[Feature] Folder / Tag / Group sharing

[Ninos]

Hey there, is it possible to share complete folders or tags with a user group? Such feature would be awesome, e.g. for board/marketing/presales/customers groups :-)

PS: Thank you for the great alternative, which is much more integrated into nextcloud.

[Ninos]

Oh, seems dublicate of #18. Is there a reason, why you closed this ticket?

[marius-wieschollek]

The reason why #18 is closed is that it was just a question.

The feature itself is quite difficult to implement. The way Passwords is built prevents users from accessing any data which they do not own. Sharing works by copying the passwords via a privileged background job. This gets a lot more complicated when the object is shared with a group and even more complicated when it is implicitly shared trough a folder or a tag.

Currently the main focus is fixing bugs, then adding missing single-user functionality and providing better encryption options. After that browser extensions and apps will be updated. It will be probably 2019 before i have the necessary time for this functionality.

[Ninos]

Thanks for feedback. In NC13 the server-side-encryption was chanced so groups sharing is possible without re-encryption. This is possible by using the master-key which lower the security but enhance the usability. I think switching to this new workflow and implementing an optional e2e-encryption (based on nc) should bring enough security and also usability :-)

[Ninos]

BTW: For such feature request you can also ask for donations for faster implementation, see also: https://github.com/nextcloud/passman/issues/243

[tezukzai]

This app is just what I have been looking for! Great work.

I second the above. Sharing password folders or tags with circles from the circle app or by LDAP groups would be ideal. I'd be happy to contribute a donation to speed this up.

[pafcioooo]

Maybe it could be to start with something basic, like sharing to group would result in sharing each password individually to each member of the group. Of course it should work on groups made in nextcloud level, not only password app level (so the ldap groups can be used too).

Similar way we could add folder sharing, so when folder is shared individual passwords are shared.

In both options of course there should be some filed in db to track if the password is group/folder shared.

[Flore-mozfr]

I second this, very good idea. My usecase: Scout group, the leaders have each an account on the nextcloud instance. I organize them in groups (cubs, beavers, scouts, rovers...) so they can share with their co-leaders. And in september, we welcome new leaders, some leaders change units (from scouts to rover, for example), so I rearrange the groups. It would be great to be able to share the passwords the same way, So I don't need to rearrange passwords sharing, just the nextcloud groups.

BTW: I am talking of 30 to 40 users

[PhantomPhreak]

I'd like to have folder sharing feature too. Sharing a set of passwords that belongs to something will be more convenient than sharing passwords one by one.

[igloo777]

I agree with @PhantomPhreak, it's very actual if you have a big number of passwords.

[LucyDemooon]

yes it would be nice we also need an password manager for team but 20 or more user to share one by one is heavy, folder and group share with higher priority pls. @marius-wieschollek i will pay/spend money to this feature for higher priority

[alexanderdd]

came here to ask for this, too =)

@marius-wieschollek multiple people have offered financial contributions (@LucyDemooon @tezukzai ). Can you tell us how people can donate?

Also, people over at https://github.com/nextcloud/passman/issues/243 seem to have found some possibility to make it happen..

[Natureshadow]

At least two organisations I work with are in need of that, too ;)!

[mokkin]

For me the same. Group and folder/tag sharing would be really great! If you are interested in donations, please provide payment credentials such as IBAN or Paypal.

[Ninos]

Would also like to donate something if it speeds up the implementation. Just tell us your price, may we can collect some donations :-)

[mokkin]

There is an option to collect money via Paypal or on https://www.bountysource.com/ But I think @marius-wieschollek should start this if he accepts this way.

[git001]

I would also like to donate for this feature.

[clarm060]

I also Second the ability to Share Folders to groups and/or users. It would allow me to switch my team to this wonderful tool!

[perphilip]

This would be a great feature indeed, but already allowing to share with groups (specifically circles) would be a great start. Thanks for you work so far!

[grickard]

I also would be willing to donate if it would push the development of this feature. Another future feature that would be nice would be the ability to send password requests to people. My organization often needs credentials from clients and it would be nice if I could push a secure password request to them and have it automatically added into Passwords. I could see possible security concerns with this though.

