e2aa
--- /dev/null
+++ b/vault/static/src/backend/fields/vault_inbox_mixin.esm.js
@@ -0,0 +1,64 @@
+/** @odoo-module alias=vault.inbox.mixin **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import {_lt} from "@web/core/l10n/translation";
+import {useService} from "@web/core/utils/hooks";
+import utils from "vault.utils";
+import vault from "vault";
+
+export default (x) => {
+    class Extended extends x {
+        setup() {
+            super.setup();
+
+            if (!this.action) this.action = useService("action");
+        }
+
+        /**
+         * Save the content in an entry of a vault
+         *
+         * @private
+         * @param {String} model
+         * @param {String} value
+         * @param {String} name
+         */
+        async saveValue(model, value, name = "") {
+            const key = await utils.generate_key();
+            const iv = utils.generate_iv_base64();
+            const decrypted = await this._decrypt(value);
+
+            this.action.doAction({
+                type: "ir.actions.act_window",
+                title: _lt("Store the secret in a vault"),
+                target: "new",
+                res_model: "vault.store.wizard",
+                views: [[false, "form"]],
+                context: {
+                    default_model: model,
+                    default_secret_temporary: await utils.sym_encrypt(
+                        key,
+                        decrypted,
+                        iv
+                    ),
+                    default_name: name,
+                    default_iv: iv,
+                    default_key: await vault.wrap(key),
+                },
+            });
+        }
+    }
+
+    Extended.props = {
+        ...x.props,
+        storeModel: {type: String, optional: true},
+    };
+
+    Extended.extractProps = ({attrs}) => {
+        return {
+            storeModel: attrs.store,
+        };
+    };
+
+    return Extended;
+};
diff --git a/vault/static/src/backend/fields/vault_mixin.esm.js b/vault/static/src/backend/fields/vault_mixin.esm.js
new file mode 100644
index 0000000000..96b447639b
--- /dev/null
+++ b/vault/static/src/backend/fields/vault_mixin.esm.js
@@ -0,0 +1,197 @@
+/** @odoo-module alias=vault.mixin **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import {_lt} from "@web/core/l10n/translation";
+import {standardFieldProps} from "@web/views/fields/standard_field_props";
+import utils from "vault.utils";
+import vault from "vault";
+
+export default (x) => {
+    class Extended extends x {
+        supported() {
+            return utils.supported();
+        }
+
+        // Control the visibility of the buttons
+        get showButton() {
+            return this.props.value;
+        }
+        get copyButton() {
+            return this.props.value;
+        }
+        get sendButton() {
+            return this.props.value;
+        }
+        get saveButton() {
+            return this.props.value;
+        }
+        get generateButton() {
+            return true;
+        }
+        get isNew() {
+            return Boolean(this.model.record.isNew);
+        }
+
+        /**
+         * Set the value by encrypting it
+         *
+         * @param {String} value
+         * @param {Object} options
+         */
+        async storeValue(value, options) {
+            if (!utils.supported()) return;
+
+            const encrypted = await this._encrypt(value);
+            await this.props.update(encrypted, options);
+        }
+
+        /**
+         * Send the value to an inbox
+         *
+         * @param {String} value_field
+         * @param {String} value_file
+         * @param {String} filename
+         */
+        async sendValue(value_field = "", value_file = "", filename = "") {
+            if (!utils.supported()) return;
+
+            if (!value_field && !value_file) return;
+
+            let enc_field = false,
+                enc_file = false;
+
+            // Prepare the key and iv for the reencryption
+            const key = await utils.generate_key();
+            const iv = utils.generate_iv_base64();
+
+            // Reencrypt the field
+            if (value_field) {
+                const decrypted = await this._decrypt(value_field);
+                enc_field = await utils.sym_encrypt(key, decrypted, iv);
+            }
+
+            // Reencrypt the file
+            if (value_file) {
+                const decrypted = await this._decrypt(value_file);
+                enc_file = await utils.sym_encrypt(key, decrypted, iv);
+            }
+
+            // Call the wizard to handle the user selection and storage
+            this.action.doAction({
+                type: "ir.actions.act_window",
+                title: _lt("Send the secret to another user"),
+                target: "new",
+                res_model: "vault.send.wizard",
+                views: [[false, "form"]],
+                context: {
+                    default_secret: enc_field,
+                    default_secret_file: enc_file,
+                    default_filename: filename || false,
+                    default_iv: iv,
+                    default_key: await vault.wrap(key),
+                },
+            });
+        }
+
+        /**
+         * Set the value of a different field
+         *
+         * @param {String} field
+         * @param {String} value
+         */
+        async _setFieldValue(field, value) {
+            this.props.record.update({[field]: value});
+        }
+
+        /**
+         * Extract the IV or generate a new one if needed
+         *
+         * @returns the IV to use
+         */
+        async _getIV() {
+            if (!utils.supported()) return null;
+
+            // Read the IV from the field
+            let iv = this.props.record.data[this.props.fieldIV];
+            if (iv) return iv;
+
+            // Generate a new IV
+            iv = utils.generate_iv_base64();
+            await this._setFieldValue(this.props.fieldIV, iv);
+            return iv;
+        }
+
+        /**
+         * Extract the master key of the vault or generate a new one
+         *
+         * @returns the master key to use
+         */
+        async _getMasterKey() {
+            if (!utils.supported()) return null;
+
+            // Check if the master key is already extracted
+            if (this.key) return await vault.unwrap(this.key);
+
+            // Get the wrapped master key from the field
+            this.key = this.props.record.data[this.props.fieldKey];
+            if (this.key) return await vault.unwrap(this.key);
+
+            // Generate a new master key and write it to the field
+            const key = await utils.generate_key();
+            this.key = await vault.wrap(key);
+            await this._setFieldValue(this.props.fieldKey, this.key);
+            return key;
+        }
+
+        /**
+         * Decrypt data with the master key stored in the vault
+         *
+         * @param {String} data
+         * @returns the decrypted data
+         */
+        async _decrypt(data) {
+            if (!utils.supported()) return null;
+
+            const iv = await this._getIV();
+            const key = await this._getMasterKey();
+            return await utils.sym_decrypt(key, data, iv);
+        }
+
+        /**
+         * Encrypt data with the master key stored in the vault
+         *
+         * @param {String} data
+         * @returns the encrypted data
+         */
+        async _encrypt(data) {
+            if (!utils.supported()) return null;
+
+            const iv = await this._getIV();
+            const key = await this._getMasterKey();
+            return await utils.sym_encrypt(key, data, iv);
+        }
+    }
+
+    Extended.defaultProps = {
+        ...x.defaultProps,
+        fieldIV: "iv",
+        fieldKey: "master_key",
+    };
+    Extended.props = {
+        ...standardFieldProps,
+        ...x.props,
+        fieldKey: {type: String, optional: true},
+        fieldIV: {type: String, optional: true},
+    };
+    Extended.extractProps = ({attrs, field}) => {
+        const extract_props = x.extractProps || (() => ({}));
+        return {
+            ...extract_props({attrs, field}),
+            fieldKey: attrs.key,
+            fieldIV: attrs.iv,
+        };
+    };
+
+    return Extended;
+};
diff --git a/vault/static/src/backend/import.esm.js b/vault/static/src/backend/import.esm.js
new file mode 100644
index 0000000000..3fccc76846
--- /dev/null
+++ b/vault/static/src/backend/import.esm.js
@@ -0,0 +1,244 @@
+/** @odoo-module alias=vault.import **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+/* global kdbxweb */
+
+import {_t} from "web.core";
+import framework from "web.framework";
+import utils from "vault.utils";
+
+async function encrypted_field(master_key, name, value) {
+    if (!value) return null;
+
+    const iv = utils.generate_iv_base64();
+    return {
+        name: name,
+        iv: iv,
+        value: await utils.sym_encrypt(master_key, value, iv),
+    };
+}
+
+// This class handles the import from different formats by returning
+// an importable JSON formatted data which will be handled by the python
+// backend.
+//
+// JSON format description:
+//
+// Entries are represented as objects with the following attributes
+//  `name`, `uuid`, `url`, `note`
+//     Specific fields of the entry. `uuid` is used for updating existing records
+//  `childs`
+//     Child entries
+//  `fields`, `files`
+//     List of encypted fields/files with `name`, `iv`, and `value`
+//
+export default class VaultImporter {
+    /**
+     * Encrypt a field of the above format properly for the backend to store.
+     * The changes are done inplace.
+     *
+     * @private
+     * @param {CryptoKey} master_key
+     * @param {Object} node
+     */
+    async _import_json_entry(master_key, node) {
+        for (const field of node.fields || []) {
+            field.iv = utils.generate_iv_base64();
+            field.value = await utils.sym_encrypt(master_key, field.value, field.iv);
+        }
+
+        for (const file of node.files || []) {
+            file.iv = utils.generate_iv_base64();
+            file.value = await utils.sym_encrypt(master_key, file.value, file.iv);
+        }
+
+        for (const entry of node.childs || [])
+            await this._import_json_entry(master_key, entry);
+    }
+
+    /**
+     * Encrypt the data from the JSON import. This will add `iv` to fields and files
+     * and encrypt the `value`
+     *
+     * @private
+     * @param {CryptoKey} master_key
+     * @param {String} data
+     * @returns the encrypted entry for the database
+     */
+    async _import_json_data(master_key, data) {
+        for (const node of data) await this._import_json_entry(master_key, node);
+        return data;
+    }
+
+    /**
+     * Load from an encrypted JSON file. Encrypt the data with similar format as
+     * described above. This will add `iv` to fields and files and encrypt the `value`
+     *
+     * @private
+     * @param {CryptoKey} master_key
+     * @param {Object} content
+     * @returns the encrypted entry for the database
+     */
+    async _import_encrypted_json(master_key, content) {
+        const askpass = await utils.askpass(
+            _t("Please enter the password for the database")
+        );
+        let password = askpass.password || "";
+        if (askpass.keyfile)
+            password += await utils.digest(utils.toBinary(askpass.keyfile));
+
+        const key = await utils.derive_key(
+            password,
+            utils.fromBase64(content.salt),
+            content.iterations
+        );
+        const result = await utils.sym_decrypt(key, content.data, content.iv);
+        return await this._import_json_data(master_key, JSON.parse(result));
+    }
+
+    /**
+     * Import using JSON format. The database is stored in the `data` field of the JSON
+     * type and is either a JSON object or an encrypted JSON object. For the encryption
+     * the needed encryption parameter `iv`, `salt` and `iterations` are stored in the
+     * file. This will add `iv` to fields and files and encrypt the `value`
+     *
+     * @private
+     * @param {CryptoKey} master_key
+     * @param {String} data
+     * @returns the encrypted entry for the database
+     */
+    async _import_json(master_key, data) {
+        // Unwrap the master key and encrypt the entries
+        const result = JSON.parse(data);
+        switch (result.type) {
+            case "encrypted":
+                return await this._import_encrypted_json(master_key, result);
+            case "raw":
+                return await this._import_json_data(master_key, result.data);
+        }
+
+        throw Error(_t("Unsupported file to import"));
+    }
+
+    /**
+     * Encrypt an entry from the kdbx file properly for the backend to store
+     *
+     * @private
+     * @param {CryptoKey} master_key
+     * @param {Object} entry
+     * @returns the encrypted entry for the database
+     */
+    async _import_kdbx_entry(master_key, entry) {
+        let pass = entry.fields.Password;
+        if (pass) pass = pass.getText();
+
+        const res = {
+            uuid: entry.uuid && entry.uuid.id,
+            note: entry.fields.Notes,
+            name: entry.fields.Title,
+            url: entry.fields.URL,
+            fields: [
+                await encrypted_field(master_key, "Username", entry.fields.UserName),
+                await encrypted_field(master_key, "Password", pass),
+            ],
+            files: [],
+        };
+
+        for (const name in entry.binaries)
+            res.files.push(
+                await encrypted_field(
+                    master_key,
+                    name,
+                    utils.toBase64(entry.binaries[name].value)
+                )
+            );
+
+        return res;
+    }
+
+    /**
+     * Handle a kdbx group entry by creating an sub-entry and calling the right functions
+     * on the childs
+     *
+     * @private
+     * @param {CryptoKey} master_key
+     * @param {Object} group
+     * @returns the encrypted entry for the database
+     */
+    async _import_kdbx_group(master_key, group) {
+        const res = {
+            uuid: group.uuid && group.uuid.id,
+            name: group.name,
+            note: group.notes,
+            childs: [],
+        };
+
+        for (const sub_group of group.groups || [])
+            res.childs.push(await this._import_kdbx_group(master_key, sub_group));
+
+        for (const entry of group.entries || [])
+            res.childs.push(await this._import_kdbx_entry(master_key, entry));
+
+        return res;
+    }
+
+    /**
+     * Load a kdbx file, encrypt the data, and return in the described JSON format
+     *
+     * @private
+     * @param {CryptoKey} master_key
+     * @param {String} data
+     * @returns the encrypted data for the backend
+     */
+    async _import_kdbx(master_key, data) {
+        // Get the credentials of the keepass database
+        const askpass = await utils.askpass(
+            _t("Please enter the password for the keepass database")
+        );
+
+        // TODO: challenge-response
+        const credentials = new kdbxweb.Credentials(
+            (askpass.password && kdbxweb.ProtectedValue.fromString(askpass.password)) ||
+                null,
+            askpass.keyfile || null
+        );
+
+        // Convert the data to an ArrayBuffer
+        const buffer = utils.fromBinary(data);
+
+        // Decrypt the database
+        const db = await kdbxweb.Kdbx.load(buffer, credentials);
+
+        try {
+            // Unwrap the master key, format, and encrypt the database
+            framework.blockUI();
+            const result = [];
+            for (const group of db.groups)
+                result.push(await this._import_kdbx_group(master_key, group));
+            return result;
+        } finally {
+            framework.unblockUI();
+        }
+    }
+
+    /**
+     * The main import functions which checks the file ending and calls the right function
+     * to handle the rest of the import
+     *
+     * @private
+     * @param {CryptoKey} master_key
+     * @param {String} filename
+     * @param {String} content
+     * @returns the data importable by the backend or false on error
+     */
+    async import(master_key, filename, content) {
+        if (!utils.supported()) return false;
+
+        if (filename.endsWith(".json"))
+            return await this._import_json(master_key, content);
+        else if (filename.endsWith(".kdbx"))
+            return await this._import_kdbx(master_key, content);
+        return false;
+    }
+}
diff --git a/vault/static/src/backend/list_renderer.esm.js b/vault/static/src/backend/list_renderer.esm.js
new file mode 100644
index 0000000000..8de81e33ce
--- /dev/null
+++ b/vault/static/src/backend/list_renderer.esm.js
@@ -0,0 +1,12 @@
+/** @odoo-module **/
+
+import {ListRenderer} from "@web/views/list/list_renderer";
+import {patch} from "@web/core/utils/patch";
+
+patch(ListRenderer.prototype, "vault", {
+    getCellTitle(column) {
+        const _super = this._super.bind(this);
+        const attrs = column.rawAttrs || {};
+        if (attrs.widget !== "vault_field") return _super(...arguments);
+    },
+});
diff --git a/vault/static/src/backend/templates.xml b/vault/static/src/backend/templates.xml
new file mode 100644
index 0000000000..e4512a105d
--- /dev/null
+++ b/vault/static/src/backend/templates.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<templates id="template" xml:space="preserve">
+    <div t-name="vault.askpass" class="o_form_view">
+        <label for="password" class="col-lg-auto col-form-label">
+            Please enter your password or upload a keyfile:
+        </label>
+
+        <table class="col o_group">
+            <tr>
+                <td class="o_td_label text-nowrap">
+                    <label class="o_form_label">Enter your password:</label>
+                </td>
+                <td class="col-12">
+                    <input
+                        type="password"
+                        name="password"
+                        id="password"
+                        required="required"
+                    />
+                </td>
+            </tr>
+            <tr t-if="confirm">
+                <td class="o_td_label text-nowrap">
+                    <label class="o_form_label">Confirm your password:</label>
+                </td>
+                <td class="col-12">
+                    <input
+                        type="password"
+                        name="confirm"
+                        id="confirm"
+                        required="required"
+                    />
+                </td>
+            </tr>
+            <tr>
+                <td class="o_td_label text-nowrap">
+                    <label class="o_form_label">Keyfile:</label>
+                </td>
+                <td class="col-12">
+                    <input
+                        type="file"
+                        name="keyfile"
+                        id="keyfile"
+                        required="required"
+                    />
+                </td>
+            </tr>
+        </table>
+    </div>
+
+    <div t-name="vault.generate_pass" class="o_form_view">
+        <label for="password" class="col-lg-auto col-form-label">
+            Generate a new secret:
+        </label>
+
+        <table class="col o_group">
+            <tr>
+                <td class="o_td_label">
+                    <label class="o_form_label">Password:</label>
+                </td>
+                <td class="col-12">
+                    <span id="password" class="col-12 text-monospace" />
+                </td>
+            </tr>
+            <tr>
+                <td class="o_td_label">
+                    <label class="o_form_label">Length:</label>
+                </td>
+                <td class="col-12">
+                    <input
+                        type="range"
+                        id="length"
+                        min="8"
+                        max="64"
+                        value="15"
+                        class="col-12 custom-range align-middle"
+                    />
+                </td>
+            </tr>
+            <tr>
+                <td class="o_td_label">
+                    <label class="o_form_label">Characters:</label>
+                </td>
+                <td class="col-12">
+                    <input type="checkbox" id="big_letter" checked="checked" />
+                    <label class="o_form_label">A-Z</label>
+
+                    <input type="checkbox" id="small_letter" checked="checked" />
+                    <label class="o_form_label">a-z</label>
+
+                    <input type="checkbox" id="digits" checked="checked" />
+                    <label class="o_form_label">0-9</label>
+
+                    <input type="checkbox" id="special" />
+                    <label class="o_form_label">Special</label>
+                </td>
+            </tr>
+        </table>
+    </div>
+</templates>
diff --git a/vault/static/src/backend/user_menu.esm.js b/vault/static/src/backend/user_menu.esm.js
new file mode 100644
index 0000000000..8b3297956c
--- /dev/null
+++ b/vault/static/src/backend/user_menu.esm.js
@@ -0,0 +1,24 @@
+/** @odoo-module **/
+// © 2021-2022 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import {registry} from "@web/core/registry";
+
+export function vaultPreferencesItem(env) {
+    return {
+        type: "item",
+        id: "key_management",
+        description: env._t("Key Management"),
+        callback: async function () {
+            const actionDescription = await env.services.orm.call(
+                "res.users",
+                "action_get_vault"
+            );
+            actionDescription.res_id = env.services.user.userId;
+            env.services.action.doAction(actionDescription);
+        },
+        sequence: 55,
+    };
+}
+
+registry.category("user_menuitems").add("key", vaultPreferencesItem, {force: true});
diff --git a/vault/static/src/backend/vault.esm.js b/vault/static/src/backend/vault.esm.js
new file mode 100644
index 0000000000..b69d266609
--- /dev/null
+++ b/vault/static/src/backend/vault.esm.js
@@ -0,0 +1,426 @@
+/** @odoo-module alias=vault **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import {_t} from "web.core";
+import ajax from "web.ajax";
+import {session} from "@web/session";
+import utils from "vault.utils";
+
+// Database name on the browser
+const Database = "vault";
+
+const indexedDB =
+    window.indexedDB ||
+    window.mozIndexedDB ||
+    window.webkitIndexedDB ||
+    window.msIndexedDB ||
+    window.shimIndexedDB;
+
+// Expiration time of the vault store entries
+const Expiration = 15 * 60 * 1000;
+
+/**
+ * Ask the user to enter a password using a dialog and put the password together
+ *
+ * @param {Boolean} confirm
+ * @returns password
+ */
+async function askpassword(confirm = false) {
+    const askpass = await utils.askpass(
+        _t("Please enter the password for your private key"),
+        {confirm: confirm}
+    );
+
+    let password = askpass.password || "";
+    if (askpass.keyfile)
+        password += await utils.digest(utils.toBinary(askpass.keyfile));
+
+    return password;
+}
+
+// Vault implementation
+class Vault {
+    /**
+     * Check if the user actually has keys otherwise generate them on init
+     *
+     * @override
+     */
+    constructor() {
+        const self = this;
+
+        function waitAndCheck() {
+            if (!utils.supported()) return null;
+
+            if (odoo.isReady) self._initialize_keys();
+            else setTimeout(waitAndCheck, 500);
+        }
+
+        setTimeout(waitAndCheck, 500);
+    }
+
+    /**
+     * RPC call to the backend
+     *
+     * @param {String} url
+     * @param {Object} params
+     * @param {Object} options
+     * @returns promise
+     */
+    rpc(url, params, options) {
+        return ajax.jsonRpc(url, "call", params, _.clone(options || {}));
+    }
+
+    /**
+     * Generate a new key pair and export to database and object store
+     */
+    async generate_keys() {
+        this.keys = await utils.generate_key_pair();
+        this.time = new Date();
+
+        if (!(await this._export_to_database()))
+            throw Error(_t("Failed to export the keys to the database"));
+
+        await this._export_to_store();
+    }
+
+    /**
+     * Check if export to database is required due to key migration
+     *
+     * @private
+     * @param {String} password
+     */
+    async _check_key_migration(password = null) {
+        if (!this.version) await this._export_to_database(password);
+        if (this.iterations < utils.Derive.iterations)
+            await this._export_to_database(password);
+    }
+
+    /**
+     * Lazy initialization of the keys which is not fully loading the keys
+     * into the javascript but ensures that keys exist in the database to
+     * to be loaded
+     *
+     * @private
+     */
+    async _initialize_keys() {
+        // Get the uuid of the currently active keys from the database
+        this.uuid = await this._check_database();
+        if (this.uuid) {
+            // If the object store has the keys it's done
+            if (await this._import_from_store()) return;
+
+            // Otherwise an import from the database and export to the object store
+            // is needed
+            if (await this._import_from_database()) {
+                await this._export_to_store();
+                return true;
+            }
+
+            // This should be silent because it would influence the entire workflow
+            console.error("Failed to import the keys from the database");
+            return false;
+        }
+
+        // There are no keys in the database which means we have to generate them
+        return await this.generate_keys();
+    }
+
+    /**
+     * Ensure that the keys are available
+     *
+     * @private
+     */
+    async _ensure_keys() {
+        // If the object store has the keys it's done
+        if (this.uuid && !this.time) await this._import_from_store();
+
+        // Check if the keys expired
+        const now = new Date();
+        if (this.time && now - this.time <= Expiration) return;
+
+        // Keys expired means that we have to get them again
+        this.keys = this.time = null;
+
+        // Clear the object store first
+        const store = await this._get_object_store();
+        store.clear();
+
+        // Import the keys from the database
+        if (!(await this._import_from_database()))
+            throw Error(_t("Failed to import keys from database"));
+
+        // Store the imported keys in the object store for the next calls
+        if (!(await this._export_to_store()))
+            throw Error(_t("Failed to export keys to object store"));
+
+        return;
+    }
+
+    /**
+     * Get the private key and check if the keys expired
+     *
+     * @returns the private key of the user
+     */
+    async get_private_key() {
+        await this._ensure_keys();
+        return this.keys.privateKey;
+    }
+
+    /**
+     * Get the public key and check if the keys expired
+     *
+     * @returns the public key of the user
+     */
+    async get_public_key() {
+        await this._ensure_keys();
+        return this.keys.publicKey;
+    }
+
+    /**
+     * Open the indexed DB and return object store using promise
+     *
+     * @private
+     * @returns a promise
+     */
+    _get_object_store() {
+        return new Promise((resolve, reject) => {
+            const open = indexedDB.open(Database, 1);
+            open.onupgradeneeded = function () {
+                const db = open.result;
+                db.createObjectStore(Database, {keyPath: "id"});
+            };
+
+            open.onerror = function (event) {
+                reject(`error opening database ${event.target.errorCode}`);
+            };
+
+            open.onsuccess = function () {
+                const db = open.result;
+                const tx = db.transaction(Database, "readwrite");
+
+                resolve(tx.objectStore(Database));
+
+                tx.oncomplete = function () {
+                    db.close();
+                };
+            };
+        });
+    }
+
+    /**
+     * Open the object store and extract the keys using the id
+     *
+     * @private
+     * @param {String} uuid
+     * @returns the result from the object store or false
+     */
+    async _get_keys(uuid) {
+        const self = this;
+        return new Promise((resolve, reject) => {
+            self._get_object_store().then((store) => {
+                const request = store.get(uuid);
+                request.onerror = function (event) {
+                    reject(`error opening database ${event.target.errorCode}`);
+                };
+                request.onsuccess = function () {
+                    resolve(request.result);
+                };
+            });
+        });
+    }
+
+    /**
+     * Check if the keys exist in the database
+     *
+     * @returns the uuid of the currently active keys or false
+     */
+    async _check_database() {
+        const params = await this.rpc("/vault/keys/get");
+        if (Object.keys(params).length && params.uuid) return params.uuid;
+        return false;
+    }
+
+    /**
+     * Check if the keys exist in the store
