Policy password force startswith alphabetical character

Hi,

I already used password policy to generate password with Vault.
Now i need to create a policy where the password generated must start with an alphabetical character.

Below an example of a policy :

{
   "policy":"length = 15\nrule \"charset\" {\n  charset = \"abcdefghijklmnopqrstuvwxyz\"\n  min-chars = 2\n}\nrule \"charset\" {\n  charset = \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\"\n  min-chars = 2\n}\nrule \"charset\" {\n  charset = \"0123456789\"\n  min-chars = 2\n}\nrule \"charset\" {\n  charset = \"-_%;!\"\n  min-chars = 4\n}\n"
}

Do you know if it’s possible to force the policy to start with alphabetical character?

Thanks for your help,

Matt

As you can see in the documentation, the password policy feature is fairly limited, and does not allow you to describe such a restriction: Password Policies | Vault | HashiCorp Developer

So this is not possible.

1 Like

Hi,
Thanks for your reply.
So in my Ansible project i added a variable to start the password.

tmp_pwd_start: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters'], length=1) }}"

Thanks,
Matt