We are currently evaluating Vault for storing passwords. We’d like to generate passwords as well but as far as I understood, there is no possibility to create password policies with the KV secret engine, right?
Is it planned to implement this on the KV secret engine any time soon?
It depends on your workflow.
If you have a controlled process where the password gets generated and then stored by the process itself, then you can enforce this with Password Policies and generating the password as part of your process.
However, if you let users/processes store passwords in KV directly you could enforce this with Sentinel policies, but this requires an Enterprise license.
If neither of the above are an option then you are correct, no function exists to control content in KV secrets.