All my data lost - "Failed to create remote project"

[PerLycke]

Expected Behavior

I had a lot of local data setup. After creating an account using Google, migration tool reports "Failed to create remote project". Everything seems lost, I have no idea how to recover my local data. I'm in the middle of some big work and this is truly screwed up as the app was auto-updated.

Actual Behavior

"Failed to create remote project"

Reproduction Steps

No response

Is there an existing issue for this?

• [X] I have searched the issue tracker for this problem.

Additional Information

No response

Insomnia Version

8.0

What operating system are you using?

macOS

Operating System Version

13.6

Installation method

downloaded

Last Known Working Insomnia version

Before 8.0

[javibookline]

thanks for making life difficult for all of us

[subnetmarco]

I'd like to ask a few questions, so I understand better some assumptions on my part that may be wrong:

1. How important is E2EE encryption to you all? We went the extra step to implement E2EE pretty much everywhere we could (it was a huge effort) but I seem to understand that it doesn't matter that much. With E2EE essentially nobody can access the data, not even we can do it, but it seems like it's not making anybody at ease still.
2. Let's say that we present a 3rd party independent auditing report from a reputable source that validates that your data - even when stored in the cloud - is fully encrypted, would that even ease things out? Again, this data is inaccessible without the correct passphrase that only the user knows.
3. The local storage capability was very complex and - knowing we have E2EE - we wanted to greatly simplify the complexity of the application while at the same time supporting our customers that require more and more collaboration features. Let's assume that we ship an offering for "Local Vault" where:
   • You can keep your collections, design specs and overall data local only, encrypted on a project by project basis.
   • Collaboration is disabled by default, but you could still optionally enable it in the cloud (with E2EE) in case you wanted to do that in the future, to not preclude users that do want to collaborate from being able to do so.
   • We would properly staff for the long-term continuity of this capability and make it officially supported as part of our offering for a monthly/annual subscription fee.
   • Would this be something that you would use?
4. Finally, when it comes to API data, typically there are URLs with their parameters and responses, then there are credentials and secrets stored in cookies and/or environment files:
   • Would storing locally environments, cookies and authentications only be sufficient for your use-case, or does it have to include also the "interface" of the collection routes (the URLs, the empty params, etc)?

cc @wodrich @minusfive @artiebob @gabel and others.

[Mudbill]

I appreciate the attempt to correct things. However, while encryption is important and should be a given for any sync service, it's not enough to guarantee safety for every situation. If the encryption is really strong but a password is weak, it can be cracked. Regardless it could be leaked. That's an unnecessary risk for many.

The sync part must be opt-in in my opinion. Only that can satisfy both those who want the convenience of sync and the reduced risk of local.

[iradofurioso]

Sending my data to someone's computer, in reality, a cloud server is it! It can be encrypted or whatever, but still, I'm relying on someone's computer. There's no free lunch. Who is going to pay for that? Server? Storage? Energy? If you are not paying, it is because you are the product, or insomnia is thinking to get some data to profit, or insomnia is planning to charge soon and you are in their hands. Nobody is that kind to give free server access for free.

[nabilfreeman]

We don't want cloud and we don't want user accounts

[davehouser1]

I did a back up before I upgraded. I then went through the wizard like everyone else did and missed the "export" section. So after all that the scratch pad has none of my data.
I tried going to where import was before Preferences > Data, but "import" is greyed out, wtf? However if you go to the top left and select "Scratch Pad" > "Import" you can import the data.

Biggest problem with this, where the hell is Unit Testing? I had 100's of tests that I auto ran. They are all gone, and I cant seem to find a way to view tests in the scratch pad. Is this feature dead?

Is this what the Kong team has been working on for months? This is so many steps backwards. @subnetmarco, your solution to just "downgrade" is not a good solution at all. That means I can never upgrade again? Do I have to constantly check if new updates will include the features my old export needs?

But I guess this is what's happening now in software. Its not cheep or easy to support software. Giving out a product for free just to get word of mouth is a ending trend. I will never trust a company that says "we don't have access to your data" when the application forces you to create online accounts and sync data. More so my company (and many others) don't support this, its 0 trust sir, does not matter if you say you don't have access to our data, we will not support this.

Unfortunately I have to downgrade and use this older version because I have yet to see a worthy, free alternative that is not Postman. And right now our company does not allow Postman, wont be surprised if Insomina will be dropped too.