+     *
+     * @private
+     * @param {String} uuid
+     * @returns if the keys are in the object store
+     */
+    async _check_store(uuid) {
+        if (!uuid) return false;
+
+        const result = await this._get_keys(uuid);
+        return Boolean(result && result.keys);
+    }
+
+    /**
+     * Import the keys from the indexed DB
+     *
+     * @private
+     * @returns if the import from the object store succeeded
+     */
+    async _import_from_store() {
+        const data = await this._get_keys(this.uuid);
+        if (data) {
+            this.keys = data.keys;
+            this.time = data.time;
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * Export the current keys to the indexed DB
+     *
+     * @private
+     * @returns true
+     */
+    async _export_to_store() {
+        const keys = {id: this.uuid, keys: this.keys, time: this.time};
+        const store = await this._get_object_store();
+        store.put(keys);
+        return true;
+    }
+
+    /**
+     * Export the key pairs to the backends
+     *
+     * @private
+     * @param {String} password
+     * @returns if the export to the database succeeded
+     */
+    async _export_to_database(password = null) {
+        // Generate salt for the user key
+        this.salt = utils.generate_bytes(utils.SaltLength).buffer;
+        this.iterations = utils.Derive.iterations;
+        this.version = 1;
+
+        // Wrap the private key with the master key of the user
+        this.iv = utils.generate_bytes(utils.IVLength);
+
+        // Request the password from the user and derive the user key
+        const pass = await utils.derive_key(
+            password || (await askpassword(true)),
+            this.salt,
+            this.iterations
+        );
+
+        // Export the private key wrapped with the master key
+        const private_key = await utils.export_private_key(
+            await this.get_private_key(),
+            pass,
+            this.iv
+        );
+
+        // Export the public key
+        const public_key = await utils.export_public_key(await this.get_public_key());
+
+        const params = {
+            public: public_key,
+            private: private_key,
+            iv: utils.toBase64(this.iv),
+            iterations: this.iterations,
+            salt: utils.toBase64(this.salt),
+            version: this.version,
+        };
+
+        // Export to the server
+        const response = await this.rpc("/vault/keys/store", params);
+        if (response) {
+            this.uuid = response;
+            return true;
+        }
+
+        console.error("Failed to export keys to database");
+        return false;
+    }
+
+    /**
+     * Import the keys from the backend and decrypt the private key
+     *
+     * @private
+     * @returns if the import succeeded
+     */
+    async _import_from_database() {
+        const params = await this.rpc("/vault/keys/get");
+        if (Object.keys(params).length) {
+            this.salt = utils.fromBase64(params.salt);
+            this.iterations = params.iterations;
+            this.version = params.version || 0;
+
+            // Request the password from the user and derive the user key
+            const raw_password = await askpassword(false);
+            let password = raw_password;
+
+            // Compatibility
+            if (!this.version) password = session.username + "|" + password;
+
+            const pass = await utils.derive_key(password, this.salt, this.iterations);
+
+            this.keys = {
+                publicKey: await utils.load_public_key(params.public),
+                privateKey: await utils.load_private_key(
+                    params.private,
+                    pass,
+                    params.iv
+                ),
+            };
+
+            this.time = new Date();
+            this.uuid = params.uuid;
+
+            this._check_key_migration(raw_password);
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * Wrap the master key with the own public key
+     *
+     * @param {CryptoKey} master_key
+     * @returns wrapped master key
+     */
+    async wrap(master_key) {
+        return await utils.wrap(master_key, await this.get_public_key());
+    }
+
+    /**
+     * Wrap the master key with a public key given as string
+     *
+     * @param {CryptoKey} master_key
+     * @param {String} public_key
+     * @returns wrapped master key
+     */
+    async wrap_with(master_key, public_key) {
+        const pub_key = await utils.load_public_key(public_key);
+        return await utils.wrap(master_key, pub_key);
+    }
+
+    /**
+     * Unwrap the master key with the own private key
+     *
+     * @param {CryptoKey} master_key
+     * @returns unwrapped master key
+     */
+    async unwrap(master_key) {
+        return await utils.unwrap(master_key, await this.get_private_key());
+    }
+
+    /**
+     * Share a wrapped master key by unwrapping with own private key and wrapping with
+     * another key
+     *
+     * @param {String} master_key
+     * @param {String} public_key
+     * @returns wrapped master key
+     */
+    async share(master_key, public_key) {
+        const key = await this.unwrap(master_key);
+        return await this.wrap_with(key, public_key);
+    }
+}
+
+export default new Vault();
diff --git a/vault/static/src/backend/vault.scss b/vault/static/src/backend/vault.scss
new file mode 100644
index 0000000000..d8f61fbcd0
--- /dev/null
+++ b/vault/static/src/backend/vault.scss
@@ -0,0 +1,13 @@
+.o_vault_inbox {
+    white-space: pre-wrap;
+}
+
+.o_field_cell .o_vault .o_vault_buttons {
+    float: right;
+    position: relative;
+    z-index: 10;
+}
+
+.o_vault .o_input {
+    width: auto;
+}
diff --git a/vault/static/src/common/utils.esm.js b/vault/static/src/common/utils.esm.js
new file mode 100644
index 0000000000..5217851541
--- /dev/null
+++ b/vault/static/src/common/utils.esm.js
@@ -0,0 +1,572 @@
+/** @odoo-module alias=vault.utils **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import {_t, qweb} from "web.core";
+import Dialog from "web.Dialog";
+
+const CryptoAPI = window.crypto.subtle;
+
+// Some basic constants used for the entire vaults
+const Hash = "SHA-512";
+
+const HashLength = 10;
+const IVLength = 12;
+const SaltLength = 32;
+
+const Asymmetric = {
+    name: "RSA-OAEP",
+    modulusLength: 4096,
+    publicExponent: new Uint8Array([1, 0, 1]),
+    hash: Hash,
+};
+const Derive = {
+    name: "PBKDF2",
+    iterations: 600001,
+};
+const Symmetric = {
+    name: "AES-GCM",
+    length: 256,
+};
+
+/**
+ * Checks if the CryptoAPI is available and the vault feature supported
+ *
+ * @returns if vault is supported
+ */
+function supported() {
+    return Boolean(CryptoAPI);
+}
+
+/**
+ * Converts an ArrayBuffer to an ASCII string
+ *
+ * @param {ArrayBuffer} buffer
+ * @returns the data converted to a string
+ */
+function toBinary(buffer) {
+    if (!buffer) return "";
+
+    const chars = Array.from(new Uint8Array(buffer)).map(function (b) {
+        return String.fromCharCode(b);
+    });
+    return chars.join("");
+}
+
+/**
+ * Converts an ASCII string to an ArrayBuffer
+ *
+ * @param {String} binary
+ * @returns the data converted to an ArrayBuffer
+ */
+function fromBinary(binary) {
+    const len = binary.length;
+    const bytes = new Uint8Array(len);
+    for (let i = 0; i < len; i++) bytes[i] = binary.charCodeAt(i);
+    return bytes.buffer;
+}
+
+/**
+ * Converts an ArrayBuffer to a Base64 encoded string
+ *
+ * @param {ArrayBuffer} buffer
+ * @returns Base64 string
+ */
+function toBase64(buffer) {
+    if (!buffer) return "";
+
+    const chars = Array.from(new Uint8Array(buffer)).map(function (b) {
+        return String.fromCharCode(b);
+    });
+    return btoa(chars.join(""));
+}
+
+/**
+ * Converts an Base64 encoded string to an ArrayBuffer
+ *
+ * @param {String} base64
+ * @returns the data converted to an ArrayBuffer
+ */
+function fromBase64(base64) {
+    if (!base64) {
+        const bytes = new Uint8Array(0);
+        return bytes.buffer;
+    }
+
+    const binary_string = atob(base64);
+    const len = binary_string.length;
+    const bytes = new Uint8Array(len);
+    for (let i = 0; i < len; i++) bytes[i] = binary_string.charCodeAt(i);
+    return bytes.buffer;
+}
+
+/**
+ * Generate random bytes used for salts or IVs
+ *
+ * @param {int} length
+ * @returns an array with length random bytes
+ */
+function generate_bytes(length) {
+    const buf = new Uint8Array(length);
+    window.crypto.getRandomValues(buf);
+    return buf;
+}
+
+/**
+ * Generate random bytes used for salts or IVs encoded as base64
+ *
+ * @returns base64 string
+ */
+function generate_iv_base64() {
+    return toBase64(generate_bytes(IVLength));
+}
+
+/**
+ * Generate a random secret with specific characters
+ *
+ * @param {int} length
+ * @param {String} characters
+ * @returns base64 string
+ */
+function generate_secret(length, characters) {
+    let result = "";
+    const len = characters.length;
+    for (const k of generate_bytes(length))
+        result += characters[Math.floor((len * k) / 256)];
+    return result;
+}
+
+/**
+ * Generate a symmetric key for encrypting and decrypting
+ *
+ * @returns symmetric key
+ */
+async function generate_key() {
+    return await CryptoAPI.generateKey(Symmetric, true, ["encrypt", "decrypt"]);
+}
+
+/**
+ * Generate an asymmetric key pair for encrypting, decrypting, wrapping and unwrapping
+ *
+ * @returns asymmetric key
+ */
+async function generate_key_pair() {
+    return await CryptoAPI.generateKey(Asymmetric, true, [
+        "wrapKey",
+        "unwrapKey",
+        "decrypt",
+        "encrypt",
+    ]);
+}
+
+/**
+ * Generate a hash of the given data
+ *
+ * @param {String} data
+ * @returns base64 encoded hash of the data
+ */
+async function digest(data) {
+    const encoder = new TextEncoder();
+    return toBase64(await CryptoAPI.digest(Hash, encoder.encode(data)));
+}
+
+/**
+ * Ask the user to enter a password using a dialog
+ *
+ * @param {String} title of the dialog
+ * @param {Object} options
+ * @returns promise
+ */
+function askpass(title, options = {}) {
+    var self = this;
+
+    if (options.password === undefined) options.password = true;
+    if (options.keyfile === undefined) options.keyfile = true;
+
+    return new Promise((resolve, reject) => {
+        var dialog = new Dialog(self, {
+            title: title,
+            $content: $(qweb.render("vault.askpass", options)),
+            buttons: [
+                {
+                    text: _t("Enter"),
+                    classes: "btn-primary",
+                    click: async function () {
+                        const password = this.$("#password").val();
+                        const keyfile = this.$("#keyfile")[0].files[0];
+
+                        if (!password && !keyfile) {
+                            Dialog.alert(this, _t("Missing password"));
+                            return;
+                        }
+
+                        if (options.confirm) {
+                            const confirm = this.$("#confirm").val();
+
+                            if (confirm !== password) {
+                                Dialog.alert(this, _t("The passwords aren't matching"));
+                                return;
+                            }
+                        }
+
+                        dialog.close();
+
+                        let keyfile_content = null;
+                        if (keyfile) keyfile_content = fromBinary(await keyfile.text());
+
+                        resolve({
+                            password: password,
+                            keyfile: keyfile_content,
+                        });
+                    },
+                },
+                {
+                    text: _t("Cancel"),
+                    click: function () {
+                        dialog.close();
+                        reject(_t("Cancelled"));
+                    },
+                },
+            ],
+        });
+
+        dialog.open();
+    });
+}
+
+/**
+ * Ask the user to enter a password using a dialog
+ *
+ * @param {String} title of the dialog
+ * @param {Object} options
+ * @returns promise
+ */
+function generate_pass(title, options = {}) {
+    var self = this;
+
+    const $content = $(qweb.render("vault.generate_pass", options));
+    const $password = $content.find("#password")[0];
+    const $length = $content.find("#length")[0];
+    const $big = $content.find("#big_letter")[0];
+    const $small = $content.find("#small_letter")[0];
+    const $digits = $content.find("#digits")[0];
+    const $special = $content.find("#special")[0];
+    var password = null;
+
+    function gen_pass() {
+        let characters = "";
+        if ($big.checked) characters += "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+        if ($small.checked) characters += "abcdefghijklmnopqrstuvwxyz";
+        if ($digits.checked) characters += "0123456789";
+        if ($special.checked) characters += "!?$%&/()[]{}|<>,;.:-_#+*\\";
+
+        if (characters)
+            $password.innerHTML = password = generate_secret($length.value, characters);
+    }
+
+    $length.onchange =
+        $big.onchange =
+        $small.onchange =
+        $digits.onchange =
+        $special.onchange =
+            gen_pass;
+
+    gen_pass();
+
+    return new Promise((resolve, reject) => {
+        var dialog = new Dialog(self, {
+            title: title,
+            $content: $content,
+            buttons: [
+                {
+                    text: _t("Enter"),
+                    classes: "btn-primary",
+                    click: async function () {
+                        if (!password) throw new Error(_t("Missing password"));
+
+                        dialog.close();
+                        resolve(password);
+                    },
+                },
+                {
+                    text: _t("Cancel"),
+                    click: function () {
+                        dialog.close();
+                        reject(_t("Cancelled"));
+                    },
+                },
+            ],
+        });
+
+        dialog.open();
+    });
+}
+
+/**
+ * Derive a key using the given data, salt and iterations using PBKDF2
+ *
+ * @param {String} data
+ * @param {String} salt
+ * @param {int} iterations
+ * @returns the derived key
+ */
+async function derive_key(data, salt, iterations) {
+    const enc = new TextEncoder();
+    const material = await CryptoAPI.importKey(
+        "raw",
+        enc.encode(data),
+        Derive.name,
+        false,
+        ["deriveBits", "deriveKey"]
+    );
+
+    return await CryptoAPI.deriveKey(
+        {
+            name: Derive.name,
+            salt: salt,
+            iterations: iterations,
+            hash: Hash,
+        },
+        material,
+        Symmetric,
+        false,
+        ["wrapKey", "unwrapKey", "encrypt", "decrypt"]
+    );
+}
+
+/**
+ * Encrypt the data using a public key
+ *
+ * @param {CryptoKey} public_key
+ * @param {String} data
+ * @returns the encrypted data
+ */
+async function asym_encrypt(public_key, data) {
+    if (!data) return data;
+
+    const enc = new TextEncoder();
+    return toBase64(
+        await CryptoAPI.encrypt({name: Asymmetric.name}, public_key, enc.encode(data))
+    );
+}
+
+/**
+ * Decrypt the data using the own private key
+ *
+ * @param {CryptoKey} private_key
+ * @param {String} crypted
+ * @returns the decrypted data
+ */
+async function asym_decrypt(private_key, crypted) {
+    if (!crypted) return crypted;
+
+    const dec = new TextDecoder();
+    return dec.decode(
+        await CryptoAPI.decrypt(
+            {name: Asymmetric.name},
+            private_key,
+            fromBase64(crypted)
+        )
+    );
+}
+
+/**
+ * Symmetrically encrypt the data using a master key
+ *
+ * @param {CryptoKey} key
+ * @param {String} data
+ * @param {String} iv
+ * @returns the encrypted data
+ */
+async function sym_encrypt(key, data, iv) {
+    if (!data) return data;
+
+    const hash = await digest(data);
+    const enc = new TextEncoder();
+    return toBase64(
+        await CryptoAPI.encrypt(
+            {name: Symmetric.name, iv: fromBase64(iv), tagLength: 128},
+            key,
+            enc.encode(hash.slice(0, HashLength) + data)
+        )
+    );
+}
+
+/**
+ * Symmetrically decrypt the data using a master key
+ *
+ * @param {CryptoKey} key
+ * @param {String} crypted
+ * @param {String} iv
+ * @returns the decrypted data
+ */
+async function sym_decrypt(key, crypted, iv) {
+    if (!crypted) return crypted;
+
+    try {
+        const dec = new TextDecoder();
+        const message = dec.decode(
+            await CryptoAPI.decrypt(
+                {name: Symmetric.name, iv: fromBase64(iv), tagLength: 128},
+                key,
+                fromBase64(crypted)
+            )
+        );
+
+        const data = message.slice(HashLength);
+        const hash = await digest(data);
+        // Compare the hash and return if integer
+        if (hash.slice(0, HashLength) === message.slice(0, HashLength)) return data;
+
+        console.error("Invalid data hash");
+        // Wrong hash
+        return null;
+    } catch (err) {
+        console.error(err);
+        return null;
+    }
+}
+
+/**
+ * Load a public key
+ *
+ * @param {String} public_key
+ * @returns the public key as CryptoKey
+ */
+async function load_public_key(public_key) {
+    return await CryptoAPI.importKey("spki", fromBase64(public_key), Asymmetric, true, [
+        "wrapKey",
+        "encrypt",
+    ]);
+}
+
+/**
+ * Load a private key
+ *
+ * @param {String} private_key
+ * @param {CryptoKey} key
+ * @param {String} iv
+ * @returns the private key as CryptoKey
+ */
+async function load_private_key(private_key, key, iv) {
+    return await CryptoAPI.unwrapKey(
+        "pkcs8",
+        fromBase64(private_key),
+        key,
+        {name: Symmetric.name, iv: fromBase64(iv), tagLength: 128},
+        Asymmetric,
+        true,
+        ["unwrapKey", "decrypt"]
+    );
+}
+
+/**
+ * Export a public key in spki format
+ *
+ * @param {CryptoKey} public_key
+ * @returns the public key as string
+ */
+async function export_public_key(public_key) {
+    return toBase64(await CryptoAPI.exportKey("spki", public_key));
+}
+
+/**
+ * Export a private key in pkcs8 format
+ *
+ * @param {String} private_key
+ * @param {CryptoKey} key
+ * @param {String} iv
+ * @returns the public key as CryptoKey
+ */
+async function export_private_key(private_key, key, iv) {
+    return toBase64(
+        await CryptoAPI.wrapKey("pkcs8", private_key, key, {
+            name: Symmetric.name,
+            iv: iv,
+            tagLength: 128,
+        })
+    );
+}
+
+/**
+ * Wrap the master key with the own public key
+ *
+ * @param {CryptoKey} key
+ * @param {CryptoKey} public_key
+ * @returns wrapped master key
+ */
+async function wrap(key, public_key) {
+    return toBase64(await CryptoAPI.wrapKey("raw", key, public_key, Asymmetric));
+}
+
+/**
+ * Unwrap the master key with the own private key
+ *
+ * @param {CryptoKey} key
+ * @param {CryptoKey} private_key
+ * @returns unwrapped master key
+ */
+async function unwrap(key, private_key) {
+    return await CryptoAPI.unwrapKey(
+        "raw",
+        fromBase64(key),
+        private_key,
+        Asymmetric,
+        Symmetric,
+        true,
+        ["encrypt", "decrypt"]
+    );
+}
+
+/**
+ * Capitalize each word of the string
+ *
+ * @param {String} s
+ * @returns capitalized string
+ */
+function capitalize(s) {
+    return s.toLowerCase().replace(/\b\w/g, function (c) {
+        return c.toUpperCase();
+    });
+}
+
+export default {
+    // Constants
+    Asymmetric: Asymmetric,
+    Derive: Derive,
+    Hash: Hash,
+    HashLength: HashLength,
+    IVLength: IVLength,
+    SaltLength: SaltLength,
+    Symmetric: Symmetric,
+
+    // Crypto utility functions
+    askpass: askpass,
+    asym_decrypt: asym_decrypt,
+    asym_encrypt: asym_encrypt,
+    derive_key: derive_key,
+    digest: digest,
+    export_private_key: export_private_key,
+    export_public_key: export_public_key,
+    generate_bytes: generate_bytes,
+    generate_iv_base64: generate_iv_base64,
+    generate_key: generate_key,
+    generate_key_pair: generate_key_pair,
+    generate_pass: generate_pass,
+    generate_secret: generate_secret,
+    load_private_key: load_private_key,
+    load_public_key: load_public_key,
+    sym_decrypt: sym_decrypt,
+    sym_encrypt: sym_encrypt,
+    unwrap: unwrap,
+    wrap: wrap,
+
+    // Utility functions
+    capitalize: capitalize,
+    fromBase64: fromBase64,
+    fromBinary: fromBinary,
+    toBase64: toBase64,
+    toBinary: toBinary,
+
+    supported: supported,
+};
diff --git a/vault/static/src/frontend/inbox.esm.js b/vault/static/src/frontend/inbox.esm.js
new file mode 100644
index 0000000000..759c032c13
--- /dev/null
+++ b/vault/static/src/frontend/inbox.esm.js
@@ -0,0 +1,96 @@
+/** @odoo-module alias=vault.inbox **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import utils from "vault.utils";
+
+const data = {};
+let key = false;
+let iv = false;
+
+const fields = [
+    "key",
+    "iv",
+    "public",
+    "encrypted",
+    "secret",
+    "encrypted_file",
+    "filename",
+    "secret_file",
+    "submit",
+];
+
+function toggle_required(element, value) {
+    if (value) element.setAttribute("required", "required");
+    else element.removeAttribute("required");
+}
+
+// Encrypt the value and store it in the right input field
+async function encrypt_and_store(value, target) {
+    if (!utils.supported()) return false;
+
+    // Find all the possible elements which are needed
+    for (const id of fields) if (!data[id]) data[id] = document.getElementById(id);
+
+    // We expect a public key here otherwise we can't procceed
+    if (!data.public.value) return;
+
+    const public_key = await utils.load_public_key(data.public.value);
+
+    // Create a new key if not already present
+    if (!key) {
+        key = await utils.generate_key();
+        data.key.value = await utils.wrap(key, public_key);
+    }
+
+    // Create a new IV if not already present
+    if (!iv) {
+        iv = utils.generate_iv_base64();
+        data.iv.value = iv;
+    }
+
+    // Encrypt the value symmetrically and store it in the field
+    const val = await utils.sym_encrypt(key, value, iv);
+    data[target].value = val;
+    return Boolean(val);
+}
+
+document.getElementById("secret").onchange = async function () {
+    if (!utils.supported()) return false;
+
+    if (!this.value) return;
+
+    const required = await encrypt_and_store(this.value, "encrypted");
+    toggle_required(data.secret, required);
+    toggle_required(data.secret_file, !required);
+    data.submit.removeAttribute("disabled");
+};
+
+document.getElementById("secret_file").onchange = async function () {
+    if (!utils.supported()) return false;
+
+    if (!this.files.length) return;
+
+    const file = this.files[0];
+    const reader = new FileReader();
+    let content = null;
+
+    const promise = new Promise((resolve) => {
+        reader.onload = () => {
+            if (reader.result.indexOf(",") >= 0) content = reader.result.split(",")[1];
+            resolve();
+        };
+    });
+
+    reader.readAsDataURL(file);
+
+    await promise;
+
+    if (!content) return;
+
+    const required = await encrypt_and_store(content, "encrypted_file");
+    toggle_required(data.secret, !required);
+    toggle_required(data.secret_file, required);
+    data.filename.value = file.name;
+    data.submit.removeAttribute("disabled");
+};
diff --git a/vault/static/tests/vault_tests.js b/vault/static/tests/vault_tests.js
new file mode 100644
index 0000000000..e73de4beb6
--- /dev/null
+++ b/vault/static/tests/vault_tests.js
@@ -0,0 +1,209 @@
+// © 2021 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+/* global QUnit */
+
+odoo.define("vault.tests", function (require) {
+    "use strict";
+
+    var utils = require("vault.utils");
+
+    QUnit.module(
+        "vault",
+        {
+            before: function () {
+                utils.askpass = async function () {
+                    return {
+                        password: "test",
+                        keyfile: "",
+                    };
+                };
+            },
+        },
+        function () {
+            function is_keypair(keys, assert) {
+                assert.equal(keys.publicKey instanceof CryptoKey, true);
+                assert.equal(keys.publicKey.type, "public");
+                assert.equal(keys.privateKey instanceof CryptoKey, true);
+                assert.equal(keys.privateKey.type, "private");
+            }
+
+            QUnit.test("vault: Test conversion utils", async function (assert) {
+                assert.expect(7);
+
+                let text = "hello world";
+                let buf = utils.fromBinary(text);
+                assert.equal(true, buf instanceof ArrayBuffer);
+                assert.equal(text, utils.toBinary(buf));
+                assert.equal("", utils.toBinary(false));
+
+                text = "ImhlbGxvIHdvcmxkIg==";
+                buf = utils.fromBase64(text);
+                assert.equal(true, buf instanceof ArrayBuffer);
+                assert.equal(text, utils.toBase64(buf));
+                assert.equal("", utils.toBase64(false));
+
+                assert.equal("Hello World", utils.capitalize("hello world"));
+            });
+
+            QUnit.test("vault: Test generation utils", async function (assert) {
+                assert.expect(12);
+
+                let data = utils.generate_bytes(5);
+                assert.equal(true, data instanceof Uint8Array);
+                assert.equal(data.length, 5);
+                data = utils.generate_bytes(10);
+                assert.equal(data.length, 10);
+
+                data = utils.generate_iv_base64();
+                assert.equal(typeof data, "string");
+                assert.notEqual(data, utils.generate_iv_base64());
+
+                data = await utils.generate_key();
+                assert.equal(true, data instanceof CryptoKey);
+
+                data = await utils.generate_key_pair();
+                is_keypair(data, assert);
+
+                data = utils.generate_secret(10, "01");
+                assert.equal(data.length, 10);
+                let valid = true;
+                for (const c of data) if ("01".indexOf(c) < 0) valid = false;
+                assert.equal(valid, true);
+            });
+
+            QUnit.test("vault: Test asymmetric encryption", async function (assert) {
+                assert.expect(2);
+                const text = "hello world";
+                const key = await utils.generate_key_pair();
+
+                const crypted = await utils.asym_encrypt(key.publicKey, text);
+                assert.equal("string", typeof crypted);
+                assert.strictEqual(
+                    text,
+                    await utils.asym_decrypt(key.privateKey, crypted)
+                );
+            });
+
+            QUnit.test("vault: Test symmetric encryption", async function (assert) {
+                assert.expect(2);
+                const text = "hello world";
+                const key = await utils.generate_key();
+                const iv = utils.generate_iv_base64();
+
+                const crypted = await utils.sym_encrypt(key, text, iv);
+                assert.equal("string", typeof crypted);
+                assert.strictEqual(text, await utils.sym_decrypt(key, crypted, iv));
+            });
+
+            QUnit.test("vault: Test import/export", async function (assert) {
+                assert.expect(3);
+
+                const key = await utils.generate_key_pair();
+                let exported = await utils.export_public_key(key.publicKey);
+                let tmp = await utils.load_public_key(exported);
+                assert.deepEqual(key.publicKey, tmp);
+
+                const iv = utils.generate_bytes(10);
+                const salt = utils.generate_bytes(10);
+                const wrapper = await utils.derive_key("test", salt, 4000);
+                exported = await utils.export_private_key(key.privateKey, wrapper, iv);
+                tmp = await utils.load_private_key(
+                    exported,
+                    wrapper,
+                    utils.toBase64(iv)
+                );
+                assert.deepEqual(key.privateKey, tmp);
+
+                const master_key = await utils.generate_key();
+                exported = await utils.wrap(master_key, key.publicKey);
+                tmp = await utils.unwrap(exported, key.privateKey);
+                assert.deepEqual(master_key, tmp);
+            });
+
+            QUnit.test("vault: Test vault class", async function (assert) {
+                assert.expect(12);
+
+                var vault = require("vault");
+
+                await vault._initialize_keys();
+                is_keypair(vault.keys, assert);
+
+                vault.keys = undefined;
+                await vault._import_from_store();
+                is_keypair(vault.keys, assert);
+
+                vault.keys = undefined;
+                await vault._import_from_database();
+                is_keypair(vault.keys, assert);
+            });
+
+            QUnit.test("vault: Importer/exporter", async function (assert) {
+                // The exporter won't skip empty keys
+                const child = {
