downtownallday / cloudinabox

An installation of Nextcloud that borrows some of the "Mail-in-a-Box" code and standards
Other
2 stars 1 forks source link

Bitwarden password manager as part of cloudinabox #11

Open dumblob opened 3 years ago

dumblob commented 3 years ago

During testing of Nextcloud as potential medium enterprise "dashboard" and main communication interface, we found out, that one of the biggest pains we still have is the lack of intuitive and highly secure way of handling credentials, keys, passwords, etc.

There are several Nextcloud apps, but they feel like a joke - because they're generally much less integrated (and much less intuitive!) than solutions like LastPass or Bitwarden etc.

We like Bitwarden the most, because it's open source with security verified source, and also because it has a different philosophy for private versus business handling of credentials than e.g. LastPass (Bitwarden has a private account and business accounts are being connected "into" this private account whereas LastPass has a business account and private accounts are being connected "into" this business account).

There is an alternative very light-weight Bitwarden backend implementation bitwarden_rs supporting LDAP, SMTP emailing and Fail2Ban.

Do you think Bitwarden would make sense also for other Nextcloud users and could be integrated into cloudinabox?

I admit, that I don't know how much maintenance it'll require, but I have high hopes there won't be much (if any) work needed - the community around bitwarden_rs seems mature and knowing what they do, so updates (incl. automated migrations) etc. shouldn't be a big concern.

downtownallday commented 3 years ago

I haven't heard of anyone asking for this, but it sounds useful, and if you wanted to add it to allow others to use it as well, I would suggest creating a script in "setup/mods-available/" that would do the work necessary to install/upgade/etc the bitwarden feature. Anyone wanting to install the feature would link to it from "local/" causing it to be executed every time setup is run.

dumblob commented 3 years ago

I haven't heard of anyone asking for this

Yeah - the world still did not learn how to safely work with credentials :cry:.

A good way to find out is by asking your customers/users how they handle all their credentials while mentioning this all-in-one solution. I bet you'd get 100% interest in such a solution :wink:.

I would suggest creating a script in "setup/mods-available/" that would do the work necessary to install/upgade/etc the bitwarden feature. Anyone wanting to install the feature would link to it from "local/" causing it to be executed every time setup is run.

Thanks for the pointer. Would you then at some point accept it as a PR? It'll take an undefined amount of time (we'll need to allocate resources which'll be difficult considering our tinkering with Nextcloud is already a strongly underfunded endeavor :cry:).

But of course, we'll be happy to collaborate with anyone wanting to take a look at it earlier.