EDIT: Unit tests are still there, you have to login to use them though see this discussion.

[phil-nelson-bt]

First off, all of us complaining about something that is released for free and for which the source is available, triggers a lot of bad memories from open source projects I've been involved with, none of which have anywhere near the reach of Insomnia. Trying to find a way that at least some people can support the developers so they aren't burned out volunteers makes it more likely the thing will be around. In this case it is probably employees, but how to use the time still is an important question.

@subnetmarco to answer some of your questions:

• if we were to accept a cloud based solution, E2EE encryption with a good audit history, would be more acceptable. Not sure if that means we'd purchase a subscription, but more likely
• on a side note, people who really think that their local workstation is more secure than a company that with an audited design and controls that is trying to protect your data, clearly haven't followed the history of hacking and today's ransomware attacks.
• locally encrypted secrets would be great, possibly a feature worth paying for. using keychain's locally doesn't seem that hard either
• keeping urls, parameters, body shapes, responses private, yeah that stuff would be gold for a hacker looking for vulnerabilities and design weaknesses. Perhaps keeping it local is enough, not encrypted.

[eat-pant]

1. How important is E2EE encryption to you all?
2. Let's say that we present a 3rd party independent auditing report from a reputable source that validates that your data - even when stored in the cloud - is fully encrypted, would that even ease things out?

3. The local storage capability was very complex and - knowing we have E2EE - we wanted to greatly simplify the complexity of the application while at the same time supporting our customers that require more and more collaboration features. Let's assume that we ship an offering for "Local Vault" where:

   • Would this be something that you would use?
4. • Would storing locally environments, cookies and authentications only be sufficient for your use-case, or does it have to include also the "interface" of the collection routes (the URLs, the empty params, etc)?

cc @wodrich @minusfive @artiebob @gabel and others.

Good questions! @subnetmarco

At least for us, cloud-syncing (E2EE or not) simply represents an added layer of risk and complexity with limited impact on conduct of 99% of daily work, when the majority of testing taking place is from the test application towards a localhost VM on the same machine, or a test environment from within the same building/network with no external connectivity needed.

I can't speak for everyone, but E2EE could certainly be a nice to have in some cases, but really represents only a fraction of many concerns/strategies in order to operate in a legally compliant way, especially from a data handling and security risk perspective. Industries like Banking, Healthcare, Industrial Sector, IOT Home Systems and many others have very very strict regulations in order to be allowed to conduct business, which comes with a large list of security controls, monitoring, data handling, traceability, auditing, training and infrastructure management that must be adhered to, regardless if the developer/tester feels it is secure or not.

[subnetmarco]

@eat-pant Have you seen the new 8.3 release? It allows you to store data locally again, without the Cloud Sync. So now you can choose between Local, Cloud or Git at your discretion.

[iradofurioso]

@eat-pant Have you seen the new 8.3 release? It allows you to store data locally again, without the Cloud Sync. So now you can choose between Local, Cloud or Git at your discretion.

Come on... are you joking with us? I downloaded this 8.3v I tried to import the very same file of my old Insomnia and I got this message:

Error while importing to Insomnia: Cannot import multiple files to ScratchPad. Please try to import your files one by one.

I just informed one file!

[subnetmarco]

@iradofurioso

• Scratch Pad is only for one collection.
• All the other capabilities are available after creating an account. And with an account, you can choose between Local Vault, Cloud Sync and Git Sync.

You can still import one collection into Scratch Pad - but when I talk about product capabilities, I am referring to the full product capabilities available after logging in.

[iradofurioso]

@iradofurioso

• Scratch Pad is only for one collection.
• All the other capabilities are available after creating an account. And with an account, you can choose between Local Vault, Cloud Sync and Git Sync.

You can still import one collection into Scratch Pad - but when I talk about product capabilities, I am referring to the full product capabilities available after logging in.

🤡

well I wont create an account, you guys still playing with the ones who used the tool for a long time and have a lot of projects and now you are forcing to create an account. Last try I gonna uninstall and move to another tool, hopefully theres a lot on the web.

[subnetmarco]

That's perfectly reasonable, you can use one of the many export data buttons if you wish to access your data and re-import it somewhere else.

[gabel]

Just to have an answer here and to make it clear, it is not about E2EE encryption. There are always environments where air gapped and/or non-account use-cases are valid.

[subnetmarco]

@satokenta940 this is not a billboard.