+                    uuid: "42a",
+                    note: "test note child",
+                    name: "test child",
+                    url: "child.example.org",
+                    fields: [],
+                    files: [],
+                    childs: [],
+                };
+
+                const data = {
+                    type: "raw",
+                    data: [
+                        child,
+                        {
+                            uuid: "42",
+                            note: "test note",
+                            name: "test name",
+                            url: "test.example.org",
+                            fields: [
+                                {name: "a", value: "Hello World"},
+                                {name: "secret", value: "dlrow olleh"},
+                            ],
+                            files: [],
+                            childs: [child, child],
+                        },
+                        child,
+                    ],
+                };
+
+                assert.expect(2);
+
+                var Exporter = require("vault.export");
+                var Importer = require("vault.import");
+                var vault = require("vault");
+                await vault._initialize_keys();
+
+                const master_key = await utils.generate_key();
+                const importer = new Importer();
+                const imported = await importer.import(
+                    master_key,
+                    "test.json",
+                    JSON.stringify(data)
+                );
+
+                const exporter = new Exporter();
+                const exported = await exporter.export(
+                    master_key,
+                    "test.json",
+                    JSON.stringify(imported)
+                );
+                assert.equal(exported.type, "encrypted");
+
+                const pass = await utils.derive_key(
+                    "test",
+                    utils.fromBase64(exported.salt),
+                    exported.iterations
+                );
+
+                const tmp = JSON.parse(
+                    await utils.sym_decrypt(pass, exported.data, exported.iv)
+                );
+                assert.deepEqual(tmp, data.data);
+            });
+        }
+    );
+});
diff --git a/vault/tests/__init__.py b/vault/tests/__init__.py
new file mode 100644
index 0000000000..59ea2f2ef1
--- /dev/null
+++ b/vault/tests/__init__.py
@@ -0,0 +1,11 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import (
+    test_controller,
+    test_log,
+    test_rights,
+    test_user,
+    test_vault,
+    test_widgets,
+)
diff --git a/vault/tests/test_controller.py b/vault/tests/test_controller.py
new file mode 100644
index 0000000000..21e06d2cf9
--- /dev/null
+++ b/vault/tests/test_controller.py
@@ -0,0 +1,229 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import json
+import logging
+from unittest.mock import MagicMock
+
+from odoo.tests import TransactionCase
+from odoo.tools import mute_logger
+
+from odoo.addons.website.tools import MockRequest
+
+from ..controllers import main
+
+_logger = logging.getLogger(__name__)
+
+
+class TestController(TransactionCase):
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+
+        cls.controller = main.Controller()
+
+        cls.user = cls.env["res.users"].create(
+            {"login": "test", "email": "test@test", "name": "test"}
+        )
+        cls.user.inbox_token = "42"
+        cls.user.keys.current = False
+        cls.key = cls.env["res.users.key"].create(
+            {
+                "user_id": cls.user.id,
+                "public": "a public key",
+                "salt": "42",
+                "iv": "2424",
+                "iterations": 4000,
+                "private": "24",
+                "current": True,
+            }
+        )
+        cls.inbox = cls.env["vault.inbox"].create(
+            {
+                "user_id": cls.user.id,
+                "name": "Inbox",
+                "key": "4",
+                "iv": "1",
+                "secret": "old secret",
+                "secret_file": "old file",
+                "accesses": 100,
+            }
+        )
+
+    @mute_logger("odoo.sql_db")
+    def test_vault_inbox(self):
+        def return_context(template, context):
+            self.assertEqual(template, "vault.inbox")
+            return json.dumps(context)
+
+        def load(response):
+            return json.loads(response.data)
+
+        with MockRequest(self.env) as request_mock:
+            request_mock.render = return_context
+            response = load(self.controller.vault_inbox(""))
+            self.assertIn("error", response)
+
+            response = load(self.controller.vault_inbox(self.user.inbox_token))
+            self.assertNotIn("error", response)
+            self.assertEqual(response["public"], self.user.active_key.public)
+
+            # Try to eliminate each error step by step
+            request_mock.httprequest.method = "POST"
+            request_mock.params = {}
+            response = load(self.controller.vault_inbox(self.user.inbox_token))
+            self.assertIn("error", response)
+
+            request_mock.params["name"] = "test"
+            response = load(self.controller.vault_inbox(self.user.inbox_token))
+            self.assertIn("error", response)
+
+            request_mock.params.update(
+                {"encrypted": "secret", "encrypted_file": "file"}
+            )
+            response = load(self.controller.vault_inbox(self.user.inbox_token))
+            self.assertIn("error", response)
+
+            request_mock.params["filename"] = "filename"
+            response = load(self.controller.vault_inbox(self.user.inbox_token))
+            self.assertIn("error", response)
+
+            self.assertEqual(self.inbox.secret, "old secret")
+            self.assertEqual(self.inbox.secret_file, b"old file")
+
+            # Store something successfully
+            request_mock.params.update({"iv": "iv", "key": "key"})
+            response = load(self.controller.vault_inbox(self.inbox.token))
+            self.assertNotIn("error", response)
+            self.assertEqual(self.inbox.secret, "secret")
+            self.assertEqual(self.inbox.secret_file, b"file")
+
+            # Test a duplicate inbox
+            self.inbox.copy().token = self.inbox.token
+            response = load(self.controller.vault_inbox(self.inbox.token))
+            self.assertIn("error", response)
+
+            def raise_error(*args, **kwargs):
+                raise TypeError()
+
+            # Catch internal errors
+            try:
+                request_mock.httprequest.remote_addr = "127.0.0.1"
+                self.env["vault.inbox"]._patch_method("store_in_inbox", raise_error)
+                response = load(self.controller.vault_inbox(self.user.inbox_token))
+            finally:
+                self.env["vault.inbox"]._revert_method("store_in_inbox")
+
+            self.assertIn("error", response)
+
+    @mute_logger("odoo.sql_db")
+    def test_vault_public(self):
+        with MockRequest(self.env):
+            no_key = self.env["res.users"].create(
+                {"login": "keyless", "email": "test@test", "name": "test"}
+            )
+
+            response = self.controller.vault_public(user_id=no_key.id)
+            self.assertEqual(response, {})
+
+            response = self.controller.vault_public(user_id=self.user.id)
+            self.assertEqual(response["public_key"], self.key.public)
+
+    @mute_logger("odoo.sql_db")
+    def test_vault_replace(self):
+        with MockRequest(self.env):
+            vault = self.env["vault"].create({"name": "Vault"})
+            right = vault.right_ids[:1]
+            entry = self.env["vault.entry"].create(
+                {"name": "Test Entry", "vault_id": vault.id}
+            )
+            field = self.env["vault.field"].create(
+                {"entry_id": entry.id, "name": "Test", "value": "hello"}
+            )
+            file = self.env["vault.file"].create(
+                {"entry_id": entry.id, "name": "Test", "value": b"hello"}
+            )
+            right.write({"key": "invalid"})
+
+            self.controller.vault_replace(None)
+            self.assertEqual(field.value, "hello")
+            self.assertEqual(file.value, b"hello")
+
+            vault.reencrypt_required = True
+            self.controller.vault_replace(
+                [
+                    {"model": field._name, "id": field.id, "value": "test"},
+                    {"model": file._name, "id": file.id, "value": "test"},
+                    {"model": right._name, "id": right.id, "key": "changed"},
+                ]
+            )
+            self.assertEqual(field.value, "test")
+            self.assertEqual(file.value, b"test")
+            self.assertEqual(right.key, "changed")
+            self.assertFalse(vault.reencrypt_required)
+
+    @mute_logger("odoo.sql_db")
+    def test_vault_store(
+        self,
+    ):
+        with MockRequest(self.env):
+            mock = MagicMock()
+            try:
+                self.env["res.users.key"]._patch_method("store", mock)
+                self.controller.vault_store_keys()
+                mock.assert_called_once()
+            finally:
+                self.env["res.users.key"]._revert_method("store")
+
+    @mute_logger("odoo.sql_db")
+    def test_vault_keys_get(self):
+        with MockRequest(self.env):
+            mock = MagicMock()
+            try:
+                self.env["res.users"]._patch_method("get_vault_keys", mock)
+                self.controller.vault_get_keys()
+                mock.assert_called_once()
+            finally:
+                self.env["res.users"]._revert_method("get_vault_keys")
+
+    @mute_logger("odoo.sql_db")
+    def test_vault_right_keys(self):
+        with MockRequest(self.env):
+            self.assertFalse(self.controller.vault_get_right_keys())
+
+            # New vault with user as owner and only right
+            vault = self.env["vault"].create({"name": "Vault"})
+
+            response = self.controller.vault_get_right_keys()
+            self.assertEqual(response, {vault.uuid: vault.right_ids.key})
+
+    @mute_logger("odoo.sql_db")
+    def test_vault_store_right_key(self):
+        with MockRequest(self.env):
+            vault = self.env["vault"].create({"name": "Vault"})
+
+            self.controller.vault_store_right_keys(None)
+
+            self.controller.vault_store_right_keys({vault.uuid: "new key"})
+            self.assertEqual(vault.right_ids.key, "new key")
+
+    @mute_logger("odoo.sql_db")
+    def test_vault_inbox_keys(self):
+        with MockRequest(self.env):
+            self.assertFalse(self.controller.vault_get_inbox())
+
+            inbox = self.inbox.copy({"user_id": self.env.uid})
+
+            response = self.controller.vault_get_inbox()
+            self.assertEqual(response, {inbox.token: inbox.key})
+
+    @mute_logger("odoo.sql_db")
+    def test_vault_store_inbox_key(self):
+        with MockRequest(self.env):
+            inbox = self.inbox.copy({"user_id": self.env.uid})
+            inbox.user_id = self.env.user
+
+            self.controller.vault_store_inbox(None)
+
+            self.controller.vault_store_inbox({inbox.token: "new key"})
+            self.assertEqual(inbox.key, "new key")
diff --git a/vault/tests/test_inbox.py b/vault/tests/test_inbox.py
new file mode 100644
index 0000000000..e02402ba8e
--- /dev/null
+++ b/vault/tests/test_inbox.py
@@ -0,0 +1,115 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+from datetime import datetime
+from uuid import uuid4
+
+from odoo.tests import TransactionCase
+
+_logger = logging.getLogger(__name__)
+
+
+class TestShare(TransactionCase):
+    def test_user_inbox(self):
+        user = self.env["res.users"].create(
+            {"login": "test", "email": "test@test", "name": "test"}
+        )
+
+        user.action_new_inbox_token()
+
+        model = self.env["res.users"]
+        token = user.inbox_token
+
+        self.assertEqual(user, model.find_user_of_inbox(token))
+        self.assertIn(token, user.inbox_link)
+
+        user.inbox_enabled = False
+        self.assertEqual(model, model.find_user_of_inbox(token))
+
+        user.action_new_inbox_token()
+        self.assertNotEqual(user.inbox_token, token)
+
+    def test_inbox(self):
+        model = self.env["vault.inbox"]
+        user = self.env.user
+        vals = {
+            "name": f"Inbox {user.name}",
+            "secret": "secret",
+            "iv": "iv",
+            "user": user,
+            "key": "key",
+            "secret_file": "",
+            "filename": "",
+        }
+
+        # Should create a new inbox for the user
+        inbox = model.store_in_inbox(**vals)
+        self.assertEqual(inbox.secret, "secret")
+        self.assertEqual(inbox.accesses, 0)
+        self.assertIn(inbox.token, inbox.inbox_link)
+
+        # No change because of no accesses left
+        vals["secret"] = "new secret"
+        inbox.store_in_inbox(**vals)
+        self.assertEqual(inbox.secret, "secret")
+        self.assertEqual(inbox.accesses, 0)
+
+        # Change expected because 5 accesses left
+        inbox.accesses = 5
+        inbox.store_in_inbox(**vals)
+        self.assertEqual(inbox.secret, "new secret")
+        self.assertEqual(inbox.accesses, 4)
+
+        # No change because expired
+        vals["secret"] = "newer secret"
+        inbox.expiration = datetime(1970, 1, 1)
+        inbox.store_in_inbox(**vals)
+        self.assertEqual(inbox.secret, "new secret")
+        self.assertEqual(inbox.accesses, 4)
+
+        # Search for shares
+        self.assertEqual(inbox, model.find_inbox(inbox.token))
+        self.assertEqual(model, model.find_inbox(uuid4()))
+
+    def test_send_wizard(self):
+        user = self.env.user
+        wiz = self.env["vault.send.wizard"].create(
+            {
+                "name": uuid4(),
+                "iv": "iv",
+                "key_user": "key",
+                "key": "k",
+                "secret": uuid4(),
+                "user_id": user.id,
+            }
+        )
+
+        # Create a new inbox
+        wiz.action_send()
+        self.assertTrue(self.env["vault.inbox"].search([("name", "=", wiz.name)]))
+
+    def test_store_wizard(self):
+        vault = self.env["vault"].create({"name": "Vault"})
+
+        entry = self.env["vault.entry"].create({"vault_id": vault.id, "name": "Entry"})
+
+        wiz = self.env["vault.store.wizard"].create(
+            {
+                "vault_id": vault.id,
+                "entry_id": entry.id,
+                "name": uuid4(),
+                "iv": "iv",
+                "key": "k",
+                "secret": uuid4(),
+                "secret_temporary": "temp",
+                "model": "vault.field",
+            }
+        )
+
+        vault.right_ids.write({"key": uuid4()})
+        self.assertEqual(wiz.master_key, vault.right_ids.key)
+
+        wiz.action_store()
+
+        self.assertEqual(wiz.name, entry.field_ids.name)
diff --git a/vault/tests/test_log.py b/vault/tests/test_log.py
new file mode 100644
index 0000000000..974fe44570
--- /dev/null
+++ b/vault/tests/test_log.py
@@ -0,0 +1,41 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo.tests import TransactionCase
+
+_logger = logging.getLogger(__name__)
+
+
+class TestLog(TransactionCase):
+    def test_not_implemeneted(self):
+        with self.assertRaises(NotImplementedError):
+            self.env["vault.abstract"].log_entry("test")
+
+        with self.assertRaises(NotImplementedError):
+            self.env["vault.abstract"].log_info("test")
+
+        with self.assertRaises(NotImplementedError):
+            self.env["vault.abstract"].log_warn("test")
+
+        with self.assertRaises(NotImplementedError):
+            self.env["vault.abstract"].log_error("test")
+
+    def test_log_created(self):
+        vault = self.env["vault"].create({"name": "Vault"})
+        entry = self.env["vault.entry"].create({"vault_id": vault.id, "name": "Entry"})
+
+        vault.log_ids.unlink()
+
+        vault.log_info("info")
+        self.assertEqual(vault.log_ids.mapped("state"), ["info"])
+        self.assertEqual(entry.log_ids.mapped("state"), [])
+
+        entry.log_warn("warn")
+        self.assertEqual(vault.log_ids.mapped("state"), ["info", "warn"])
+        self.assertEqual(entry.log_ids.mapped("state"), ["warn"])
+
+        entry.log_error("error")
+        self.assertEqual(vault.log_ids.mapped("state"), ["info", "warn", "error"])
+        self.assertEqual(entry.log_ids.mapped("state"), ["warn", "error"])
diff --git a/vault/tests/test_rights.py b/vault/tests/test_rights.py
new file mode 100644
index 0000000000..3581a59b27
--- /dev/null
+++ b/vault/tests/test_rights.py
@@ -0,0 +1,155 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo.exceptions import AccessError
+from odoo.tests import TransactionCase
+
+_logger = logging.getLogger(__name__)
+
+
+class TestAccessRights(TransactionCase):
+    def setUp(self):
+        super().setUp()
+        self.user = self.env["res.users"].create(
+            {"login": "user", "name": "tester", "email": "user@localhost"}
+        )
+        self.vault = self.env["vault"].create({"name": "Vault"})
+        self.entry = self.env["vault.entry"].create(
+            {"vault_id": self.vault.id, "name": "Entry"}
+        )
+        self.field = self.env["vault.field"].create(
+            {"entry_id": self.entry.id, "name": "Field", "value": "Value"}
+        )
+        self.vault.right_ids.write({"key": "Owner"})
+
+    def test_vault_reencrypt(self):
+        right = self.env["vault.right"].create(
+            {
+                "vault_id": self.vault.id,
+                "user_id": self.user.id,
+                "perm_create": False,
+            }
+        )
+
+        assert not self.vault.reencrypt_required
+        right.unlink()
+        assert self.vault.reencrypt_required
+
+    def test_public_key(self):
+        key = self.env["res.users.key"].create(
+            {
+                "user_id": self.vault.user_id.id,
+                "public": "a public key",
+                "salt": "42",
+                "iv": "2424",
+                "iterations": 4000,
+                "private": "24",
+            }
+        )
+        self.assertTrue(self.vault.right_ids.public_key)
+        self.assertEqual(key.public, self.vault.right_ids.public_key)
+
+    def test_owner_access(self):
+        # The owner can always access despite the permissions
+        for obj in [self.field, self.entry, self.vault]:
+            obj.name = "Owned"
+
+            right = self.vault.right_ids
+            right.perm_write = False
+            obj.name = "Owned"
+
+            right.perm_delete = False
+            obj.unlink()
+
+    def test_no_create(self):
+        self.env["vault.right"].create(
+            {
+                "vault_id": self.vault.id,
+                "user_id": self.user.id,
+                "perm_create": False,
+            }
+        )
+
+        for obj in [self.field, self.entry, self.vault]:
+            with self.assertRaises(AccessError):
+                obj.with_user(self.user).check_access_rule("create")
+
+    def test_no_right(self):
+        # No right defined for test user means access denied
+        for obj in [self.field, self.entry, self.vault]:
+            with self.assertRaises(AccessError):
+                self.assertTrue(obj.with_user(self.user).read())
+
+            with self.assertRaises(AccessError):
+                obj.with_user(self.user).name = "Owned"
+
+            with self.assertRaises(AccessError):
+                obj.with_user(self.user).unlink()
+
+    def test_no_permission(self):
+        # Defined right but no write permission means access denied
+        self.env["vault.right"].create(
+            {
+                "vault_id": self.vault.id,
+                "user_id": self.user.id,
+                "perm_create": False,
+                "perm_write": False,
+                "perm_delete": False,
+            }
+        )
+        for obj in [self.field, self.entry, self.vault]:
+            self.assertTrue(obj.with_user(self.user).read())
+
+            with self.assertRaises(AccessError):
+                obj.with_user(self.user).name = "Owned"
+
+            with self.assertRaises(AccessError):
+                obj.with_user(self.user).unlink()
+
+    def test_granted(self):
+        # Granted write permission allows writing
+        self.env["vault.right"].create(
+            {
+                "vault_id": self.vault.id,
+                "user_id": self.user.id,
+                "perm_write": True,
+                "perm_delete": True,
+            }
+        )
+        for obj in [self.field, self.entry, self.vault]:
+            self.assertTrue(obj.with_user(self.user).read())
+
+            obj.with_user(self.user).name = "Owned"
+            obj.with_user(self.user).unlink()
+
+    def test_owner_share(self):
+        self.env["vault.right"].create(
+            {"vault_id": self.vault.id, "user_id": self.user.id}
+        )
+
+    def test_user_share_no_right(self):
+        # No right defined means AccessError
+        with self.assertRaises(AccessError):
+            self.env["vault.right"].with_user(self.user).create(
+                {"vault_id": self.vault.id, "user_id": 2}
+            )
+
+    def test_user_share_no_permission(self):
+        # Created right but no permission to share
+        right = self.env["vault.right"].create(
+            {"vault_id": self.vault.id, "user_id": self.user.id, "perm_share": False}
+        )
+
+        with self.assertRaises(AccessError):
+            right.with_user(self.user).create({"vault_id": self.vault.id, "user_id": 2})
+
+    def test_user_share_granted(self):
+        # Granted permission to share
+        right = self.env["vault.right"].create(
+            {"vault_id": self.vault.id, "user_id": self.user.id, "perm_share": True}
+        )
+        right.with_user(self.user).create({"vault_id": self.vault.id, "user_id": 2})
+
+        right.unlink()
diff --git a/vault/tests/test_user.py b/vault/tests/test_user.py
new file mode 100644
index 0000000000..2655e5e2e6
--- /dev/null
+++ b/vault/tests/test_user.py
@@ -0,0 +1,60 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo.tests import TransactionCase
+
+_logger = logging.getLogger(__name__)
+
+
+class TestShare(TransactionCase):
+    def test_user_inbox(self):
+        user = self.env["res.users"].create(
+            {"login": "test", "email": "test@test", "name": "test"}
+        )
+
+        user.action_new_inbox_token()
+
+        model = self.env["res.users"]
+        token = user.inbox_token
+
+        self.assertEqual(user, model.find_user_of_inbox(token))
+        self.assertIn(token, user.inbox_link)
+
+        user.inbox_enabled = False
+        self.assertEqual(model, model.find_user_of_inbox(token))
+
+        user.action_new_inbox_token()
+        self.assertNotEqual(user.inbox_token, token)
+
+    def test_user_key_management(self):
+        action = self.env.ref("vault.action_res_users_keys")
+
+        self.assertEqual(action.id, self.env["res.users"].action_get_vault()["id"])
+
+    def test_invalidation(self):
+        self.env["res.users.key"].store(
+            40000, "invalid", "invalid", "invalid", "invalid", 42
+        )
+        self.assertTrue(self.env.user.keys.filtered("current"))
+
+        vault = self.env["vault"].create({"name": "Test"})
+        self.assertTrue(vault.right_ids)
+
+        inbox = self.env["vault.inbox"].create(
+            {
+                "name": "Inbox Test",
+                "secret": "secret",
+                "iv": "iv",
+                "user_id": self.env.uid,
+                "key": "key",
+                "secret_file": "",
+                "filename": "",
+            }
+        )
+
+        self.env.user.action_invalidate_key()
+        self.assertFalse(self.env.user.keys.filtered("current"))
+        self.assertFalse(inbox.exists())
+        self.assertFalse(vault.right_ids.exists())
diff --git a/vault/tests/test_vault.py b/vault/tests/test_vault.py
new file mode 100644
index 0000000000..f803c5a496
--- /dev/null
+++ b/vault/tests/test_vault.py
@@ -0,0 +1,166 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# Copyright 2022 Tecnativa - Víctor Martínez
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+from datetime import datetime
+
+from odoo.exceptions import ValidationError
+from odoo.tests import TransactionCase
+
+_logger = logging.getLogger(__name__)
+
+
+class TestVault(TransactionCase):
+    def setUp(self):
+        super().setUp()
+
+        self.vault = self.env["vault"].create({"name": "Vault"})
+        self.entry = self.env["vault.entry"].create(
+            {"vault_id": self.vault.id, "name": "Entry"}
+        )
+        self.child = self.env["vault.entry"].create(
+            {"vault_id": self.vault.id, "name": "Child", "parent_id": self.entry.id}
+        )
+
+    def test_entry_path(self):
+        self.assertEqual(self.entry.complete_name, "Entry")
+        self.assertEqual(self.child.complete_name, "Entry / Child")
+
+    def test_wizard_actions(self):
+        values = self.child.action_open_import_wizard()
+        self.assertEqual(values["context"]["default_parent_id"], self.child.id)
+
+        values = self.vault.action_open_import_wizard()
+        self.assertNotIn("default_parent_id", values["context"])
+
+        values = self.child.action_open_export_wizard()
+        self.assertEqual(values["context"]["default_entry_id"], self.child.id)
+
+        values = self.vault.action_open_export_wizard()
+        self.assertNotIn("default_entry_id", values["context"])
+
+    def test_master_key(self):
+        right = self.vault.right_ids
+        self.assertEqual(self.vault.master_key, right.master_key)
+
+        self.vault.master_key = "test"
+        self.assertEqual(right.key, "test")
+
+    def test_share_public_key(self):
+        key = self.env["res.users.key"].create(
+            {
+                "user_id": self.vault.user_id.id,
+                "public": "a public key",
+                "salt": "42",
+                "iv": "2424",
+                "iterations": 4000,
+                "private": "24",
+            }
+        )
+
+        expected = {"user": 1, "public": key.public}
+        self.assertIn(expected, self.vault.share_public_keys())
+
+    def test_keys(self):
+        key = self.env["res.users.key"].create(
+            {
+                "user_id": self.vault.user_id.id,
+                "public": "a public key",
+                "salt": "42",
+                "iv": "2424",
+                "iterations": 4000,
+                "private": "24",
+            }
+        )
+
+        self.assertEqual(set("0123456789abcdef:"), set(key.fingerprint))
+
+        key.public = ""
+        self.assertEqual(key.fingerprint, False)
+
+    def test_store_keys(self):
+        model = self.env["res.users.key"]
+
+        # Raise some errors because of wrong parameters
+        with self.assertRaises(ValidationError):
+            model.store(1, "iv", "private", "public", 42, 42)
+
+        with self.assertRaises(ValidationError):
+            model.store(3000, "iv", "private", "public", "salt", 42)
+
+        with self.assertRaises(ValidationError):
+            model.store(4000, "iv", "private", "public", "salt", "abc")
+
+        # Actually store a new key
+        uuid = model.store(4000, "iv", "private", "public", "salt", 42)
+        rec = model.search([("uuid", "=", uuid)])
+        self.assertEqual(rec.private, "private")
+        self.assertTrue(rec.current)
+
+        # Don't store the same again
+        uuid = model.store(4000, "iv", "private", "public", "salt", 42)
+        self.assertFalse(uuid)
+
+        # Store a new one and disable the old one
+        uuid = model.store(4000, "iv", "more private", "public", "salt", 42)
+        self.assertFalse(rec.current)
+
+        rec = model.search([("uuid", "=", uuid)])
+        self.assertEqual(rec.private, "more private")
+        self.assertTrue(rec.current)
+
+        # Try to extract the public key again
+        user_id = self.env["res.users"].search([], limit=1, order="id DESC").id
+        public = model.extract_public_key(user_id + 1)
+        self.assertFalse(public)
+        public = model.extract_public_key(self.env.uid)
+        self.assertEqual(public, "public")
+
+    def test_vault_keys(self):
+        keys = self.env.user.get_vault_keys()
+        self.assertEqual(keys, {})
+
+        data = {
+            "user_id": self.env.user.id,
+            "public": "a public key",
+            "salt": "42",
+            "iv": "2424",
+            "iterations": 4000,
+            "private": "24",
+        }
+        self.env["res.users.key"].create(data)
+
+        keys = self.env.user.get_vault_keys()
+        for key in ["private", "public", "iv", "salt", "iterations"]:
+            self.assertEqual(keys[key], data[key])
+
+    def test_vault_entry_recursion(self):
+        child = self.env["vault.entry"].create(
+            {"vault_id": self.vault.id, "name": "Entry", "parent_id": self.entry.id}
+        )
+
+        with self.assertRaises(ValidationError):
+            self.entry.parent_id = child.id
+
+    def test_search_expired(self):
+        entry = self.env["vault.entry"]
+        self.assertEqual(entry._search_expired("in", []), [])
+
+        domain = entry._search_expired("=", True)
+        self.assertEqual(domain[0][:2], ("expire_date", "<"))
+        self.assertIsInstance(domain[0][2], datetime)
+
+        domain = entry._search_expired("!=", False)
+        self.assertEqual(domain[0][:2], ("expire_date", "<"))
+        self.assertIsInstance(domain[0][2], datetime)
+
+        domain = entry._search_expired("=", False)
+        self.assertTrue(domain[0] == "|")
+        self.assertIn(("expire_date", "=", False), domain)
+        self.assertTrue(any(("expire_date", ">=") == d[:2] for d in domain))
+
+    def test_vault_entry_search_panel_limit(self):
+        res = self.entry.search_panel_select_range("parent_id")
+        total_items = self.env["vault.entry"].search_count([("child_ids", "!=", False)])
+        self.assertEqual(len(res["values"]), total_items)
diff --git a/vault/tests/test_widgets.py b/vault/tests/test_widgets.py
new file mode 100644
index 0000000000..3d7d26dda3
--- /dev/null
+++ b/vault/tests/test_widgets.py
@@ -0,0 +1,156 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import json
+import logging
+from uuid import uuid4
+
+from odoo.exceptions import UserError
+from odoo.tests import TransactionCase
+
+_logger = logging.getLogger(__name__)
+
+
+TestChild = {
+    "uuid": "42a",
+    "note": "test note child",
+    "name": "test child",
+    "url": "child.example.org",
+    "fields": [],
+    "files": [],
+    "childs": [],
+}
+
+TestData = [
+    {
+        "uuid": "42b",
+        "note": "test note child",
+        "name": "don't import",
+        "url": "child.example.org",
+        "fields": [],
+        "files": [],
+        "childs": [],
+    },
+    TestChild,
+    {
+        "uuid": "42",
+        "note": "test note",
+        "name": "test name",
+        "url": "test.example.org",
+        "fields": [
+            {"name": "a", "value": "Hello World", "iv": "abcd"},
+            {"name": "secret", "value": "dlrow olleh", "iv": "abcd"},
+            {"name": "secret", "value": "dlrow olle", "iv": "abcd"},
+        ],
+        "files": [
+            {"name": "a", "value": "Hello World", "iv": "abcd"},
+            {"name": "secret", "value": "dlrow olleh", "iv": "abcd"},
+            {},
+        ],
+        "childs": [
+            {
+                "uuid": "42aa",
+                "note": "test note subchild",
+                "name": "test subchild",
+                "url": "subchild.example.org",
+                "fields": [],
+                "files": [],
+                "childs": [],
+            },
+            TestChild,
+        ],
+    },
+    TestChild,
+]
+
+
+class TestWidgets(TransactionCase):
+    def setUp(self):
+        super().setUp()
+
+        self.vault = self.env["vault"].create({"name": "Vault"})
+        self.entry = self.env["vault.entry"].create(
+            {"vault_id": self.vault.id, "name": "Entry"}
+        )
+
+    def test_path_generation(self):
+        wiz = self.env["vault.import.wizard"].create(
+            {"vault_id": self.vault.id, "crypted_content": json.dumps(TestData)}
+        )
+        wiz._onchange_content()
+
+        paths = wiz.path.search([("uuid", "=", wiz.uuid)]).mapped("name")
+
+        self.assertEqual(len(paths), 6)
+        self.assertIn("test name / test child", paths)
+        self.assertIn("test child", paths)
+        self.assertIn("test name", paths)
+
+    def test_import(self):
+        uuid = uuid4()
+        path = self.env["vault.import.wizard.path"].create(
+            {"name": "test", "uuid": uuid}
+        )
+
+        wiz = self.env["vault.import.wizard"].create(
+            {
+                "vault_id": self.vault.id,
+                "crypted_content": json.dumps(TestData),
+                "path": path.id,
+                "uuid": uuid,
+            }
+        )
+
+        wiz.action_import()
+
+        # We have duplicates
+        uuids = {"42", "42a", "42aa", self.entry.uuid}
+        self.assertSetEqual(set(self.vault.entry_ids.mapped("uuid")), uuids)
+
+        # Creation is depth-first which will cause the 42a to move up
+        self.assertEqual(self.vault.entry_ids.mapped("child_ids.uuid"), ["42aa"])
+
+        # This will cause an overwrite of the field
+        domain = [("entry_id.uuid", "=", "42"), ("name", "=", "secret")]
+        rec = self.env["vault.field"].search(domain)
+        self.assertEqual(rec.mapped("value"), ["dlrow olle"])
+
+        # Field with missing keys should fail
+        with self.assertRaises(UserError):
+            TestChild["fields"].append({"name": "12", "value": "eulav"})
+            wiz.crypted_content = json.dumps([TestChild])
+            wiz.action_import()
+
+    def test_export(self):
+        child = self.env["vault.entry"].create(
+            {"vault_id": self.vault.id, "name": "Child", "parent_id": self.entry.id}
+        )
+
+        second = self.env["vault.entry"].create(
+            {"vault_id": self.vault.id, "name": "second"}
+        )
+
+        wiz = self.env["vault.export.wizard"].create({"vault_id": self.vault.id})
+
+        # Export without entry should export entire vault
+        wiz._onchange_content()
+        entries = json.loads(wiz.content)
+        self.assertEqual({e["uuid"] for e in entries}, {second.uuid, self.entry.uuid})
+        self.assertEqual(len(entries), 2)
+
+        wiz.entry_id = self.entry
+
+        # Export the entire tree
+        wiz._onchange_content()
+        entries = json.loads(wiz.content)
+        self.assertEqual(len(entries), 1)
+        self.assertEqual(entries[0]["uuid"], self.entry.uuid)
+        self.assertEqual(entries[0]["childs"][0]["uuid"], child.uuid)
+
+        # Skip exporting childs
+        wiz.include_childs = False
+        wiz._onchange_content()
+        entries = json.loads(wiz.content)
+        self.assertEqual(len(entries), 1)
+        self.assertEqual(entries[0]["uuid"], self.entry.uuid)
+        self.assertEqual(len(entries[0]["childs"]), 0)
diff --git a/vault/views/menuitems.xml b/vault/views/menuitems.xml
new file mode 100644
index 0000000000..20f4f7d9f5
--- /dev/null
+++ b/vault/views/menuitems.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="action_vault" model="ir.actions.act_window">
+        <field name="name">Vault</field>
+        <field name="res_model">vault</field>
+        <field name="view_mode">tree,form</field>
+    </record>
+
+    <record id="action_vault_entry" model="ir.actions.act_window">
+        <field name="name">All Entries</field>
+        <field name="res_model">vault.entry</field>
+        <field name="view_mode">tree,form</field>
+        <field name="context">{'search_default_vault': 1}</field>
+        <field
+            name="view_ids"
+            eval="[(5,0,0),
+            (0,0,{'view_mode':'tree', 'view_id': ref('view_vault_entry_full_tree')}),
+            (0,0,{'view_mode':'form', 'view_id': ref('view_vault_entry_overview_form')})]"
+        />
+    </record>
+
+    <record id="action_vault_inbox" model="ir.actions.act_window">
+        <field name="name">Inbox</field>
+        <field name="res_model">vault.inbox</field>
+        <field name="view_mode">tree,form</field>
+    </record>
+
+    <record id="action_vault_right" model="ir.actions.act_window">
+        <field name="name">Rights</field>
+        <field name="res_model">vault.right</field>
+        <field name="view_mode">tree</field>
+        <field name="view_id" ref="view_vault_right_overview_tree" />
+        <field name="search_view_id" ref="view_vault_right_overview_search" />
+    </record>
+
+    <menuitem
+        id="menu_vault"
+        groups="base.group_user"
+        action="action_vault"
+        web_icon="vault,static/description/icon.png"
+    />
+    <menuitem
+        id="menu_vault_entry"
+        groups="base.group_user"
+        parent="menu_vault"
+        action="action_vault_entry"
+        sequence="30"
+    />
+    <menuitem
+        id="menu_vault_inbox"
+        groups="base.group_user"
+        parent="vault.menu_vault"
+        action="action_vault_inbox"
+        sequence="40"
+    />
+    <menuitem
+        id="menu_vault_right"
+        groups="base.group_user"
+        parent="vault.menu_vault"
+        action="action_vault_right"
+        sequence="50"
+    />
+</odoo>
diff --git a/vault/views/res_config_settings_views.xml b/vault/views/res_config_settings_views.xml
new file mode 100644
index 0000000000..691a50ee08
--- /dev/null
+++ b/vault/views/res_config_settings_views.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="res_config_settings_view_form" model="ir.ui.view">
+        <field name="name">res.config.settings.view.form</field>
+        <field name="model">res.config.settings</field>
+        <field name="inherit_id" ref="base_setup.res_config_settings_view_form" />
+        <field name="arch" type="xml">
+            <div id="user_default_rights" position="after">
+                <h2>Vault</h2>
+                <div class="row mt16 o_settings_container" id="vault">
+                    <div class="col-xs-12 col-md-6 o_setting_box" id="vault_share">
+                        <div class="o_setting_left_pane">
+                            <field name="module_vault_share" />
+                        </div>
+                        <div class="o_setting_right_pane">
+                            <label for="module_vault_share" string="Vault Share" />
+                            <div class="text-muted">
+                                Allow the usage to share secrets with external users
+                            </div>
+                        </div>
+                    </div>
+                    <div class="col-xs-12 col-md-6 o_setting_box" id="vault_share">
+                        <div class="o_setting_left_pane">
+                            <field name="group_vault_import" />
+                        </div>
+                        <div class="o_setting_right_pane">
+                            <label for="group_vault_import" />
+                            <div class="text-muted">
+                                Allow all users to import vaults accessible to them
+                            </div>
+                        </div>
+                    </div>
+                    <div class="col-xs-12 col-md-6 o_setting_box" id="vault_share">
+                        <div class="o_setting_left_pane">
+                            <field name="group_vault_export" />
+                        </div>
+                        <div class="o_setting_right_pane">
+                            <label for="group_vault_export" />
+                            <div class="text-muted">
+                                Allow all users to export vaults accessible to them
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </field>
+    </record>
+</odoo>
diff --git a/vault/views/res_users_views.xml b/vault/views/res_users_views.xml
new file mode 100644
index 0000000000..cbf44e6cd9
--- /dev/null
+++ b/vault/views/res_users_views.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="view_res_users_key_tree" model="ir.ui.view">
+        <field name="model">res.users.key</field>
+        <field name="arch" type="xml">
+            <tree editable="bottom">
+                <field name="current" readonly="1" />
+                <field name="fingerprint" readonly="1" />
+            </tree>
+        </field>
+    </record>
+
+    <record id="view_res_users_key_form" model="ir.ui.view">
+        <field name="model">res.users.key</field>
+        <field name="arch" type="xml">
+            <form>
+                <sheet>
+                    <group>
+                        <field name="fingerprint" readonly="1" />
+                    </group>
+                </sheet>
+            </form>
+        </field>
+    </record>
+
+    <record id="view_users_form_keys_modif" model="ir.ui.view">
+        <field name="model">res.users</field>
+        <field name="arch" type="xml">
+            <form>
+                <sheet>
+                    <group>
+                        <field name="inbox_link" widget="url" />
+                        <field name="inbox_enabled" />
+                    </group>
+
+                    <field name="keys" />
+                </sheet>
+                <footer>
+                    <button
+                        name="vault_generate_key"
+                        string="New private key"
+                        class="btn-primary"
+                    />
+                    <button
+                        name="action_new_inbox_token"
+                        type="object"
+                        string="New inbox link"
+                        class="btn-primary"
+                    />
+                    <button
+                        name="action_invalidate_key"
+                        type="object"
+                        string="Invalidate private key"
+                        class="btn-secondary"
+                        confirm="You will loose access to all vaults and your inbox. Do you want to continue?"
+                    />
+                    <button special="cancel" string="Cancel" class="btn-secondary" />
+                </footer>
+            </form>
+        </field>
+    </record>
+
+
+    <record id="action_res_users_keys" model="ir.actions.act_window">
+        <field name="name">Manage my keys</field>
+        <field name="type">ir.actions.act_window</field>
+        <field name="res_model">res.users</field>
+        <field name="target">new</field>
+        <field name="view_mode">form</field>
+    </record>
+
+    <record id="action_res_users_keys_view" model="ir.actions.act_window.view">
+        <field eval="10" name="sequence" />
+        <field name="view_mode">form</field>
+        <field name="view_id" ref="view_users_form_keys_modif" />
+        <field name="act_window_id" ref="action_res_users_keys" />
+    </record>
+</odoo>
diff --git a/vault/views/templates.xml b/vault/views/templates.xml
new file mode 100644
index 0000000000..2be894810a
--- /dev/null
+++ b/vault/views/templates.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <template id="inbox">
+        <t t-call="web.login_layout">
+            <t t-call-assets="vault.assets_frontend" t-css="false" defer_load="True" />
+
+            <form
+                class="oe_login_form"
+                role="form"
+                t-attf-action="/vault/inbox/{{ token }}"
+                method="post"
+                onsubmit="this.action = this.action + location.hash"
+            >
+                <input
+                    type="hidden"
+                    name="csrf_token"
+                    t-att-value="request.csrf_token()"
+                />
+                <input type="hidden" id="token" name="token" t-att-value="token" />
+                <input type="hidden" id="public" name="public" t-att-value="public" />
+                <input type="hidden" id="encrypted" name="encrypted" />
+                <input type="hidden" id="encrypted_file" name="encrypted_file" />
+                <input type="hidden" id="filename" name="filename" />
+                <input type="hidden" id="iv" name="iv" />
+                <input type="hidden" id="key" name="key" />
+
+                <div class="form-group">
+                    <label for="name">Name of your secret:</label>
+                    <input
+                        type="text"
+                        t-if="name"
+                        name="name"
+                        readonly="readonly"
+                        class="form-control"
+                        t-att-value="name"
+                    />
+                    <input
+                        type="text"
+                        t-else=""
+                        name="name"
+                        required="required"
+                        autofocus="autofocus"
+                        class="form-control"
+                    />
+                </div>
+
+                <div class="form-group">
+                    <label for="secret">Secret to share:</label>
+                    <input
+                        placeholder="Secret"
+                        type="text"
+                        id="secret"
+                        name="secret"
+                        required="required"
+                        autofocus="autofocus"
+                        class="form-control"
+                    />
+                </div>
+
+                <div class="form-group">
+                    <label for="secret">File to share:</label>
+                    <input
+                        type="file"
+                        placeholder="Secret"
+                        id="secret_file"
+                        name="secret_file"
+                        required="required"
+                        class="form-control"
+                    />
+                </div>
+
+                <p class="alert alert-danger" t-if="error" role="alert" t-esc="error" />
+                <p
+                    class="alert alert-success"
+                    t-if="message"
+                    role="status"
+                    t-esc="message"
+                />
+
+                <div
+                    t-attf-class="clearfix text-center mb-1 {{'pt-2' if form_small else 'pt-3'}}"
+                >
+                    <button
+                        id="submit"
+                        type="submit"
+                        class="btn btn-primary btn-block"
+                        disabled="disabled"
+                    >Submit secret</button>
+                </div>
+            </form>
+        </t>
+    </template>
+</odoo>
diff --git a/vault/views/vault_entry_views.xml b/vault/views/vault_entry_views.xml
new file mode 100644
index 0000000000..abe258eda5
--- /dev/null
+++ b/vault/views/vault_entry_views.xml
@@ -0,0 +1,191 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="view_vault_entry_tree" model="ir.ui.view">
+        <field name="model">vault.entry</field>
+        <field name="arch" type="xml">
+            <tree decoration-muted="expired">
+                <field name="expired" invisible="1" />
+                <field name="complete_name" />
+                <field name="tags" widget="many2many_tags" />
+            </tree>
+        </field>
+    </record>
+
+    <record id="view_vault_entry_full_tree" model="ir.ui.view">
+        <field name="model">vault.entry</field>
+        <field name="arch" type="xml">
+            <tree decoration-muted="expired">
+                <field name="expired" invisible="1" />
+                <field name="vault_id" />
+                <field name="complete_name" />
+                <field name="tags" widget="many2many_tags" />
+            </tree>
+        </field>
+    </record>
+
+    <record id="view_vault_entry_form" model="ir.ui.view">
+        <field name="model">vault.entry</field>
+        <field name="arch" type="xml">
+            <form>
+                <header>
+                    <button
+                        type="object"
+                        name="action_open_import_wizard"
+                        string="Import from file"
+                        groups="vault.group_vault_import"
+                    />
+                    <button
+                        type="object"
+                        name="action_open_export_wizard"
+                        string="Export to file"
+                        groups="vault.group_vault_export"
+                    />
+                </header>
+                <sheet>
+                    <field name="perm_user" invisible="1" />
+                    <field name="allowed_create" invisible="1" />
+                    <field name="allowed_share" invisible="1" />
+                    <field name="allowed_write" invisible="1" />
+                    <field name="allowed_delete" invisible="1" />
+
+                    <group>
+                        <group>
+                            <field
+                                name="vault_id"
+                                invisible="1"
+                                force_save="1"
+                                attrs="{'readonly': [('vault_id', '!=', False)]}"
+                            />
+                            <field
+                                name="parent_id"
+                                options="{'no_open': true, 'no_create_edit': true, 'no_quick_create': true}"
+                            />
+                            <field name="complete_name" invisible="1" />
+                            <field name="name" />
+                            <field name="url" widget="url" />
+                            <field name="tags" widget="many2many_tags" />
+                        </group>
+                        <group>
+                            <field name="create_date" />
+                            <field name="write_date" />
+                            <field name="expire_date" />
+                        </group>
+                    </group>
+
+                    <notebook>
+                        <page string="Content">
+                            <label for="field_ids" />
+                            <field
+                                name="field_ids"
+                                context="{'default_entry_id': active_id}"
+                                options="{'create': [('allowed_create', '=', True)], 'delete': [('allowed_delete', '=', True)], 'no_open': true}"
+                            >
+                                <tree editable="bottom">
+                                    <field name="vault_id" invisible="1" />
+                                    <field name="entry_id" invisible="1" />
+                                    <field name="iv" invisible="1" />
+                                    <field name="master_key" invisible="1" />
+                                    <field name="name" />
+                                    <field
+                                        name="value"
+                                        widget="vault_field"
+                                        type="field_type"
+                                    />
+                                    <field name="write_date" />
+                                </tree>
+                            </field>
+
+                            <label for="file_ids" />
+                            <field
+                                name="file_ids"
+                                context="{'default_entry_id': active_id}"
+                                options="{'create': [('allowed_create', '=', True)], 'delete': [('allowed_delete', '=', True)], 'no_open': True}"
+                            >
+                                <tree editable="bottom">
+                                    <field name="vault_id" invisible="1" />
+                                    <field name="entry_id" invisible="1" />
+                                    <field name="iv" invisible="1" />
+                                    <field name="master_key" invisible="1" />
+                                    <field name="name" invisible="1" />
+                                    <field
+                                        name="value"
+                                        widget="vault_file"
+                                        filename="name"
+                                    />
+                                    <field name="write_date" />
+                                </tree>
+                            </field>
+                        </page>
+                        <page string="Note">
+                            <field name="note" />
+                        </page>
+                        <page string="Childs">
+                            <field
+                                name="child_ids"
+                                context="{'default_parent_id': active_id, 'default_vault_id': vault_id}"
+                            />
+                        </page>
+                        <page string="Log">
+                            <field name="log_ids" options="{'no_open': True}" />
+                        </page>
+                    </notebook>
+                </sheet>
+            </form>
+        </field>
+    </record>
+
+    <record id="view_vault_entry_overview_form" model="ir.ui.view">
+        <field name="model">vault.entry</field>
+        <field name="mode">primary</field>
+        <field name="priority">100</field>
+        <field name="inherit_id" ref="view_vault_entry_form" />
+        <field name="arch" type="xml">
+            <field name="vault_id" position="attributes">
+                <attribute name="invisible">0</attribute>
+            </field>
+        </field>
+    </record>
+
+    <record id="view_vault_entry_search" model="ir.ui.view">
+        <field name="name">vault.entry.search</field>
+        <field name="model">vault.entry</field>
+        <field name="arch" type="xml">
+            <search>
+                <field name="complete_name" operator="ilike" />
+                <field name="name" operator="ilike" />
+                <field name="tags" operator="ilike" />
+                <field name="note" operator="ilike" />
+                <filter
+                    string="Expired"
+                    name="expired"
+                    domain="[('expired', '=', True)]"
+                />
+                <filter
+                    string="Not Expired"
+                    name="not_expired"
+                    domain="[('expired', '!=', True)]"
+                />
+                <filter
+                    string="Vault"
+                    name="vault"
+                    domain="[]"
+                    context="{'group_by': 'vault_id'}"
+                />
+                <searchpanel>
+                    <field
+                        name="vault_id"
+                        string="Vaults"
+                        enable_counters="1"
+                        limit="0"
+                    />
+                    <field
+                        name="parent_id"
+                        string="Entries"
+                        enable_counters="1"
+                        limit="0"
+                    />
+                </searchpanel>
+            </search>
+        </field>
+    </record>
+</odoo>
diff --git a/vault/views/vault_field_views.xml b/vault/views/vault_field_views.xml
new file mode 100644
index 0000000000..f22f96ec17
--- /dev/null
+++ b/vault/views/vault_field_views.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="view_vault_field_form" model="ir.ui.view">
+        <field name="model">vault.field</field>
+        <field name="arch" type="xml">
+            <form>
+                <sheet>
+                    <group>
+                        <field name="vault_id" invisible="1" />
+                        <field name="entry_id" invisible="1" />
+                        <field name="iv" invisible="1" />
+                        <field name="master_key" invisible="1" />
+                        <field name="name" />
+                        <field name="value" widget="vault" type="field_type" />
+                        <field name="write_date" />
+                    </group>
+                </sheet>
+            </form>
+        </field>
+    </record>
+
+    <record id="view_vault_field_tree" model="ir.ui.view">
+        <field name="model">vault.field</field>
+        <field name="arch" type="xml">
+            <tree create="false" delete="false">
+                <field name="vault_id" invisible="1" />
+                <field name="entry_id" invisible="1" />
+                <field name="iv" invisible="1" />
+                <field name="master_key" invisible="1" />
+                <field name="name" />
+                <field name="value" widget="vault" type="field_type" />
+                <field name="write_date" />
+            </tree>
+        </field>
+    </record>
+</odoo>
diff --git a/vault/views/vault_file_views.xml b/vault/views/vault_file_views.xml
new file mode 100644
index 0000000000..78769dc746
--- /dev/null
+++ b/vault/views/vault_file_views.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="view_vault_file_form" model="ir.ui.view">
+        <field name="model">vault.file</field>
+        <field name="arch" type="xml">
+            <form>
+                <sheet>
+                    <group>
+                        <field name="vault_id" invisible="1" />
+                        <field name="entry_id" invisible="1" />
+                        <field name="iv" invisible="1" />
+                        <field name="master_key" invisible="1" />
+                        <field name="name" invisible="1" />
+                        <field name="value" widget="vault_file" filename="name" />
+                        <field name="write_date" />
+                    </group>
+                </sheet>
+            </form>
+        </field>
+    </record>
+
+    <record id="view_vault_file_tree" model="ir.ui.view">
+        <field name="model">vault.file</field>
+        <field name="arch" type="xml">
+            <tree create="false" delete="false">
+                <field name="vault_id" invisible="1" />
+                <field name="entry_id" invisible="1" />
+                <field name="iv" invisible="1" />
+                <field name="master_key" invisible="1" />
+                <field name="name" invisible="1" />
+                <field name="value" widget="vault_file" filename="name" />
+                <field name="write_date" />
+            </tree>
+        </field>
+    </record>
+</odoo>
diff --git a/vault/views/vault_inbox_views.xml b/vault/views/vault_inbox_views.xml
new file mode 100644
index 0000000000..9b9f1b0b90
--- /dev/null
+++ b/vault/views/vault_inbox_views.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="view_vault_inbox_tree" model="ir.ui.view">
+        <field name="model">vault.inbox</field>
+        <field name="arch" type="xml">
+            <tree create="false">
+                <field name="name" />
+                <field name="inbox_link" widget="url" />
+            </tree>
+        </field>
+    </record>
+
+    <record id="view_vault_inbox_form" model="ir.ui.view">
+        <field name="model">vault.inbox</field>
+        <field name="arch" type="xml">
+            <form create="false">
+                <sheet>
+                    <field name="user_id" invisible="1" />
+                    <field name="iv" invisible="1" />
+                    <field name="key" invisible="1" />
+                    <field name="filename" invisible="1" />
+                    <group>
+                        <field name="inbox_link" widget="url" />
+                        <field name="name" />
+                        <field name="accesses" />
+                        <field name="expiration" />
+                        <field
+                            name="secret"
+                            widget="vault_inbox_field"
+                            attrs="{'invisible': [('secret', '=', False)]}"
+                        />
+                        <field
+                            name="secret_file"
+                            filename="filename"
+                            widget="vault_inbox_file"
+                            attrs="{'invisible': [('secret_file', '=', False)]}"
+                        />
+                    </group>
+
+                    <label for="log_ids" />
+                    <field name="log_ids" options="{'no_open': True}">
+                        <tree>
+                            <field name="name" />
+                            <field name="create_date" />
+                        </tree>
+                    </field>
+                </sheet>
+            </form>
+        </field>
+    </record>
+</odoo>
diff --git a/vault/views/vault_log_views.xml b/vault/views/vault_log_views.xml
new file mode 100644
index 0000000000..87410a9c2a
--- /dev/null
+++ b/vault/views/vault_log_views.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="view_vault_log_tree" model="ir.ui.view">
+        <field name="model">vault.log</field>
+        <field name="arch" type="xml">
+            <tree
+                decoration-danger="state == 'error'"
+                decoration-warning="state == 'warn'"
+                decoration-info="state == 'info'"
+            >
+                <field name="user_id" />
+                <field name="message" />
+                <field name="create_date" />
+                <field name="state" invisible="1" />
+            </tree>
+        </field>
+    </record>
+</odoo>
diff --git a/vault/views/vault_right_views.xml b/vault/views/vault_right_views.xml
new file mode 100644
index 0000000000..940a2c6d12
--- /dev/null
+++ b/vault/views/vault_right_views.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="view_right_tree" model="ir.ui.view">
+        <field name="model">vault.right</field>
+        <field name="arch" type="xml">
+            <tree editable="bottom" decoration-danger="not key">
+                <field name="vault_id" invisible="1" />
+                <field name="master_key" invisible="1" />
+                <field name="key" invisible="1" />
+                <field name="public_key" invisible="1" />
+                <field name="user_id" />
+                <field name="perm_create" />
+                <field name="perm_write" />
+                <field name="perm_share" />
+                <field name="perm_delete" />
+            </tree>
+        </field>
+    </record>
+
+    <record id="view_right_form" model="ir.ui.view">
+        <field name="model">vault.right</field>
+        <field name="arch" type="xml">
+            <form>
+                <sheet>
+                    <group>
+                        <field name="user_id" />
+                        <field name="perm_create" />
+                        <field name="perm_write" />
+                        <field name="perm_share" />
+                        <field name="perm_delete" />
+                    </group>
+                </sheet>
+            </form>
+        </field>
+    </record>
+
+    <record id="view_vault_right_overview_tree" model="ir.ui.view">
+        <field name="model">vault.right</field>
+        <field name="arch" type="xml">
+            <tree create="false">
+                <field name="vault_id" />
+                <field name="user_id" />
+                <field name="perm_create" />
+                <field name="perm_write" />
+                <field name="perm_share" />
+                <field name="perm_delete" />
+            </tree>
+        </field>
+    </record>
+
+    <record id="view_vault_right_overview_search" model="ir.ui.view">
+        <field name="name">vault.right.overview.search</field>
+        <field name="model">vault.right</field>
+        <field name="arch" type="xml">
+            <search>
+                <field name="user_id" operator="ilike" />
+                <field name="vault_id" operator="ilike" />
+                <group expand="0" string="Grouped">
+                    <filter
+                        name="user_id"
+                        string="By user"
+                        context="{'group_by': 'user_id'}"
+                    />
+                    <filter
+                        name="vault_id"
+                        string="By vault"
+                        context="{'group_by': 'vault_id'}"
+                    />
+                </group>
+            </search>
+        </field>
+    </record>
+</odoo>
diff --git a/vault/views/vault_views.xml b/vault/views/vault_views.xml
new file mode 100644
index 0000000000..00e4271fbe
--- /dev/null
+++ b/vault/views/vault_views.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="view_vault_search" model="ir.ui.view">
+        <field name="name">vault.search</field>
+        <field name="model">vault</field>
+        <field name="arch" type="xml">
+            <search>
+                <field name="name" operator="ilike" />
+                <field name="note" operator="ilike" />
+            </search>
+        </field>
+    </record>
+
+    <record id="action_open_entries" model="ir.actions.act_window">
+        <field name="name">Entries</field>
+        <field name="res_model">vault.entry</field>
+        <field name="view_mode">tree,form</field>
+        <field name="domain">[("vault_id", "=", active_id)]</field>
+        <field name="context">{
+            "default_vault_id": active_id,
+            "searchpanel_default_vault_id": active_id}
+        </field>
+        <field name="search_view_id" ref="view_vault_entry_search" />
+    </record>
+
+    <record id="view_vault_tree" model="ir.ui.view">
+        <field name="model">vault</field>
+        <field name="arch" type="xml">
+            <tree>
+                <field name="name" />
+                <field name="user_id" />
+                <field name="note" />
+            </tree>
+        </field>
+    </record>
+
+    <record id="view_vault_form" model="ir.ui.view">
+        <field name="model">vault</field>
+        <field name="arch" type="xml">
+            <form>
+                <header>
+                    <button
+                        type="object"
+                        name="action_open_import_wizard"
+                        string="Import from file"
+                        groups="vault.group_vault_import"
+                    />
+                    <button
+                        type="object"
+                        name="action_open_export_wizard"
+                        string="Export to file"
+                        groups="vault.group_vault_export"
+                    />
+                    <button name="vault_verify" string="Verify" />
+                    <button
+                        name="vault_reencrypt"
+                        string="Re-encrypt"
+                        attrs="{'invisible': [('reencrypt_required', '=', True)]}"
+                    />
+                    <button
+                        name="vault_reencrypt"
+                        string="Re-encrypt"
+                        class="oe_highlight"
+                        attrs="{'invisible': [('reencrypt_required', '=', False)]}"
+                    />
+                </header>
+                <sheet>
+                    <div class="oe_button_box" name="button_box">
+                        <button
+                            class="oe_stat_button"
+                            name="vault.action_open_entries"
+                            string="Entries"
+                            type="action"
+                            icon="fa-bars"
+                        />
+                    </div>
+
+                    <group>
+                        <field name="reencrypt_required" invisible="1" />
+                        <field name="allowed_share" invisible="1" />
+                        <field name="allowed_write" invisible="1" />
+                        <field name="allowed_create" invisible="1" />
+                        <field name="allowed_delete" invisible="1" />
+                        <field name="master_key" invisible="1" required="1" />
+                        <field name="name" />
+                        <field name="user_id" />
+                        <field name="note" />
+                    </group>
+
+                    <notebook>
+                        <page
+                            string="Rights"
+                            attrs="{'invisible':[('allowed_share', '=', False)]}"
+                        >
+                            <field
+                                name="right_ids"
+                                context="{'default_vault_id': active_id}"
+                                options="{'create': [('allowed_share', '=', True)], 'delete': [('allowed_share', '=', True)]}"
+                            />
+                        </page>
+                        <page string="Log">
+                            <field name="log_ids" options="{'no_open': True}" />
+                        </page>
+                    </notebook>
+                </sheet>
+            </form>
+        </field>
+    </record>
+</odoo>
diff --git a/vault/wizards/__init__.py b/vault/wizards/__init__.py
new file mode 100644
index 0000000000..4059c96dcc
--- /dev/null
+++ b/vault/wizards/__init__.py
@@ -0,0 +1,9 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import (
+    vault_export_wizard,
+    vault_import_wizard,
+    vault_send_wizard,
+    vault_store_wizard,
+)
diff --git a/vault/wizards/vault_export_wizard.py b/vault/wizards/vault_export_wizard.py
new file mode 100644
index 0000000000..858bfa2d0e
--- /dev/null
+++ b/vault/wizards/vault_export_wizard.py
@@ -0,0 +1,71 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import json
+import logging
+from datetime import datetime
+
+from odoo import _, api, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class ExportWizard(models.TransientModel):
+    _name = "vault.export.wizard"
+    _description = _("Export wizard for vaults")
+
+    vault_id = fields.Many2one("vault", "Vault")
+    entry_id = fields.Many2one(
+        "vault.entry", "Entries", domain="[('vault_id', '=', vault_id)]"
+    )
+    master_key = fields.Char(related="vault_id.master_key")
+    name = fields.Char(default=lambda self: self._default_name())
+    content = fields.Binary("Download", attachment=False)
+    include_childs = fields.Boolean(default=True)
+
+    @api.onchange("vault_id", "entry_id")
+    def _onchange_content(self):
+        for rec in self.with_context(skip_log=True):
+            rec.content = self._export_content(
+                rec.vault_id,
+                rec.entry_id,
+                rec.include_childs,
+            )
+
+    def _default_name(self):
+        return datetime.now().strftime("database-%Y%m%d-%H%M.json")
+
+    def _export_content(self, vault=None, entry=None, include_childs=False):
+        if entry:
+            entries = entry
+        elif vault:
+            entries = vault.entry_ids.filtered_domain([("parent_id", "=", False)])
+        else:
+            return json.dumps([])
+
+        data = [self._export_entry(x, include_childs) for x in entries]
+        return json.dumps(data)
+
+    @api.model
+    def _export_field(self, rec):
+        def ensure_string(x):
+            return x.decode() if isinstance(x, bytes) else x
+
+        return {f: ensure_string(rec[f]) for f in ["name", "iv", "value"]}
+
+    @api.model
+    def _export_entry(self, entry, include_childs=False):
+        if include_childs:
+            childs = [self._export_entry(x, include_childs) for x in entry.child_ids]
+        else:
+            childs = []
+
+        return {
+            "uuid": entry.uuid,
+            "name": entry.name,
+            "note": entry.note,
+            "url": entry.url,
+            "fields": entry.field_ids.mapped(self._export_field),
+            "files": entry.file_ids.mapped(self._export_field),
+            "childs": childs,
+        }
diff --git a/vault/wizards/vault_export_wizard.xml b/vault/wizards/vault_export_wizard.xml
new file mode 100644
index 0000000000..71c043569a
--- /dev/null
+++ b/vault/wizards/vault_export_wizard.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="view_vault_export_wizard" model="ir.ui.view">
+        <field name="model">vault.export.wizard</field>
+        <field name="arch" type="xml">
+            <form>
+                <sheet>
+                    <field name="vault_id" invisible="1" />
+                    <field name="entry_id" invisible="1" />
+                    <field name="master_key" invisible="1" />
+                    <field name="name" invisible="1" />
+
+                    <group>
+                        <field
+                            name="content"
+                            widget="vault_export_file"
+                            filename="name"
+                            readonly="1"
+                        />
+                        <field name="include_childs" />
+                    </group>
+                </sheet>
+                <footer>
+                    <button type="special" string="Close" special="cancel" />
+                </footer>
+            </form>
+        </field>
+    </record>
+</odoo>
diff --git a/vault/wizards/vault_import_wizard.py b/vault/wizards/vault_import_wizard.py
new file mode 100644
index 0000000000..15fd16b5c9
--- /dev/null
+++ b/vault/wizards/vault_import_wizard.py
@@ -0,0 +1,134 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import json
+import logging
+from uuid import uuid4
+
+from odoo import _, api, fields, models
+from odoo.exceptions import UserError
+
+_logger = logging.getLogger(__name__)
+
+
+class ImportWizardPath(models.TransientModel):
+    _name = "vault.import.wizard.path"
+    _description = _("Import wizard path for vaults")
+
+    name = fields.Char(required=True)
+    uuid = fields.Char(required=True)
+
+
+class ImportWizard(models.TransientModel):
+    _name = "vault.import.wizard"
+    _description = _("Import wizard for vaults")
+
+    vault_id = fields.Many2one("vault", "Vault")
+    parent_id = fields.Many2one(
+        "vault.entry",
+        "Parent Entry",
+        domain="[('vault_id', '=', vault_id)]",
+    )
+    master_key = fields.Char(related="vault_id.master_key")
+    name = fields.Char()
+    content = fields.Binary("Database", attachment=False)
+    crypted_content = fields.Char()
+    uuid = fields.Char(default=lambda self: uuid4())
+
+    path = fields.Many2one(
+        "vault.import.wizard.path",
+        "Path to import",
+        default="",
+        domain="[('uuid', '=', uuid)]",
+    )
+
+    @api.onchange("crypted_content", "content")
+    def _onchange_content(self):
+        for rec in self:
+            if rec.crypted_content:
+                for entry in json.loads(rec.crypted_content or []):
+                    rec._create_path(entry)
+
+    def _create_path(self, entry, path=None):
+        self.ensure_one()
+        p = f"{path} / {entry['name']}" if path else entry["name"]
+
+        if "name" in entry:
+            self.env["vault.import.wizard.path"].create({"uuid": self.uuid, "name": p})
+
+        for child in entry.get("childs", []):
+            self._create_path(child, p)
+
+    def _import_field(self, entry, model, data):
+        if not data:
+            return
+
+        # Only copy specific fields
+        vals = {f: data[f] for f in ["name", "iv", "value"]}
+
+        # Update already existing records
+        domain = [("entry_id", "=", entry.id), ("name", "=", data["name"])]
+        rec = model.search(domain)
+        if rec:
+            rec.write(vals)
+        else:
+            rec.create({"entry_id": entry.id, **vals})
+
+    def _import_entry(self, entry, parent=None, path=None):
+        p = f"{path} / {entry['name']}" if path else entry["name"]
+        result = self.env["vault.entry"]
+        if p.startswith(self.path.name or ""):
+            if not parent:
+                parent = self.env["vault.entry"]
+
+            # Update existing records if already imported
+            rec = self.env["vault.entry"]
+            if entry.get("uuid"):
+                domain = [
+                    ("uuid", "=", entry["uuid"]),
+                    ("vault_id", "=", self.vault_id.id),
+                ]
+                rec = rec.search(domain, limit=1)
+
+            # If record not found create a new one
+            vals = {f: entry.get(f) for f in ["name", "note", "url", "uuid"]}
+            if not rec:
+                rec = rec.create(
+                    {"vault_id": self.vault_id.id, "parent_id": parent.id, **vals}
+                )
+            else:
+                rec.write({"parent_id": parent.id, **vals})
+
+            # Create/update the entry fields
+            for field in entry.get("fields", []):
+                self._import_field(rec, self.env["vault.field"], field)
+
+            # Create/update the entry files
+            for file in entry.get("files", []):
+                self._import_field(rec, self.env["vault.file"], file)
+
+            result |= rec
+
+        else:
+            rec = None
+
+        # Create the sub-entries
+        for child in entry.get("childs", []):
+            result |= self._import_entry(child, rec, p)
+
+        return result
+
+    def action_import(self):
+        self.ensure_one()
+
+        try:
+            data = json.loads(self.crypted_content)
+            entries = self.env["vault.entry"]
+            for entry in data:
+                entries |= self.with_context(skip_log=True)._import_entry(
+                    entry, self.parent_id
+                )
+
+            self.vault_id.log_entry(f"Imported entries from file {self.name}")
+        except Exception as e:
+            raise UserError(_("Invalid file to import from")) from e
diff --git a/vault/wizards/vault_import_wizard.xml b/vault/wizards/vault_import_wizard.xml
new file mode 100644
index 0000000000..9c3b3aac0a
--- /dev/null
+++ b/vault/wizards/vault_import_wizard.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="view_vault_import_wizard" model="ir.ui.view">
+        <field name="model">vault.import.wizard</field>
+        <field name="arch" type="xml">
+            <form>
+                <sheet>
+                    <field name="master_key" invisible="1" />
+                    <field name="vault_id" invisible="1" />
+                    <field name="crypted_content" invisible="1" />
+                    <field name="name" invisible="1" />
+                    <field name="uuid" invisible="1" />
+
+                    <div>The files must end on one of the supported file type:</div>
+                    <ul>
+                        <li>Custom JSON format <b>.json</b></li>
+                        <li>Keepass Database <b>.kdbx</b></li>
+                    </ul>
+
+                    <group>
+                        <field name="content" filename="name" />
+                        <field
+                            name="parent_id"
+                            options="{'no_create_edit': True, 'no_open': True}"
+                        />
+                        <field
+                            name="path"
+                            attrs="{'invisible': [('crypted_content', '=', False)]}"
+                            options="{'no_create_edit': True, 'no_open': True}"
+                        />
+                    </group>
+                </sheet>
+                <footer>
+                    <button
+                        type="object"
+                        name="action_import"
+                        string="Import"
+                        class="oe_highlight"
+                        attrs="{'invisible': [('crypted_content', '=', False)]}"
+                    />
+                    <button
+                        type="object"
+                        name="action_import"
+                        string="Import"
+                        attrs="{'invisible': [('crypted_content', '!=', False)]}"
+                    />
+                    or
+                    <button type="special" string="Cancel" special="cancel" />
+                </footer>
+            </form>
+        </field>
+    </record>
+</odoo>
diff --git a/vault/wizards/vault_send_wizard.py b/vault/wizards/vault_send_wizard.py
new file mode 100644
index 0000000000..c4a6ff491a
--- /dev/null
+++ b/vault/wizards/vault_send_wizard.py
@@ -0,0 +1,56 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo import _, fields, models
+from odoo.exceptions import ValidationError
+
+_logger = logging.getLogger(__name__)
+
+
+class VaultSendWizard(models.TransientModel):
+    _name = "vault.send.wizard"
+    _description = _("Wizard to send another user a secret")
+
+    user_id = fields.Many2one(
+        "res.users",
+        "User",
+        required=True,
+        domain=[("keys", "!=", False), ("inbox_enabled", "=", True)],
+    )
+    name = fields.Char(required=True)
+    public = fields.Char(related="user_id.active_key.public")
+    iv = fields.Char(required=True)
+    key_user = fields.Char(required=True)
+    key = fields.Char(required=True)
+    secret = fields.Char()
+    secret_file = fields.Char()
+    filename = fields.Char()
+
+    _sql_constraints = [
+        (
+            "value_check",
+            "CHECK(secret IS NOT NULL OR secret_file IS NOT NULL)",
+            _("No value found"),
+        ),
+    ]
+
+    def action_send(self):
+        if not self.secret and not self.secret_file:
+            raise ValidationError(_("Neither a secret nor file was given"))
+
+        self.ensure_one()
+        self.env["vault.inbox"].sudo().create(
+            {
+                "name": self.name,
+                "accesses": 0,
+                "secret": self.secret,
+                "secret_file": self.secret_file,
+                "iv": self.iv,
+                "key": self.key_user,
+                "user_id": self.user_id.id,
+                "filename": self.filename,
+                "log_ids": [(0, 0, {"name": _("Created by %s") % self.user_id.name})],
+            }
+        )
diff --git a/vault/wizards/vault_send_wizard.xml b/vault/wizards/vault_send_wizard.xml
new file mode 100644
index 0000000000..7370238070
--- /dev/null
+++ b/vault/wizards/vault_send_wizard.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="view_vault_send_wizard" model="ir.ui.view">
+        <field name="model">vault.send.wizard</field>
+        <field name="arch" type="xml">
+            <form>
+                <sheet>
+                    <div>
+                        You can only send the secret to the user who has generated a key-pair.
+                        If an user is not showing please ask him to generate these.
+                    </div>
+                    <group>
+                        <field name="iv" invisible="1" />
+                        <field name="key" invisible="1" />
+                        <field name="key_user" invisible="1" />
+                        <field name="secret" invisible="1" />
+                        <field name="public" invisible="1" />
+                        <field
+                            name="user_id"
+                            options="{'no_open': true, 'no_create_edit': true, 'no_quick_create': true}"
+                        />
+                        <field name="name" />
+                    </group>
+                </sheet>
+                <footer>
+                    <button
+                        type="object"
+                        name="action_send"
+                        string="Send"
+                        class="oe_highlight"
+                    />
+                    or
+                    <button type="special" string="Cancel" special="cancel" />
+                </footer>
+            </form>
+        </field>
+    </record>
+</odoo>
diff --git a/vault/wizards/vault_store_wizard.py b/vault/wizards/vault_store_wizard.py
new file mode 100644
index 0000000000..9273eb7b6e
--- /dev/null
+++ b/vault/wizards/vault_store_wizard.py
@@ -0,0 +1,47 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo import _, api, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class VaultStoreWizard(models.TransientModel):
+    _name = "vault.store.wizard"
+    _description = _("Wizard store a shared secret in a vault")
+
+    vault_id = fields.Many2one("vault", "Vault", required=True)
+    entry_id = fields.Many2one(
+        "vault.entry",
+        "Entry",
+        domain="[('vault_id', '=', vault_id)]",
+        required=True,
+    )
+    model = fields.Char(required=True)
+    master_key = fields.Char(compute="_compute_master_key", store=False)
+    name = fields.Char(required=True)
+    iv = fields.Char(required=True)
+    key = fields.Char(required=True)
+    secret = fields.Char(required=True)
+    secret_temporary = fields.Char(required=True)
+
+    @api.depends("entry_id", "vault_id")
+    def _compute_master_key(self):
+        for rec in self:
+            rec.master_key = rec.vault_id.master_key
+
+    def action_store(self):
+        self.ensure_one()
+        try:
+            self.env[self.model].create(
+                {
+                    "entry_id": self.entry_id.id,
+                    "name": self.name,
+                    "iv": self.iv,
+                    "value": self.secret,
+                }
+            )
+        except Exception as e:
+            _logger.exception(e)
diff --git a/vault/wizards/vault_store_wizard.xml b/vault/wizards/vault_store_wizard.xml
new file mode 100644
index 0000000000..c3226c8f28
--- /dev/null
+++ b/vault/wizards/vault_store_wizard.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="view_vault_store_wizard" model="ir.ui.view">
+        <field name="model">vault.store.wizard</field>
+        <field name="arch" type="xml">
+            <form>
+                <sheet>
+                    <group>
+                        <field name="iv" invisible="1" />
+                        <field name="key" invisible="1" />
+                        <field name="master_key" invisible="1" />
+                        <field name="secret" invisible="1" />
+                        <field name="secret_temporary" invisible="1" />
+                        <field
+                            name="vault_id"
+                            options="{'no_create_edit': True, 'no_open': True, 'no_quick_create': true}"
+                        />
+                        <field
+                            name="entry_id"
+                            attrs="{'invisible': [('vault_id', '=', False)]}"
+                            options="{'no_create_edit': True, 'no_open': True, 'no_quick_create': true}"
+                        />
+                        <field name="name" />
+                    </group>
+                </sheet>
+                <footer>
+                    <button
+                        type="object"
+                        name="action_store"
+                        string="Store"
+                        class="oe_highlight"
+                    />
+                    or
+                    <button type="special" string="Cancel" special="cancel" />
+                </footer>
+            </form>
+        </field>
+    </record>
+</odoo>
diff --git a/vault_share/README.rst b/vault_share/README.rst
new file mode 100644
index 0000000000..69390742a5
--- /dev/null
+++ b/vault_share/README.rst
@@ -0,0 +1,86 @@
+=============
+Vault - Share
+=============
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:adce488b82d4097f6a7f94b8dfeb82712b9e717846f3cc745600419fc4393eed
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/16.0/vault_share
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-vault_share
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=16.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module implements possibilities to share specific secrets with external users. This bases on the vault implementation and the generated RSA key pair.
+
+Share
+~~~~~
+
+This allows an user to share a secret with external users. A share can be generated from a vault entry or directly created by an user. The secret is symmetrically encrypted by a key derived from a pin. To grant access the user has to transmit the link and pin with the external. If either the access counter reaches 0 or the share expires it will be deleted automatically. Due to the usage of a numeric pin and the browser side decryption a share is vulnerable to brute-force attacks and shouldn't be used as a permanent storage for secrets. For long time uses the user should create an account and a vault should be used.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Known issues / Roadmap
+======================
+
+* Secure the download of the encrypted file behind a challenge/response
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20vault_share%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* initOS GmbH
+
+Contributors
+~~~~~~~~~~~~
+
+* Florian Kantelberg <florian.kantelberg@initos.com>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/16.0/vault_share>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/vault_share/__init__.py b/vault_share/__init__.py
new file mode 100644
index 0000000000..05ae53c8cb
--- /dev/null
+++ b/vault_share/__init__.py
@@ -0,0 +1,4 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import controllers, models
diff --git a/vault_share/__manifest__.py b/vault_share/__manifest__.py
new file mode 100644
index 0000000000..7e05ea658a
--- /dev/null
+++ b/vault_share/__manifest__.py
@@ -0,0 +1,35 @@
+# © 2021-2024 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Vault - Share",
+    "summary": "Implementation of a mechanism to share secrets",
+    "license": "AGPL-3",
+    "version": "16.0.1.0.0",
+    "website": "https://github.com/OCA/server-auth",
+    "application": False,
+    "author": "initOS GmbH, Odoo Community Association (OCA)",
+    "category": "Vault",
+    "depends": ["vault"],
+    "data": [
+        "data/ir_cron.xml",
+        "security/ir.model.access.csv",
+        "security/ir_rule.xml",
+        "views/menuitems.xml",
+        "views/res_config_settings_views.xml",
+        "views/templates.xml",
+        "views/vault_share_views.xml",
+    ],
+    "assets": {
+        "web.assets_backend": [
+            "vault_share/static/src/common/**/*.js",
+            "vault_share/static/src/backend/**/*.js",
+            "vault_share/static/src/backend/**/*.scss",
+            "vault_share/static/src/backend/**/*.xml",
+        ],
+        "vault_share.assets_frontend": [
+            "vault/static/src/common/*.js",
+            "vault_share/static/src/frontend/*.js",
+        ],
+    },
+}
diff --git a/vault_share/controllers/__init__.py b/vault_share/controllers/__init__.py
new file mode 100644
index 0000000000..aabfa83edd
--- /dev/null
+++ b/vault_share/controllers/__init__.py
@@ -0,0 +1,4 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import main
diff --git a/vault_share/controllers/main.py b/vault_share/controllers/main.py
new file mode 100644
index 0000000000..52eb94d1ef
--- /dev/null
+++ b/vault_share/controllers/main.py
@@ -0,0 +1,36 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo import _, http
+from odoo.http import request
+
+_logger = logging.getLogger(__name__)
+
+
+class Controller(http.Controller):
+    @http.route("/vault/share/<string:token>", type="http", auth="public")
+    def vault_share(self, token):
+        ctx = {"disable_footer": True, "token": token}
+        share = request.env["vault.share"].sudo()
+        secret = share.get(token, ip=request.httprequest.remote_addr)
+        if secret is None:
+            ctx["error"] = _("The secret expired")
+            return request.render("vault_share.share", ctx)
+
+        if len(secret) != 1:
+            ctx["error"] = _("Invalid token")
+            return request.render("vault_share.share", ctx)
+
+        ctx.update(
+            {
+                "encrypted": secret.secret,
+                "salt": secret.salt,
+                "iv": secret.iv,
+                "encrypted_file": secret.secret_file,
+                "filename": secret.filename,
+                "iterations": secret.iterations,
+            }
+        )
+        return request.render("vault_share.share", ctx)
diff --git a/vault_share/data/ir_cron.xml b/vault_share/data/ir_cron.xml
new file mode 100644
index 0000000000..362e5c1905
--- /dev/null
+++ b/vault_share/data/ir_cron.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo noupdate="1">
+    <record id="cron_share_clean" model="ir.cron">
+        <field name="name">Clean outgoing share</field>
+        <field name="model_id" ref="model_vault_share" />
+        <field name="state">code</field>
+        <field name="code">model.clean()</field>
+        <field name="interval_number">1</field>
+        <field name="interval_type">minutes</field>
+        <field name="numbercall">-1</field>
+        <field name="active" eval="True" />
+    </record>
+</odoo>
diff --git a/vault_share/i18n/es.po b/vault_share/i18n/es.po
new file mode 100644
index 0000000000..a73a93b1cb
--- /dev/null
+++ b/vault_share/i18n/es.po
@@ -0,0 +1,296 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* vault_share
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 13.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2022-06-06 07:44+0000\n"
+"PO-Revision-Date: 2023-10-30 21:37+0000\n"
+"Last-Translator: Ivorra78 <informatica@totmaterial.es>\n"
+"Language-Team: \n"
+"Language: es\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__accesses
+msgid "Access counter"
+msgstr "Contador de acceso"
+
+#. module: vault_share
+#: model:ir.actions.server,name:vault_share.cron_share_clean_ir_actions_server
+#: model:ir.cron,cron_name:vault_share.cron_share_clean
+#: model:ir.cron,name:vault_share.cron_share_clean
+msgid "Clean outgoing share"
+msgstr "Limpiar recurso compartido externo"
+
+#. module: vault_share
+#: model:ir.model,name:vault_share.model_res_company
+msgid "Companies"
+msgstr "Compañías"
+
+#. module: vault_share
+#: model:ir.model,name:vault_share.model_res_config_settings
+msgid "Config Settings"
+msgstr "Opciones de Configuración"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__create_uid
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__create_uid
+msgid "Created by"
+msgstr "Creado por"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__create_date
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__create_date
+msgid "Created on"
+msgstr "Creado el"
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.res_config_settings_view_form
+msgid "Days"
+msgstr "Días"
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.res_config_settings_view_form
+msgid "Delay the deletion of shares"
+msgstr "Retrasar el borrado de recursos compartidos"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_res_config_settings__vault_share_delay
+msgid "Delayed Deletion"
+msgstr "Retrasar borrado"
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_res_config_settings__vault_share_delay
+msgid ""
+"Delays the deletion of a share. After the expiration date it continues to "
+"stay inaccessible"
+msgstr ""
+"Retrasa la eliminación de un recurso compartido. Después de la fecha de "
+"caducidad sigue siendo inaccesible"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__display_name
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__display_name
+msgid "Display Name"
+msgstr "Nombre a mostrar"
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.share
+msgid "Enter the pin:"
+msgstr "Ingresa el pin:"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__expiration
+msgid "Expiration"
+msgstr "Expiración"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__filename
+msgid "Filename"
+msgstr "Nombre del fichero"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__id
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__id
+msgid "ID"
+msgstr "ID"
+
+#. module: vault_share
+#: code:addons/vault_share/controllers/main.py:0
+#, python-format
+msgid "Invalid token"
+msgstr "Token inválido"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__iv
+msgid "Iv"
+msgstr "Iv"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share____last_update
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log____last_update
+msgid "Last Modified on"
+msgstr "Última modificación el"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__write_uid
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__write_uid
+msgid "Last Updated by"
+msgstr "Última modificación por"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__write_date
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__write_date
+msgid "Last Updated on"
+msgstr "Última actualización en"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__log_ids
+msgid "Log"
+msgstr "Registro"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__name
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__name
+msgid "Name"
+msgstr "Nombre"
+
+#. module: vault_share
+#: code:addons/vault_share/models/vault_share.py:0
+#: model:ir.model.constraint,message:vault_share.constraint_vault_share_value_check
+#, python-format
+msgid "No value found"
+msgstr "No se ha encontrado ningún valor"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__pin
+msgid "Pin"
+msgstr "Pin"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__salt
+msgid "Salt"
+msgstr "Sal"
+
+#. module: vault_share
+#. openerp-web
+#: code:addons/vault_share/static/src/backend/templates.xml:0
+#, python-format
+msgid "Save in a vault"
+msgstr "Guardar en un vault"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__secret
+msgid "Secret"
+msgstr "Secreto"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__secret_file
+msgid "Secret File"
+msgstr "Archivo de secretos"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__share_id
+msgid "Share"
+msgstr "Compartir"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__share_link
+msgid "Share URL"
+msgstr "Compartir url"
+
+#. module: vault_share
+#. openerp-web
+#: code:addons/vault_share/static/src/legacy/vault_fields.js:0
+#, python-format
+msgid "Share the secret"
+msgstr "Compartir el secreto"
+
+#. module: vault_share
+#. openerp-web
+#: code:addons/vault_share/static/src/backend/templates.xml:0
+#, python-format
+msgid "Share the secret with an external user"
+msgstr "Compartir el secreto con usuario externo"
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.share
+msgid "Shared file:"
+msgstr "Archivo compartido:"
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.share
+msgid "Shared secret:"
+msgstr "Secreto compartido:"
+
+#. module: vault_share
+#: model:ir.actions.act_window,name:vault_share.action_vault_share
+#: model:ir.ui.menu,name:vault_share.menu_vault_share
+msgid "Shares"
+msgstr "Recursos compartidos"
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_vault_share__expiration
+msgid "Specifies how long a share can be accessed until deletion."
+msgstr ""
+"Especifica el tiempo que se puede acceder a un recurso compartido hasta su "
+"eliminación."
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_vault_share__accesses
+msgid "Specifies how often a share can be accessed before deletion."
+msgstr ""
+"Especifica la frecuencia con la que se puede acceder a un recurso compartido "
+"antes de eliminarlo."
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_vault_share__pin
+msgid "The pin needed to decrypt the share."
+msgstr "El pin necesario para descifrar el recurso compartido."
+
+#. module: vault_share
+#: code:addons/vault_share/controllers/main.py:0
+#, python-format
+msgid "The secret expired"
+msgstr "El secreto ha expirado"
+
+#. module: vault_share
+#: code:addons/vault_share/models/vault_share.py:0
+#, python-format
+msgid "The share was accessed by %(name)s via %(ip)s"
+msgstr "%(name)s ha accedido a la acción a través de %(ip)s"
+
+#. module: vault_share
+#: code:addons/vault_share/models/vault_share.py:0
+#, python-format
+msgid "The share was created by %(name)s"
+msgstr "La acción fue creada por %(name)s"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__token
+msgid "Token"
+msgstr "Token"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__user_id
+msgid "User"
+msgstr "Usuario"
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_vault_share__share_link
+msgid "Using this link and pin people can access the secret."
+msgstr "Utilizando este enlace y el pin la gente puede acceder al secreto."
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_res_company__vault_share_delay
+msgid "Vault Share Delay"
+msgstr "Retraso de la Acción de la Bóveda"
+
+#. module: vault_share
+#: code:addons/vault_share/models/vault_share_log.py:0
+#: model:ir.model,name:vault_share.model_vault_share_log
+#, python-format
+msgid "Vault share log"
+msgstr "Registro de compartición de la bóveda"
+
+#. module: vault_share
+#: code:addons/vault_share/models/vault_share.py:0
+#: model:ir.model,name:vault_share.model_vault_share
+#, python-format
+msgid "Vault share outgoing secrets"
+msgstr "La bóveda comparte secretos de salida"
+
+#, python-format
+#~ msgid "The share was accessed by %s via %s"
+#~ msgstr "El recurso compartido fue accedido por %s a través de %s"
+
+#, python-format
+#~ msgid "The share was created by %s"
+#~ msgstr "El recurso compartido fue creado por %s"
diff --git a/vault_share/i18n/it.po b/vault_share/i18n/it.po
new file mode 100644
index 0000000000..f6b1a8c662
--- /dev/null
+++ b/vault_share/i18n/it.po
@@ -0,0 +1,308 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* vault_share
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"PO-Revision-Date: 2024-03-08 15:34+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
+"Language-Team: none\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__accesses
+msgid "Access counter"
+msgstr "Contatore accessi"
+
+#. module: vault_share
+#: model:ir.actions.server,name:vault_share.cron_share_clean_ir_actions_server
+#: model:ir.cron,cron_name:vault_share.cron_share_clean
+msgid "Clean outgoing share"
+msgstr "Pulizia condivisione in uscita"
+
+#. module: vault_share
+#: model:ir.model,name:vault_share.model_res_company
+msgid "Companies"
+msgstr "Aziende"
+
+#. module: vault_share
+#: model:ir.model,name:vault_share.model_res_config_settings
+msgid "Config Settings"
+msgstr "Impostazioni configurazione"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__create_uid
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__create_uid
+msgid "Created by"
+msgstr "Creato da"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__create_date
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__create_date
+msgid "Created on"
+msgstr "Creato il"
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.res_config_settings_view_form
+msgid "Days"
+msgstr "Giorni"
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.res_config_settings_view_form
+msgid "Delay the deletion of shares"
+msgstr "Ritarda la cancellazione delle condivisioni"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_res_config_settings__vault_share_delay
+msgid "Delayed Deletion"
+msgstr "Cancellazioni ritardate"
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_res_config_settings__vault_share_delay
+msgid ""
+"Delays the deletion of a share. After the expiration date it continues to "
+"stay inaccessible"
+msgstr ""
+"Ritarda la cancellazione di una condivisione. Dopo la scadenza continua ad "
+"essere inaccessibile"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__display_name
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__display_name
+msgid "Display Name"
+msgstr "Nome visualizzato"
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.share
+msgid "Enter the pin:"
+msgstr "Inserire il PIN:"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__expiration
+msgid "Expiration"
+msgstr "Scadenza"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__filename
+msgid "Filename"
+msgstr "Nome file"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__id
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__id
+msgid "ID"
+msgstr "ID"
+
+#. module: vault_share
+#. odoo-python
+#: code:addons/vault_share/controllers/main.py:0
+#, python-format
+msgid "Invalid token"
+msgstr "Token non valido"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__iterations
+msgid "Iterations"
+msgstr "Iterazioni"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__iv
+msgid "Iv"
+msgstr "Iv"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share____last_update
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log____last_update
+msgid "Last Modified on"
+msgstr "Ultima modifica il"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__write_uid
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__write_uid
+msgid "Last Updated by"
+msgstr "Ultimo aggiornamento di"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__write_date
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__write_date
+msgid "Last Updated on"
+msgstr "Ultimo aggiornamento il"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__log_ids
+msgid "Log"
+msgstr "Log"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__name
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__name
+msgid "Name"
+msgstr "Nome"
+
+#. module: vault_share
+#. odoo-python
+#: code:addons/vault_share/models/vault_share.py:0
+#: model:ir.model.constraint,message:vault_share.constraint_vault_share_value_check
+#, python-format
+msgid "No value found"
+msgstr "Nessun valore trovato"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__pin
+msgid "Pin"
+msgstr "PIN"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__salt
+msgid "Salt"
+msgstr "Salt"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__secret
+msgid "Secret"
+msgstr "Segreto"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__secret_file
+msgid "Secret File"
+msgstr "File segreto"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__share_id
+msgid "Share"
+msgstr "Condividi"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__share_link
+msgid "Share URL"
+msgstr "URL condivisione"
+
+#. module: vault_share
+#. odoo-javascript
+#: code:addons/vault_share/static/src/backend/fields/vault_field.esm.js:0
+#, python-format
+msgid "Share the secret"
+msgstr "Condividi il segreto"
+
+#. module: vault_share
+#. odoo-javascript
+#: code:addons/vault_share/static/src/backend/fields/templates.xml:0
+#: code:addons/vault_share/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Share the secret with an external user"
+msgstr "Condividi il segreto con un utente esterno"
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.share
+msgid "Shared file:"
+msgstr "File condiviso:"
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.share
+msgid "Shared secret:"
+msgstr "Segreto condiviso:"
+
+#. module: vault_share
+#: model:ir.actions.act_window,name:vault_share.action_vault_share
+#: model:ir.ui.menu,name:vault_share.menu_vault_share
+msgid "Shares"
+msgstr "Condivisioni"
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_vault_share__expiration
+msgid "Specifies how long a share can be accessed until deletion."
+msgstr ""
+"Indica per quanto tempo si può accedere ad una condivisione prima della "
+"cancellazione."
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_vault_share__accesses
+msgid "Specifies how often a share can be accessed before deletion."
+msgstr ""
+"Indica quante volte si può accedere ad una condivisione prima della "
+"cancellazione."
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_vault_share__pin
+msgid "The pin needed to decrypt the share."
+msgstr "Il PIN richiesto per decriptare la condivisione."
+
+#. module: vault_share
+#. odoo-python
+#: code:addons/vault_share/controllers/main.py:0
+#, python-format
+msgid "The secret expired"
+msgstr "Il segreto è scaduto"
+
+#. module: vault_share
+#. odoo-python
+#: code:addons/vault_share/models/vault_share.py:0
+#, python-format
+msgid "The share was accessed by %(name)s via %(ip)s"
+msgstr "La codivisione è stata utilizzata da %(name)s attraverso %(ip)s"
+
+#. module: vault_share
+#. odoo-python
+#: code:addons/vault_share/models/vault_share.py:0
+#, python-format
+msgid "The share was created by %(name)s"
+msgstr "La condivisione è stata creata da %(name)s"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__token
+msgid "Token"
+msgstr "Token"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__user_id
+msgid "User"
+msgstr "Utente"
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_vault_share__share_link
+msgid "Using this link and pin people can access the secret."
+msgstr ""
+"Utilizzando questo collegamento e PIN le persone possono accedere al segreto."
+
+#. module: vault_share
+#. odoo-javascript
+#: code:addons/vault_share/static/src/backend/fields/vault_pin_field.esm.js:0
+#, python-format
+msgid "Vault Pin Field"
+msgstr "Campo PIN deposito di sicurezza"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_res_company__vault_share_delay
+msgid "Vault Share Delay"
+msgstr "Ritardo condivisione deposito di sicurezza"
+
+#. module: vault_share
+#. odoo-javascript
+#: code:addons/vault_share/static/src/backend/fields/vault_share_field.esm.js:0
+#: code:addons/vault_share/static/src/backend/fields/vault_share_file.esm.js:0
+#, python-format
+msgid "Vault Share Field"
+msgstr "Campo condivisione deposito di sicurezza"
+
+#. module: vault_share
+#. odoo-python
+#: code:addons/vault_share/models/vault_share_log.py:0
+#: model:ir.model,name:vault_share.model_vault_share_log
+#, python-format
+msgid "Vault share log"
+msgstr "Log condivisione deposito di sicurezza"
+
+#. module: vault_share
+#. odoo-python
+#: code:addons/vault_share/models/vault_share.py:0
+#: model:ir.model,name:vault_share.model_vault_share
+#, python-format
+msgid "Vault share outgoing secrets"
+msgstr "Segreti uscita condivisione deposito di sicurezza"
diff --git a/vault_share/i18n/nl.po b/vault_share/i18n/nl.po
new file mode 100644
index 0000000000..5ea11a1ac3
--- /dev/null
+++ b/vault_share/i18n/nl.po
@@ -0,0 +1,281 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* vault_share
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 15.0\n"
+"Report-Msgid-Bugs-To: \n"
+"PO-Revision-Date: 2023-05-05 13:33+0000\n"
+"Last-Translator: Bosd <c5e2fd43-d292-4c90-9d1f-74ff3436329a@anonaddy.me>\n"
+"Language-Team: none\n"
+"Language: nl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.14.1\n"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__accesses
+msgid "Access counter"
+msgstr "Toegangsteller"
+
+#. module: vault_share
+#: model:ir.actions.server,name:vault_share.cron_share_clean_ir_actions_server
+#: model:ir.cron,cron_name:vault_share.cron_share_clean
+#: model:ir.cron,name:vault_share.cron_share_clean
+msgid "Clean outgoing share"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model,name:vault_share.model_res_company
+msgid "Companies"
+msgstr "Bedrijven"
+
+#. module: vault_share
+#: model:ir.model,name:vault_share.model_res_config_settings
+msgid "Config Settings"
+msgstr "Configuratie-instellingen"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__create_uid
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__create_uid
+msgid "Created by"
+msgstr "Aangemaakt door"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__create_date
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__create_date
+msgid "Created on"
+msgstr "Aangemaakt op"
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.res_config_settings_view_form
+msgid "Days"
+msgstr "Dagen"
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.res_config_settings_view_form
+msgid "Delay the deletion of shares"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_res_config_settings__vault_share_delay
+msgid "Delayed Deletion"
+msgstr "Uitgestelde verwijdering"
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_res_config_settings__vault_share_delay
+msgid ""
+"Delays the deletion of a share. After the expiration date it continues to "
+"stay inaccessible"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__display_name
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__display_name
+msgid "Display Name"
+msgstr "Schermnaam"
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.share
+msgid "Enter the pin:"
+msgstr "Voer de pincode in:"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__expiration
+msgid "Expiration"
+msgstr "Vervaldatum"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__filename
+msgid "Filename"
+msgstr "Bestandsnaam"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__id
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__id
+msgid "ID"
+msgstr "ID"
+
+#. module: vault_share
+#: code:addons/vault_share/controllers/main.py:0
+#, python-format
+msgid "Invalid token"
+msgstr "Ongeldige token"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__iv
+msgid "Iv"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share____last_update
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log____last_update
+msgid "Last Modified on"
+msgstr "Laatst gewijzigd op"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__write_uid
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__write_uid
+msgid "Last Updated by"
+msgstr "Laatst bijgewerkt door"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__write_date
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__write_date
+msgid "Last Updated on"
+msgstr "Laatst bijgewerkt op"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__log_ids
+msgid "Log"
+msgstr "Log"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__name
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__name
+msgid "Name"
+msgstr "Naam"
+
+#. module: vault_share
+#: code:addons/vault_share/models/vault_share.py:0
+#: model:ir.model.constraint,message:vault_share.constraint_vault_share_value_check
+#, python-format
+msgid "No value found"
+msgstr "Geen waarde gevonden"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__pin
+msgid "Pin"
+msgstr "Pin"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__salt
+msgid "Salt"
+msgstr ""
+
+#. module: vault_share
+#. openerp-web
+#: code:addons/vault_share/static/src/backend/templates.xml:0
+#, python-format
+msgid "Save in a vault"
+msgstr "Opslaan in een kluis"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__secret
+msgid "Secret"
+msgstr "Geheim"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__secret_file
+msgid "Secret File"
+msgstr "Secret File"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__share_id
+msgid "Share"
+msgstr "Delen"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__share_link
+msgid "Share URL"
+msgstr "Share URL"
+
+#. module: vault_share
+#. openerp-web
+#: code:addons/vault_share/static/src/legacy/vault_fields.js:0
+#, python-format
+msgid "Share the secret"
+msgstr "Deel het geheim"
+
+#. module: vault_share
+#. openerp-web
+#: code:addons/vault_share/static/src/backend/templates.xml:0
+#, python-format
+msgid "Share the secret with an external user"
+msgstr "Het geheim delen met een externe gebruiker"
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.share
+msgid "Shared file:"
+msgstr "Gedeeld bestand:"
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.share
+msgid "Shared secret:"
+msgstr "Gedeeld geheim:"
+
+#. module: vault_share
+#: model:ir.actions.act_window,name:vault_share.action_vault_share
+#: model:ir.ui.menu,name:vault_share.menu_vault_share
+msgid "Shares"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_vault_share__expiration
+msgid "Specifies how long a share can be accessed until deletion."
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_vault_share__accesses
+msgid "Specifies how often a share can be accessed before deletion."
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_vault_share__pin
+msgid "The pin needed to decrypt the share."
+msgstr ""
+
+#. module: vault_share
+#: code:addons/vault_share/controllers/main.py:0
+#, python-format
+msgid "The secret expired"
+msgstr "Het geheim is verlopen"
+
+#. module: vault_share
+#: code:addons/vault_share/models/vault_share.py:0
+#, python-format
+msgid "The share was accessed by %(name)s via %(ip)s"
+msgstr "Het record werd geopend door %(name)s via %(ip)s"
+
+#. module: vault_share
+#: code:addons/vault_share/models/vault_share.py:0
+#, python-format
+msgid "The share was created by %(name)s"
+msgstr "Het record is gemaakt door %(name)s"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__token
+msgid "Token"
+msgstr "Token"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__user_id
+msgid "User"
+msgstr "Gebruiker"
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_vault_share__share_link
+msgid "Using this link and pin people can access the secret."
+msgstr "Met deze link en pin kunnen mensen toegang krijgen tot het geheim."
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_res_company__vault_share_delay
+msgid "Vault Share Delay"
+msgstr ""
+
+#. module: vault_share
+#: code:addons/vault_share/models/vault_share_log.py:0
+#: model:ir.model,name:vault_share.model_vault_share_log
+#, python-format
+msgid "Vault share log"
+msgstr ""
+
+#. module: vault_share
+#: code:addons/vault_share/models/vault_share.py:0
+#: model:ir.model,name:vault_share.model_vault_share
+#, python-format
+msgid "Vault share outgoing secrets"
+msgstr ""
diff --git a/vault_share/i18n/vault_share.pot b/vault_share/i18n/vault_share.pot
new file mode 100644
index 0000000000..ac46e72617
--- /dev/null
+++ b/vault_share/i18n/vault_share.pot
@@ -0,0 +1,298 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* vault_share
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__accesses
+msgid "Access counter"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.actions.server,name:vault_share.cron_share_clean_ir_actions_server
+#: model:ir.cron,cron_name:vault_share.cron_share_clean
+msgid "Clean outgoing share"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model,name:vault_share.model_res_company
+msgid "Companies"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model,name:vault_share.model_res_config_settings
+msgid "Config Settings"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__create_uid
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__create_uid
+msgid "Created by"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__create_date
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__create_date
+msgid "Created on"
+msgstr ""
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.res_config_settings_view_form
+msgid "Days"
+msgstr ""
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.res_config_settings_view_form
+msgid "Delay the deletion of shares"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_res_config_settings__vault_share_delay
+msgid "Delayed Deletion"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_res_config_settings__vault_share_delay
+msgid ""
+"Delays the deletion of a share. After the expiration date it continues to "
+"stay inaccessible"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__display_name
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__display_name
+msgid "Display Name"
+msgstr ""
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.share
+msgid "Enter the pin:"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__expiration
+msgid "Expiration"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__filename
+msgid "Filename"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__id
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__id
+msgid "ID"
+msgstr ""
+
+#. module: vault_share
+#. odoo-python
+#: code:addons/vault_share/controllers/main.py:0
+#, python-format
+msgid "Invalid token"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__iterations
+msgid "Iterations"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__iv
+msgid "Iv"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share____last_update
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log____last_update
+msgid "Last Modified on"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__write_uid
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__write_uid
+msgid "Last Updated by"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__write_date
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__write_date
+msgid "Last Updated on"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__log_ids
+msgid "Log"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__name
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__name
+msgid "Name"
+msgstr ""
+
+#. module: vault_share
+#. odoo-python
+#: code:addons/vault_share/models/vault_share.py:0
+#: model:ir.model.constraint,message:vault_share.constraint_vault_share_value_check
+#, python-format
+msgid "No value found"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__pin
+msgid "Pin"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__salt
+msgid "Salt"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__secret
+msgid "Secret"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__secret_file
+msgid "Secret File"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share_log__share_id
+msgid "Share"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__share_link
+msgid "Share URL"
+msgstr ""
+
+#. module: vault_share
+#. odoo-javascript
+#: code:addons/vault_share/static/src/backend/fields/vault_field.esm.js:0
+#, python-format
+msgid "Share the secret"
+msgstr ""
+
+#. module: vault_share
+#. odoo-javascript
+#: code:addons/vault_share/static/src/backend/fields/templates.xml:0
+#: code:addons/vault_share/static/src/backend/fields/templates.xml:0
+#, python-format
+msgid "Share the secret with an external user"
+msgstr ""
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.share
+msgid "Shared file:"
+msgstr ""
+
+#. module: vault_share
+#: model_terms:ir.ui.view,arch_db:vault_share.share
+msgid "Shared secret:"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.actions.act_window,name:vault_share.action_vault_share
+#: model:ir.ui.menu,name:vault_share.menu_vault_share
+msgid "Shares"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_vault_share__expiration
+msgid "Specifies how long a share can be accessed until deletion."
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_vault_share__accesses
+msgid "Specifies how often a share can be accessed before deletion."
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_vault_share__pin
+msgid "The pin needed to decrypt the share."
+msgstr ""
+
+#. module: vault_share
+#. odoo-python
+#: code:addons/vault_share/controllers/main.py:0
+#, python-format
+msgid "The secret expired"
+msgstr ""
+
+#. module: vault_share
+#. odoo-python
+#: code:addons/vault_share/models/vault_share.py:0
+#, python-format
+msgid "The share was accessed by %(name)s via %(ip)s"
+msgstr ""
+
+#. module: vault_share
+#. odoo-python
+#: code:addons/vault_share/models/vault_share.py:0
+#, python-format
+msgid "The share was created by %(name)s"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__token
+msgid "Token"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_vault_share__user_id
+msgid "User"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,help:vault_share.field_vault_share__share_link
+msgid "Using this link and pin people can access the secret."
+msgstr ""
+
+#. module: vault_share
+#. odoo-javascript
+#: code:addons/vault_share/static/src/backend/fields/vault_pin_field.esm.js:0
+#, python-format
+msgid "Vault Pin Field"
+msgstr ""
+
+#. module: vault_share
+#: model:ir.model.fields,field_description:vault_share.field_res_company__vault_share_delay
+msgid "Vault Share Delay"
+msgstr ""
+
+#. module: vault_share
+#. odoo-javascript
+#: code:addons/vault_share/static/src/backend/fields/vault_share_field.esm.js:0
+#: code:addons/vault_share/static/src/backend/fields/vault_share_file.esm.js:0
+#, python-format
+msgid "Vault Share Field"
+msgstr ""
+
+#. module: vault_share
+#. odoo-python
+#: code:addons/vault_share/models/vault_share_log.py:0
+#: model:ir.model,name:vault_share.model_vault_share_log
+#, python-format
+msgid "Vault share log"
+msgstr ""
+
+#. module: vault_share
+#. odoo-python
+#: code:addons/vault_share/models/vault_share.py:0
+#: model:ir.model,name:vault_share.model_vault_share
+#, python-format
+msgid "Vault share outgoing secrets"
+msgstr ""
diff --git a/vault_share/migrations/16.0.1.0.0/post-migrate.py b/vault_share/migrations/16.0.1.0.0/post-migrate.py
new file mode 100644
index 0000000000..15c3b22717
--- /dev/null
+++ b/vault_share/migrations/16.0.1.0.0/post-migrate.py
@@ -0,0 +1,13 @@
+# © 2024 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+_logger = logging.getLogger(__name__)
+
+
+def migrate(cr, version):
+    # Before the migration the iterations were hardcoded to 4000
+    _logger.info("Setting iterations for previous records")
+
+    cr.execute("UPDATE vault_share SET iterations = 4000 WHERE iterations IS NULL")
diff --git a/vault_share/models/__init__.py b/vault_share/models/__init__.py
new file mode 100644
index 0000000000..e6b947e32a
--- /dev/null
+++ b/vault_share/models/__init__.py
@@ -0,0 +1,4 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import res_company, res_config_settings, vault_share, vault_share_log
diff --git a/vault_share/models/res_company.py b/vault_share/models/res_company.py
new file mode 100644
index 0000000000..8eac8cd823
--- /dev/null
+++ b/vault_share/models/res_company.py
@@ -0,0 +1,10 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from odoo import fields, models
+
+
+class RecCompany(models.Model):
+    _inherit = "res.company"
+
+    vault_share_delay = fields.Integer(default=0)
diff --git a/vault_share/models/res_config_settings.py b/vault_share/models/res_config_settings.py
new file mode 100644
index 0000000000..4a69c1c18b
--- /dev/null
+++ b/vault_share/models/res_config_settings.py
@@ -0,0 +1,24 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo import api, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class ResConfigSettings(models.TransientModel):
+    _inherit = "res.config.settings"
+
+    vault_share_delay = fields.Integer(
+        string="Delayed Deletion",
+        related="company_id.vault_share_delay",
+        readonly=False,
+        help="Delays the deletion of a share. After the expiration date it continues "
+        "to stay inaccessible",
+    )
+
+    @api.onchange("vault_share_delay")
+    def _onchange_vault_share_delay(self):
+        self.vault_share_delay = max(0, self.vault_share_delay)
diff --git a/vault_share/models/vault_share.py b/vault_share/models/vault_share.py
new file mode 100644
index 0000000000..927e5e3269
--- /dev/null
+++ b/vault_share/models/vault_share.py
@@ -0,0 +1,86 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+from datetime import datetime, timedelta
+from uuid import uuid4
+
+from odoo import _, api, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class VaultShare(models.Model):
+    _name = "vault.share"
+    _description = _("Vault share outgoing secrets")
+
+    user_id = fields.Many2one("res.users", default=lambda self: self.env.uid)
+    name = fields.Char(required=True)
+    share_link = fields.Char(
+        "Share URL",
+        compute="_compute_url",
+        store=False,
+        help="Using this link and pin people can access the secret.",
+    )
+    token = fields.Char(readonly=True, required=True, default=lambda self: uuid4())
+    secret = fields.Char()
+    secret_file = fields.Char()
+    filename = fields.Char()
+    salt = fields.Char(required=True)
+    iterations = fields.Integer()
+    iv = fields.Char(required=True)
+    pin = fields.Char(required=True, help="The pin needed to decrypt the share.")
+    accesses = fields.Integer(
+        "Access counter",
+        default=5,
+        help="Specifies how often a share can be accessed before deletion.",
+    )
+    expiration = fields.Datetime(
+        default=lambda self: datetime.now() + timedelta(days=7),
+        help="Specifies how long a share can be accessed until deletion.",
+    )
+    log_ids = fields.One2many("vault.share.log", "share_id", "Log", readonly=True)
+
+    _sql_constraints = [
+        (
+            "value_check",
+            "CHECK(secret IS NOT NULL OR secret_file IS NOT NULL)",
+            _("No value found"),
+        ),
+    ]
+
+    @api.depends("token")
+    def _compute_url(self):
+        base_url = self.env["ir.config_parameter"].sudo().get_param("web.base.url")
+        for rec in self:
+            rec.share_link = f"{base_url}/vault/share/{rec.token}"
+
+    @api.model
+    def get(self, token, ip=None):
+        rec = self.search([("token", "=", token)], limit=1)
+        if not rec:
+            return rec
+
+        if datetime.now() < rec.expiration and rec.accesses > 0:
+            rec.accesses -= 1
+            log = _("The share was accessed by %(name)s via %(ip)s")
+            rec.log_ids = [
+                (0, 0, {"name": log % {"name": self.env.user.name, "ip": ip or "n/a"}})
+            ]
+            return rec
+
+        return None
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        res = super().create(vals_list)
+        log = _("The share was created by %(name)s")
+        for rec in res:
+            rec.log_ids = [(0, 0, {"name": log % {"name": self.env.user.name}})]
+        return res
+
+    @api.model
+    def clean(self):
+        now = datetime.now()
+        offset = timedelta(days=self.env.company.vault_share_delay)
+        self.search([("expiration", "<=", now + offset)]).unlink()
diff --git a/vault_share/models/vault_share_log.py b/vault_share/models/vault_share_log.py
new file mode 100644
index 0000000000..c8c2ef047e
--- /dev/null
+++ b/vault_share/models/vault_share_log.py
@@ -0,0 +1,22 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo import _, fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class VaultShareLog(models.Model):
+    _name = "vault.share.log"
+    _description = _("Vault share log")
+    _order = "create_date DESC"
+
+    share_id = fields.Many2one(
+        "vault.share",
+        ondelete="cascade",
+        readonly=True,
+        required=True,
+    )
+    name = fields.Char(readonly=True)
diff --git a/vault_share/readme/CONTRIBUTORS.rst b/vault_share/readme/CONTRIBUTORS.rst
new file mode 100644
index 0000000000..e202826121
--- /dev/null
+++ b/vault_share/readme/CONTRIBUTORS.rst
@@ -0,0 +1 @@
+* Florian Kantelberg <florian.kantelberg@initos.com>
diff --git a/vault_share/readme/DESCRIPTION.rst b/vault_share/readme/DESCRIPTION.rst
new file mode 100644
index 0000000000..6348479690
--- /dev/null
+++ b/vault_share/readme/DESCRIPTION.rst
@@ -0,0 +1,6 @@
+This module implements possibilities to share specific secrets with external users. This bases on the vault implementation and the generated RSA key pair.
+
+Share
+~~~~~
+
+This allows an user to share a secret with external users. A share can be generated from a vault entry or directly created by an user. The secret is symmetrically encrypted by a key derived from a pin. To grant access the user has to transmit the link and pin with the external. If either the access counter reaches 0 or the share expires it will be deleted automatically. Due to the usage of a numeric pin and the browser side decryption a share is vulnerable to brute-force attacks and shouldn't be used as a permanent storage for secrets. For long time uses the user should create an account and a vault should be used.
diff --git a/vault_share/readme/ROADMAP.rst b/vault_share/readme/ROADMAP.rst
new file mode 100644
index 0000000000..3a2ad3154c
--- /dev/null
+++ b/vault_share/readme/ROADMAP.rst
@@ -0,0 +1 @@
+* Secure the download of the encrypted file behind a challenge/response
diff --git a/vault_share/security/ir.model.access.csv b/vault_share/security/ir.model.access.csv
new file mode 100644
index 0000000000..54569a817c
--- /dev/null
+++ b/vault_share/security/ir.model.access.csv
@@ -0,0 +1,3 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_vault_share,access_vault_share,model_vault_share,base.group_user,1,1,1,1
+access_vault_share_log,access_vault_share_log,model_vault_share_log,base.group_user,1,1,1,1
diff --git a/vault_share/security/ir_rule.xml b/vault_share/security/ir_rule.xml
new file mode 100644
index 0000000000..e9a1dc2576
--- /dev/null
+++ b/vault_share/security/ir_rule.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="vault_share_owner" model="ir.rule">
+        <field name="name">vault.share.access.owner</field>
+        <field name="model_id" ref="vault_share.model_vault_share" />
+        <field name="domain_force">[('user_id', '=', user.id)]</field>
+        <field name="perm_create" eval="1" />
+        <field name="perm_write" eval="1" />
+        <field name="perm_unlink" eval="1" />
+        <field name="perm_read" eval="1" />
+    </record>
+
+    <record id="vault_share_log_owner" model="ir.rule">
+        <field name="name">vault.share.log.access.owner</field>
+        <field name="model_id" ref="vault_share.model_vault_share_log" />
+        <field name="domain_force">[('share_id.user_id', '=', user.id)]</field>
+        <field name="perm_create" eval="1" />
+        <field name="perm_write" eval="1" />
+        <field name="perm_unlink" eval="1" />
+        <field name="perm_read" eval="1" />
+    </record>
+</odoo>
diff --git a/vault_share/static/description/icon.png b/vault_share/static/description/icon.png
new file mode 100644
index 0000000000..d79aa6f575
Binary files /dev/null and b/vault_share/static/description/icon.png differ
diff --git a/vault_share/static/description/index.html b/vault_share/static/description/index.html
new file mode 100644
index 0000000000..29d5221c0d
--- /dev/null
+++ b/vault_share/static/description/index.html
@@ -0,0 +1,426 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<meta name="generator" content="Docutils: https://docutils.sourceforge.io/" />
+<title>Vault - Share</title>
+<style type="text/css">
+
+/*
+:Author: David Goodger (goodger@python.org)
+:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
+:Copyright: This stylesheet has been placed in the public domain.
+
+Default cascading style sheet for the HTML output of Docutils.
+
+See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
+customize this style sheet.
+*/
+
+/* used to remove borders from tables and images */
+.borderless, table.borderless td, table.borderless th {
+  border: 0 }
+
+table.borderless td, table.borderless th {
+  /* Override padding for "table.docutils td" with "! important".
+     The right padding separates the table cells. */
+  padding: 0 0.5em 0 0 ! important }
+
+.first {
+  /* Override more specific margin styles with "! important". */
+  margin-top: 0 ! important }
+
+.last, .with-subtitle {
+  margin-bottom: 0 ! important }
+
+.hidden {
+  display: none }
+
+.subscript {
+  vertical-align: sub;
+  font-size: smaller }
+
+.superscript {
+  vertical-align: super;
+  font-size: smaller }
+
+a.toc-backref {
+  text-decoration: none ;
+  color: black }
+
+blockquote.epigraph {
+  margin: 2em 5em ; }
+
+dl.docutils dd {
+  margin-bottom: 0.5em }
+
+object[type="image/svg+xml"], object[type="application/x-shockwave-flash"] {
+  overflow: hidden;
+}
+
+/* Uncomment (and remove this text!) to get bold-faced definition list terms
+dl.docutils dt {
+  font-weight: bold }
+*/
+
+div.abstract {
+  margin: 2em 5em }
+
+div.abstract p.topic-title {
+  font-weight: bold ;
+  text-align: center }
+
+div.admonition, div.attention, div.caution, div.danger, div.error,
+div.hint, div.important, div.note, div.tip, div.warning {
+  margin: 2em ;
+  border: medium outset ;
+  padding: 1em }
+
+div.admonition p.admonition-title, div.hint p.admonition-title,
+div.important p.admonition-title, div.note p.admonition-title,
+div.tip p.admonition-title {
+  font-weight: bold ;
+  font-family: sans-serif }
+
+div.attention p.admonition-title, div.caution p.admonition-title,
+div.danger p.admonition-title, div.error p.admonition-title,
+div.warning p.admonition-title, .code .error {
+  color: red ;
+  font-weight: bold ;
+  font-family: sans-serif }
+
+/* Uncomment (and remove this text!) to get reduced vertical space in
+   compound paragraphs.
+div.compound .compound-first, div.compound .compound-middle {
+  margin-bottom: 0.5em }
+
+div.compound .compound-last, div.compound .compound-middle {
+  margin-top: 0.5em }
+*/
+
+div.dedication {
+  margin: 2em 5em ;
+  text-align: center ;
+  font-style: italic }
+
+div.dedication p.topic-title {
+  font-weight: bold ;
+  font-style: normal }
+
+div.figure {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+div.footer, div.header {
+  clear: both;
+  font-size: smaller }
+
+div.line-block {
+  display: block ;
+  margin-top: 1em ;
+  margin-bottom: 1em }
+
+div.line-block div.line-block {
+  margin-top: 0 ;
+  margin-bottom: 0 ;
+  margin-left: 1.5em }
+
+div.sidebar {
+  margin: 0 0 0.5em 1em ;
+  border: medium outset ;
+  padding: 1em ;
+  background-color: #ffffee ;
+  width: 40% ;
+  float: right ;
+  clear: right }
+
+div.sidebar p.rubric {
+  font-family: sans-serif ;
+  font-size: medium }
+
+div.system-messages {
+  margin: 5em }
+
+div.system-messages h1 {
+  color: red }
+
+div.system-message {
+  border: medium outset ;
+  padding: 1em }
+
+div.system-message p.system-message-title {
+  color: red ;
+  font-weight: bold }
+
+div.topic {
+  margin: 2em }
+
+h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
+h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
+  margin-top: 0.4em }
+
+h1.title {
+  text-align: center }
+
+h2.subtitle {
+  text-align: center }
+
+hr.docutils {
+  width: 75% }
+
+img.align-left, .figure.align-left, object.align-left, table.align-left {
+  clear: left ;
+  float: left ;
+  margin-right: 1em }
+
+img.align-right, .figure.align-right, object.align-right, table.align-right {
+  clear: right ;
+  float: right ;
+  margin-left: 1em }
+
+img.align-center, .figure.align-center, object.align-center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+table.align-center {
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.align-left {
+  text-align: left }
+
+.align-center {
+  clear: both ;
+  text-align: center }
+
+.align-right {
+  text-align: right }
+
+/* reset inner alignment in figures */
+div.align-right {
+  text-align: inherit }
+
+/* div.align-center * { */
+/*   text-align: left } */
+
+.align-top    {
+  vertical-align: top }
+
+.align-middle {
+  vertical-align: middle }
+
+.align-bottom {
+  vertical-align: bottom }
+
+ol.simple, ul.simple {
+  margin-bottom: 1em }
+
+ol.arabic {
+  list-style: decimal }
+
+ol.loweralpha {
+  list-style: lower-alpha }
+
+ol.upperalpha {
+  list-style: upper-alpha }
+
+ol.lowerroman {
+  list-style: lower-roman }
+
+ol.upperroman {
+  list-style: upper-roman }
+
+p.attribution {
+  text-align: right ;
+  margin-left: 50% }
+
+p.caption {
+  font-style: italic }
+
+p.credits {
+  font-style: italic ;
+  font-size: smaller }
+
+p.label {
+  white-space: nowrap }
+
+p.rubric {
+  font-weight: bold ;
+  font-size: larger ;
+  color: maroon ;
+  text-align: center }
+
+p.sidebar-title {
+  font-family: sans-serif ;
+  font-weight: bold ;
+  font-size: larger }
+
+p.sidebar-subtitle {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+p.topic-title {
+  font-weight: bold }
+
+pre.address {
+  margin-bottom: 0 ;
+  margin-top: 0 ;
+  font: inherit }
+
+pre.literal-block, pre.doctest-block, pre.math, pre.code {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+pre.code .ln { color: grey; } /* line numbers */
+pre.code, code { background-color: #eeeeee }
+pre.code .comment, code .comment { color: #5C6576 }
+pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
+pre.code .literal.string, code .literal.string { color: #0C5404 }
+pre.code .name.builtin, code .name.builtin { color: #352B84 }
+pre.code .deleted, code .deleted { background-color: #DEB0A1}
+pre.code .inserted, code .inserted { background-color: #A3D289}
+
+span.classifier {
+  font-family: sans-serif ;
+  font-style: oblique }
+
+span.classifier-delimiter {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+span.interpreted {
+  font-family: sans-serif }
+
+span.option {
+  white-space: nowrap }
+
+span.pre {
+  white-space: pre }
+
+span.problematic {
+  color: red }
+
+span.section-subtitle {
+  /* font-size relative to parent (h1..h6 element) */
+  font-size: 80% }
+
+table.citation {
+  border-left: solid 1px gray;
+  margin-left: 1px }
+
+table.docinfo {
+  margin: 2em 4em }
+
+table.docutils {
+  margin-top: 0.5em ;
+  margin-bottom: 0.5em }
+
+table.footnote {
+  border-left: solid 1px black;
+  margin-left: 1px }
+
+table.docutils td, table.docutils th,
+table.docinfo td, table.docinfo th {
+  padding-left: 0.5em ;
+  padding-right: 0.5em ;
+  vertical-align: top }
+
+table.docutils th.field-name, table.docinfo th.docinfo-name {
+  font-weight: bold ;
+  text-align: left ;
+  white-space: nowrap ;
+  padding-left: 0 }
+
+/* "booktabs" style (no vertical lines) */
+table.docutils.booktabs {
+  border: 0px;
+  border-top: 2px solid;
+  border-bottom: 2px solid;
+  border-collapse: collapse;
+}
+table.docutils.booktabs * {
+  border: 0px;
+}
+table.docutils.booktabs th {
+  border-bottom: thin solid;
+  text-align: left;
+}
+
+h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
+h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
+  font-size: 100% }
+
+ul.auto-toc {
+  list-style-type: none }
+
+</style>
+</head>
+<body>
+<div class="document" id="vault-share">
+<h1 class="title">Vault - Share</h1>
+
+<!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! This file is generated by oca-gen-addon-readme !!
+!! changes will be overwritten.                   !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! source digest: sha256:adce488b82d4097f6a7f94b8dfeb82712b9e717846f3cc745600419fc4393eed
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/16.0/vault_share"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-vault_share"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
+<p>This module implements possibilities to share specific secrets with external users. This bases on the vault implementation and the generated RSA key pair.</p>
+<div class="section" id="share">
+<h1>Share</h1>
+<p>This allows an user to share a secret with external users. A share can be generated from a vault entry or directly created by an user. The secret is symmetrically encrypted by a key derived from a pin. To grant access the user has to transmit the link and pin with the external. If either the access counter reaches 0 or the share expires it will be deleted automatically. Due to the usage of a numeric pin and the browser side decryption a share is vulnerable to brute-force attacks and shouldn’t be used as a permanent storage for secrets. For long time uses the user should create an account and a vault should be used.</p>
+<p><strong>Table of contents</strong></p>
+<div class="contents local topic" id="contents">
+<ul class="simple">
+<li><a class="reference internal" href="#known-issues-roadmap" id="toc-entry-1">Known issues / Roadmap</a></li>
+<li><a class="reference internal" href="#bug-tracker" id="toc-entry-2">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="toc-entry-3">Credits</a></li>
+</ul>
+</div>
+<div class="section" id="known-issues-roadmap">
+<h2><a class="toc-backref" href="#toc-entry-1">Known issues / Roadmap</a></h2>
+<ul class="simple">
+<li>Secure the download of the encrypted file behind a challenge/response</li>
+</ul>
+</div>
+<div class="section" id="bug-tracker">
+<h2><a class="toc-backref" href="#toc-entry-2">Bug Tracker</a></h2>
+<p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/server-auth/issues">GitHub Issues</a>.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+<a class="reference external" href="https://github.com/OCA/server-auth/issues/new?body=module:%20vault_share%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+<p>Do not contact contributors directly about support or help with technical issues.</p>
+</div>
+<div class="section" id="credits">
+<h2><a class="toc-backref" href="#toc-entry-3">Credits</a></h2>
+</div>
+</div>
+<div class="section" id="authors">
+<h1>Authors</h1>
+<ul class="simple">
+<li>initOS GmbH</li>
+</ul>
+</div>
+<div class="section" id="contributors">
+<h1>Contributors</h1>
+<ul class="simple">
+<li>Florian Kantelberg &lt;<a class="reference external" href="mailto:florian.kantelberg&#64;initos.com">florian.kantelberg&#64;initos.com</a>&gt;</li>
+</ul>
+</div>
+<div class="section" id="maintainers">
+<h1>Maintainers</h1>
+<p>This module is maintained by the OCA.</p>
+<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
+<p>OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.</p>
+<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-auth/tree/16.0/vault_share">OCA/server-auth</a> project on GitHub.</p>
+<p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
+</div>
+</div>
+</body>
+</html>
diff --git a/vault_share/static/src/backend/fields/templates.xml b/vault_share/static/src/backend/fields/templates.xml
new file mode 100644
index 0000000000..90dab33f05
--- /dev/null
+++ b/vault_share/static/src/backend/fields/templates.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<templates id="template" xml:space="preserve">
+    <t
+        t-name="vault.FieldShareVault"
+        t-inherit="vault.FieldVault"
+        t-inherit-mode="primary"
+        owl="1"
+    >
+        <xpath expr="//div[@t-elif='props.readonly']" position="attributes">
+            <attribute name="t-elif">!isNew</attribute>
+        </xpath>
+    </t>
+
+    <t
+        t-name="vault.FileShareVault"
+        t-inherit="web.BinaryField"
+        t-inherit-mode="primary"
+        owl="1"
+    >
+        <xpath expr="//t[@t-if='!props.readonly']" position="attributes">
+            <attribute name="t-if">isNew</attribute>
+        </xpath>
+    </t>
+
+    <t t-name="vault.FieldPinVault" owl="1">
+        <div class="o_vault o_vault_error" t-if="!supported()">
+            <span>*******</span>
+        </div>
+        <div class="o_vault" t-else="">
+            <t t-call="vault.Field.buttons" />
+            <span t-esc="formattedValue" t-ref="span" />
+        </div>
+    </t>
+
+    <t t-inherit="vault.FieldVault" t-inherit-mode="extension" owl="1">
+        <xpath expr="//span[hasclass('o_vault_buttons')]" position="inside">
+            <button
+                t-if="shareButton"
+                class="btn btn-secondary btn-sm fa fa-external-link o_vault_share"
+                title="Share the secret with an external user"
+                aria-label="Share the secret with an external user"
+                t-on-click="_onShareValue"
+            />
+        </xpath>
+    </t>
+</templates>
diff --git a/vault_share/static/src/backend/fields/vault_field.esm.js b/vault_share/static/src/backend/fields/vault_field.esm.js
new file mode 100644
index 0000000000..57190388cb
--- /dev/null
+++ b/vault_share/static/src/backend/fields/vault_field.esm.js
@@ -0,0 +1,45 @@
+/** @odoo-module **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import VaultField from "vault.field";
+import {_lt} from "@web/core/l10n/translation";
+import {patch} from "@web/core/utils/patch";
+import sh_utils from "vault.share.utils";
+import utils from "vault.utils";
+import vault from "vault";
+
+// Extend the widget to share
+patch(VaultField.prototype, "vault_share", {
+    /**
+     * Share the value for an external user
+     *
+     * @private
+     */
+    async _onShareValue() {
+        const iv = await utils.generate_iv_base64();
+        const pin = sh_utils.generate_pin(sh_utils.PinSize);
+        const salt = utils.generate_bytes(utils.SaltLength).buffer;
+        const key = await utils.derive_key(pin, salt, utils.Derive.iterations);
+        const public_key = await vault.get_public_key();
+        const value = await this._decrypt(this.value);
+
+        this.action.doAction({
+            type: "ir.actions.act_window",
+            title: _lt("Share the secret"),
+            target: "new",
+            res_model: "vault.share",
+            views: [[false, "form"]],
+            context: {
+                default_secret: await utils.sym_encrypt(key, value, iv),
+                default_pin: await utils.asym_encrypt(
+                    public_key,
+                    pin + utils.generate_iv_base64()
+                ),
+                default_iterations: utils.Derive.iterations,
+                default_iv: iv,
+                default_salt: utils.toBase64(salt),
+            },
+        });
+    },
+});
diff --git a/vault_share/static/src/backend/fields/vault_pin_field.esm.js b/vault_share/static/src/backend/fields/vault_pin_field.esm.js
new file mode 100644
index 0000000000..b64a6a2ba9
--- /dev/null
+++ b/vault_share/static/src/backend/fields/vault_pin_field.esm.js
@@ -0,0 +1,110 @@
+/** @odoo-module **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import {Component, useRef, useState} from "@odoo/owl";
+import VaultMixin from "vault.mixin";
+import {_lt} from "@web/core/l10n/translation";
+import {registry} from "@web/core/registry";
+import sh_utils from "vault.share.utils";
+import {useService} from "@web/core/utils/hooks";
+import utils from "vault.utils";
+import vault from "vault";
+
+export default class VaultPinField extends VaultMixin(Component) {
+    setup() {
+        super.setup();
+
+        this.action = useService("action");
+        this.span = useRef("span");
+        this.state = useState({
+            decrypted: false,
+            decryptedValue: "",
+        });
+
+        this.context = this.env.searchModel.context;
+        this.props.readonly = true;
+    }
+
+    get sendButton() {
+        return false;
+    }
+    get generateButton() {
+        return false;
+    }
+    get saveButton() {
+        return false;
+    }
+
+    /**
+     * Get the decrypted value or a placeholder
+     *
+     * @returns the decrypted value or a placeholder
+     */
+    get formattedValue() {
+        if (!this.props.value) return "";
+        if (this.state.decrypted) return this.state.decryptedValue || "*******";
+        return "*******";
+    }
+
+    /**
+     * Decrypt the value using the private key of the vault and slice it to
+     * the actual pin size because there is a salt following
+     *
+     * @private
+     * @param {String} data
+     * @returns the decrypted data
+     */
+    async _decrypt(data) {
+        if (!data) return data;
+
+        const pin_size = this.context.pin_size || sh_utils.PinSize;
+
+        const private_key = await vault.get_private_key();
+        const plain = await utils.asym_decrypt(private_key, data);
+        return plain.slice(0, pin_size);
+    }
+
+    /**
+     * Copy the decrypted secret to the clipboard
+     *
+     * @param {Object} ev
+     */
+    async _onCopyValue(ev) {
+        ev.stopPropagation();
+
+        const value = await this._decrypt(this.props.value);
+        await navigator.clipboard.writeText(value);
+    }
+
+    /**
+     * Toggle between visible and invisible secret
+     *
+     * @param {Object} ev
+     */
+    async _onShowValue(ev) {
+        ev.stopPropagation();
+
+        this.state.decrypted = !this.state.decrypted;
+        if (this.state.decrypted) {
+            this.state.decryptedValue = await this._decrypt(this.props.value);
+        } else {
+            this.state.decryptedValue = "";
+        }
+
+        await this.showValue();
+    }
+
+    /**
+     * Update the value shown
+     */
+    async showValue() {
+        this.span.el.innerHTML = this.formattedValue;
+    }
+}
+
+VaultPinField.displayName = _lt("Vault Pin Field");
+VaultPinField.supportedTypes = ["char"];
+VaultPinField.template = "vault.FieldPinVault";
+
+registry.category("fields").add("vault_pin", VaultPinField);
diff --git a/vault_share/static/src/backend/fields/vault_share_field.esm.js b/vault_share/static/src/backend/fields/vault_share_field.esm.js
new file mode 100644
index 0000000000..a7fd110fef
--- /dev/null
+++ b/vault_share/static/src/backend/fields/vault_share_field.esm.js
@@ -0,0 +1,15 @@
+/** @odoo-module alias=vault.share.field **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import VaultField from "vault.field";
+import VaultShareMixin from "vault.share.mixin";
+import {_lt} from "@web/core/l10n/translation";
+import {registry} from "@web/core/registry";
+
+export default class VaultShareField extends VaultShareMixin(VaultField) {}
+
+VaultShareField.displayName = _lt("Vault Share Field");
+VaultShareField.template = "vault.FieldShareVault";
+
+registry.category("fields").add("vault_share_field", VaultShareField);
diff --git a/vault_share/static/src/backend/fields/vault_share_file.esm.js b/vault_share/static/src/backend/fields/vault_share_file.esm.js
new file mode 100644
index 0000000000..4b8f45130f
--- /dev/null
+++ b/vault_share/static/src/backend/fields/vault_share_file.esm.js
@@ -0,0 +1,15 @@
+/** @odoo-module alias=vault.share.file **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import VaultFile from "vault.file";
+import VaultShareMixin from "vault.share.mixin";
+import {_lt} from "@web/core/l10n/translation";
+import {registry} from "@web/core/registry";
+
+export default class VaultShareFile extends VaultShareMixin(VaultFile) {}
+
+VaultShareFile.displayName = _lt("Vault Share Field");
+VaultShareFile.template = "vault.FileShareVault";
+
+registry.category("fields").add("vault_share_file", VaultShareFile);
diff --git a/vault_share/static/src/backend/fields/vault_share_mixin.esm.js b/vault_share/static/src/backend/fields/vault_share_mixin.esm.js
new file mode 100644
index 0000000000..ac84f3b822
--- /dev/null
+++ b/vault_share/static/src/backend/fields/vault_share_mixin.esm.js
@@ -0,0 +1,164 @@
+/** @odoo-module alias=vault.share.mixin **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import sh_utils from "vault.share.utils";
+import utils from "vault.utils";
+import vault from "vault";
+
+export default (x) => {
+    class Extended extends x {
+        setup() {
+            super.setup();
+
+            this.context = this.env.searchModel.context;
+        }
+
+        get shareButton() {
+            return false;
+        }
+        get sendButton() {
+            return false;
+        }
+        get isNew() {
+            return this.props.record.isNew;
+        }
+
+        /**
+         * Encrypt the pin with a random salt to make it hard to guess him by
+         * encrypting every possilbilty with the public key. Store the pin in the
+         * proper field
+         *
+         * @private
+         * @param {String} pin
+         */
+        async _storePin(pin) {
+            const salt = utils.generate_iv_base64();
+            const crypted_pin = await utils.asym_encrypt(
+                await vault.get_public_key(),
+                pin + salt
+            );
+            await this._setFieldValue(this.props.fieldPin, crypted_pin);
+        }
+
+        /**
+         * Get the iterations
+         *
+         * @returns iterations for the password derivation
+         */
+        async _getIterations() {
+            const record = this.props.record;
+            if (!record) return utils.Derive.iterations;
+            const iterations = record.data.iterations || utils.Derive.iterations;
+            await this._setFieldValue(this.props.fieldIterations, iterations);
+            return iterations;
+        }
+
+        /**
+         * Returns the pin from the class, record data, or generate a new pin if
+         * none s currently available
+         *
+         * @private
+         * @returns the pin
+         */
+        async _getPin() {
+            const record = this.props.record;
+            if (!record) return null;
+
+            const pin_size = this.context.pin_size || sh_utils.PinSize;
+
+            let pin = record.data[this.props.fieldPin];
+            if (pin) {
+                // Decrypt the pin and slice him to the configured pin size
+                const private_key = await vault.get_private_key();
+                const plain = await utils.asym_decrypt(private_key, pin);
+                if (!plain) return null;
+
+                pin = plain.slice(0, pin_size);
+                return pin;
+            }
+
+            // Generate a new pin and store it
+            pin = sh_utils.generate_pin(pin_size);
+            await this._storePin(pin);
+            return pin;
+        }
+
+        /**
+         * Returns the salt from the class, record data, or generate a new salt if
+         * none is currently available
+         *
+         * @private
+         * @returns the salt
+         */
+        async _getSalt() {
+            const record = this.props.record;
+            if (!record) return null;
+
+            let salt = record.data[this.props.fieldSalt];
+            if (salt) return salt;
+
+            // Generate a new salt and store him
+            salt = utils.toBase64(utils.generate_bytes(utils.SaltLength).buffer);
+            await this._setFieldValue(this.props.fieldSalt, salt);
+            return salt;
+        }
+
+        /**
+         * Decrypt the encrypted data using the pin, IV and salt
+         *
+         * @private
+         * @param {String} crypted
+         * @returns the decrypted secret
+         */
+        async _decrypt(crypted) {
+            if (!utils.supported()) return null;
+
+            if (crypted === false) return false;
+
+            if (!this.props.value) return this.props.value;
+
+            const iv = await this._getIV();
+            const pin = await this._getPin();
+            const salt = utils.fromBase64(await this._getSalt());
+            const iterations = await this._getIterations();
+
+            const key = await utils.derive_key(pin, salt, iterations);
+            return await utils.sym_decrypt(key, crypted, iv);
+        }
+
+        /**
+         * Encrypt the data using the pin, IV and salt
+         *
+         * @private
+         * @param {String} data
+         * @returns the encrypted secret
+         */
+        async _encrypt(data) {
+            if (!utils.supported()) return null;
+
+            const iv = await this._getIV();
+            const pin = await this._getPin();
+            const salt = utils.fromBase64(await this._getSalt());
+            const iterations = await this._getIterations();
+
+            const key = await utils.derive_key(pin, salt, iterations);
+            return await utils.sym_encrypt(key, data, iv);
+        }
+    }
+
+    Extended.defaultProps = {
+        ...x.defaultProps,
+        fieldPin: "pin",
+        fieldSalt: "salt",
+        fieldIterations: "iterations",
+    };
+    Extended.props = {
+        ...x.props,
+        fieldIterations: {type: String, optional: true},
+        fieldPin: {type: String, optional: true},
+        fieldSalt: {type: String, optional: true},
+    };
+
+    return Extended;
+};
diff --git a/vault_share/static/src/backend/vault_share.scss b/vault_share/static/src/backend/vault_share.scss
new file mode 100644
index 0000000000..09e4e6b160
--- /dev/null
+++ b/vault_share/static/src/backend/vault_share.scss
@@ -0,0 +1,3 @@
+.o_vault_share {
+    white-space: pre-wrap;
+}
diff --git a/vault_share/static/src/common/utils.esm.js b/vault_share/static/src/common/utils.esm.js
new file mode 100644
index 0000000000..0523dbb47b
--- /dev/null
+++ b/vault_share/static/src/common/utils.esm.js
@@ -0,0 +1,16 @@
+/** @odoo-module alias=vault.share.utils **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import utils from "vault.utils";
+
+const PinSize = 5;
+
+function generate_pin(pin_size) {
+    return utils.generate_secret(pin_size, "0123456789");
+}
+
+export default {
+    PinSize: PinSize,
+    generate_pin: generate_pin,
+};
diff --git a/vault_share/static/src/frontend/share.esm.js b/vault_share/static/src/frontend/share.esm.js
new file mode 100644
index 0000000000..db8b771856
--- /dev/null
+++ b/vault_share/static/src/frontend/share.esm.js
@@ -0,0 +1,90 @@
+/** @odoo-module **/
+// © 2021-2024 Florian Kantelberg - initOS GmbH
+// License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import utils from "vault.utils";
+
+const data = {};
+
+// Find the elements in the document and check if they have values
+function find_elements() {
+    for (const id of [
+        "encrypted",
+        "salt",
+        "iv",
+        "encrypted_file",
+        "filename",
+        "iterations",
+    ])
+        if (!data[id]) {
+            const element = document.getElementById(id);
+            data[id] = element && element.value;
+        }
+}
+
+function toggle_alert(element, successful) {
+    if (element) {
+        element.classList.add(successful ? "alert-success" : "alert-danger");
+        element.classList.remove(successful ? "alert-danger" : "alert-success");
+    }
+}
+
+function show(selector) {
+    const element = document.querySelector(selector);
+    if (element) element.classList.remove("o_hidden");
+}
+
+function hide(selector) {
+    const element = document.querySelector(selector);
+    if (element) element.classList.add("o_hidden");
+}
+
+document.getElementById("pin").onchange = async function () {
+    if (!utils.supported()) return;
+
+    find_elements();
+
+    // Derive the key from the pin
+    const key = await utils.derive_key(
+        this.value,
+        utils.fromBase64(data.salt),
+        data.iterations
+    );
+
+    hide("#secret_group");
+    hide("#file_group");
+
+    const pin = document.getElementById("pin");
+    const secret = document.getElementById("secret");
+    const secret_file = document.getElementById("secret_file");
+    if (!secret && !secret_file) return;
+
+    // There is no secret to decrypt
+    if (!this.value) {
+        toggle_alert(pin, false);
+        return;
+    }
+
+    // Decrypt the data and show the value
+    if (data.encrypted) {
+        secret.value = await utils.sym_decrypt(key, data.encrypted, data.iv);
+        toggle_alert(pin, secret.value);
+        show("#secret_group");
+    }
+
+    if (data.encrypted_file) {
+        const content = atob(
+            await utils.sym_decrypt(key, data.encrypted_file, data.iv)
+        );
+        const buffer = new ArrayBuffer(content.length);
+        const arr = new Uint8Array(buffer);
+        for (let i = 0; i < content.length; i++) arr[i] = content.charCodeAt(i);
+        const file = new Blob([arr]);
+
+        secret_file.text = data.filename;
+        secret_file.setAttribute("href", window.URL.createObjectURL(file));
+        secret_file.setAttribute("download", data.filename);
+        toggle_alert(pin, content);
+        show("#file_group");
+    }
+};
diff --git a/vault_share/tests/__init__.py b/vault_share/tests/__init__.py
new file mode 100644
index 0000000000..a2758c5219
--- /dev/null
+++ b/vault_share/tests/__init__.py
@@ -0,0 +1,4 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import test_share
diff --git a/vault_share/tests/test_share.py b/vault_share/tests/test_share.py
new file mode 100644
index 0000000000..5225bdca04
--- /dev/null
+++ b/vault_share/tests/test_share.py
@@ -0,0 +1,78 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import json
+import logging
+from datetime import datetime
+from uuid import uuid4
+
+from odoo.tests import TransactionCase
+from odoo.tools import mute_logger
+
+from odoo.addons.website.tools import MockRequest
+
+from ..controllers import main
+
+_logger = logging.getLogger(__name__)
+
+
+class TestShare(TransactionCase):
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+
+        cls.user = cls.env.user
+        cls.vals = {
+            "name": f"Share {cls.user.name}",
+            "secret": "secret",
+            "salt": "sa17",
+            "iv": "1v",
+            "pin": "12345",
+        }
+
+        cls.share = cls.env["vault.share"].create(cls.vals)
+
+    @mute_logger("odoo.sql_db")
+    def test_share(self):
+        self.assertEqual(self.share, self.share.get(self.share.token))
+        self.assertIn(self.share.token, self.share.share_link)
+
+        # Nothing should happen
+        self.share.clean()
+        self.assertEqual(self.share, self.share.get(self.share.token))
+
+        # Deletion because of accesses
+        share = self.share.create(self.vals)
+        share.accesses = 0
+        self.assertEqual(None, share.get(share.token))
+
+        # Deletion because of expiration
+        share = self.share.create(self.vals)
+        share.expiration = datetime(1970, 1, 1)
+        self.assertEqual(None, share.get(share.token))
+
+        # Search for invalid token
+        self.assertEqual(share.browse(), share.get(uuid4()))
+
+    @mute_logger("odoo.sql_db")
+    def test_vault_share(self):
+        def return_context(template, context):
+            self.assertEqual(template, "vault_share.share")
+            return json.dumps(context)
+
+        def load(response):
+            return json.loads(response.data)
+
+        with MockRequest(self.env) as request_mock:
+            request_mock.render = return_context
+            controller = main.Controller()
+
+            response = load(controller.vault_share(""))
+            self.assertIn("error", response)
+
+            response = load(controller.vault_share(self.share.token))
+            self.assertEqual(response["salt"], self.share.salt)
+
+            self.share.accesses = 0
+            response = load(controller.vault_share(self.share.token))
+            self.assertIn("error", response)
diff --git a/vault_share/views/menuitems.xml b/vault_share/views/menuitems.xml
new file mode 100644
index 0000000000..639332a0fc
--- /dev/null
+++ b/vault_share/views/menuitems.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="action_vault_share" model="ir.actions.act_window">
+        <field name="name">Shares</field>
+        <field name="res_model">vault.share</field>
+        <field name="view_mode">tree,form</field>
+    </record>
+
+    <menuitem
+        id="menu_vault_share"
+        groups="base.group_user"
+        parent="vault.menu_vault"
+        action="action_vault_share"
+        sequence="45"
+    />
+</odoo>
diff --git a/vault_share/views/res_config_settings_views.xml b/vault_share/views/res_config_settings_views.xml
new file mode 100644
index 0000000000..971759c497
--- /dev/null
+++ b/vault_share/views/res_config_settings_views.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="res_config_settings_view_form" model="ir.ui.view">
+        <field name="name">res.config.settings.view.form</field>
+        <field name="model">res.config.settings</field>
+        <field name="inherit_id" ref="vault.res_config_settings_view_form" />
+        <field name="arch" type="xml">
+            <div id="vault_share" position="after">
+                <div class="col-xs-12 col-md-6 o_setting_box" id="vault_share">
+                    <div class="o_setting_right_pane">
+                        <div class="o_form_label">Delay the deletion of shares</div>
+                        <field name="vault_share_delay" /> Days
+                    </div>
+                </div>
+            </div>
+        </field>
+    </record>
+</odoo>
diff --git a/vault_share/views/templates.xml b/vault_share/views/templates.xml
new file mode 100644
index 0000000000..093369c127
--- /dev/null
+++ b/vault_share/views/templates.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <template id="share">
+        <t t-call="web.login_layout">
+            <t
+                t-call-assets="vault_share.assets_frontend"
+                t-css="false"
+                defer_load="True"
+            />
+
+            <input type="hidden" id="encrypted" t-att-value="encrypted" />
+            <input type="hidden" id="encrypted_file" t-att-value="encrypted_file" />
+            <input type="hidden" id="filename" t-att-value="filename" />
+            <input type="hidden" id="salt" t-att-value="salt" />
+            <input type="hidden" id="iv" t-att-value="iv" />
+            <input type="hidden" id="iterations" t-att-value="iterations" />
+
+            <div class="form-group" t-if="not error">
+                <label for="pin">Enter the pin:</label>
+                <input type="text" id="pin" class="form-control col-12 alert-danger" />
+            </div>
+
+            <p class="alert alert-danger" t-if="error" role="alert" t-esc="error" />
+            <p
+                class="alert alert-success"
+                t-if="message"
+                role="status"
+                t-esc="message"
+            />
+
+            <div id="secret_group" class="form-group o_hidden" t-if="encrypted">
+                <label for="secret">Shared secret:</label>
+                <input
+                    type="text"
+                    id="secret"
+                    readonly="readonly"
+                    class="col-12 form-control"
+                />
+            </div>
+
+            <div id="file_group" class="form-group o_hidden" t-if="encrypted_file">
+                <label for="secret">Shared file:</label>
+                <div class="col-12">
+                    <a href="" id="secret_file" class="form-control" />
+                </div>
+            </div>
+        </t>
+    </template>
+</odoo>
diff --git a/vault_share/views/vault_share_views.xml b/vault_share/views/vault_share_views.xml
new file mode 100644
index 0000000000..ad45e74b05
--- /dev/null
+++ b/vault_share/views/vault_share_views.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="view_vault_share_tree" model="ir.ui.view">
+        <field name="model">vault.share</field>
+        <field name="arch" type="xml">
+            <tree>
+                <field name="name" />
+                <field name="share_link" widget="url" />
+            </tree>
+        </field>
+    </record>
+
+    <record id="view_vault_share_form" model="ir.ui.view">
+        <field name="model">vault.share</field>
+        <field name="arch" type="xml">
+            <form>
+                <sheet>
+                    <group>
+                        <field name="token" invisible="1" />
+                        <field name="iv" invisible="1" />
+                        <field name="salt" invisible="1" />
+                        <field name="iterations" invisible="1" />
+                        <field name="filename" invisible="1" />
+
+                        <field name="name" />
+                        <field name="share_link" widget="url" />
+                        <field name="pin" widget="vault_pin" />
+                        <field name="expiration" />
+                        <field name="accesses" />
+                        <field name="secret" widget="vault_share_field" />
+                        <field
+                            name="secret_file"
+                            filename="filename"
+                            widget="vault_share_file"
+                        />
+                    </group>
+
+                    <label for="log_ids" />
+                    <field name="log_ids" options="{'no_open': True}">
+                        <tree>
+                            <field name="name" />
+                            <field name="create_date" />
+                        </tree>
+                    </field>
+                </sheet>
+            </form>
+        </field>
+    </record>
+</odoo>