[simondaigre]

I would also like to donate for this feature too.

[Djiock]

Hello ! With my company (heavy Nextcloud users) we need a password sharing solution and, using this one personally, I told it's awesome, it's just missing this essential feature... We're also willing to pay to have it, if that can be done withing the next few months :)

[JulesBalgue]

Hi,

We are ready to donate for this feature too.

Hope this feature will comes quickly ! :)

[nomad-lw]

+1 Would love to see this get implemented.

[ndom91]

+1 critical feature for our organization. Any word if there is any progress on this?

[neni84]

+1 I confirm that this functionality is essential for use in a company / work group.

[RailsViceRoads]

I'm looking for an nextcloud app to share "weak secrets" like codes for combination locks. For this kind of information it will be very useful to share folders with groups of users.

[Terrox]

I would like Folder Sharing too. So any future passwords I add will appear for shared users. It would also need to share sub-folders automatically too since I would have Company->Client->password type of structure.

[jinjanko]

guys, I really need this feature. How can I pay, or donate, or how could I be sure if I donate that it will be done? thank you very much. btw. Great app for nextcloud.

[JohannesHoffmann]

I would join jinjanko with a donation to see this nice featurerequest coming live!

[Ninos]

Same :D

[jcklpe]

Badly needed feature 👍

[anlarin]

This feature is very necessary. Your competitor passman does not have her. You must be the first to have this feature.

[waja]

This feature is very necessary. Your competitor passman does not have her. You must be the first to have this feature.

sorry @anlarin, but what is wrong with you? This is a volunteer project, calm down!

[roygeraets]

I would like and invest in this feature. Love the product! +1

[htc1977]

I would like and invest in this feature. Love the product! +1

me, too!

[Nils-Thiele]

Hi, is this feature still being considered or will it be dropped? @marius-wieschollek It's a great feature for a small teams. Maybe it's also possible to store the password database in a place where all users of the cloud can access it. :)

[Djiock]

Hi, is this feature still being considered or will it be dropped? @marius-wieschollek It's a great feature for a small teams. Maybe it's also possible to store the password database in a place where all users of the cloud can access it. :)

Seems to be considered for Q4 this year if we look at the roadmap : https://git.mdns.eu/nextcloud/passwords/wikis/Project/Roadmap Can't wait ! :)

[rwagnon]

My team would like to work on this feature. @marius-wieschollek do you have a work plan / concept that we could follow?

[marius-wieschollek]

I had planned to take a closer look at this after i'm done with the browser extension. I haven't made a plan, just some thoughts on the issue. Sharing is a nightmare of edge-cases and management functionality.

I would like to split this ticket into four new ones since folder sharing, tag sharing and group sharing are different features and Client-Side-Encryption should be part of the package. (Also this ticket is full of "+1" comments)

1. Encryption Issues

   • CSE is already there in the app, so the easiest way would be to use the existing CSE but add a new keychain that handles the keys of shared objects.
   • The big issue how to handle the keys. One key per object would result in a huge keychain. One key per account would mean that once someone shared one password with you, you could also decrypt all other shared objects from that user. (Evil admin issue) One key per share would cause conflicts (Sharing a subfolder or sharing also with a tag). Maybe one key per folder would work. Or maybe you can check which elements already have a shared key and then assign a new key to the rest with a maximum number of objects per key.
   • To get the keys to the other user i would imagine some kind of inbox. If you share something, the necessary keys are encrypted with a password, stored on the server and you have to give the password to the other user so that he can accept the share request and add the keys to his keychain.
   • You probably need different keychains for keys you shared and keys shared with you.

2. Sharing synchronization

   • The current system causes synchronization issues and misunderstandings for the users. The app does not allow any user to access the data of any other user. So there needs to be some kind of synchronization.
   • I would imagine a system, where the shared properties of an object are copied to a log table. When a shared object is requested, that table is checked for new data. If there is new data, a new revision is created, if not the current one is used.
   • If the check discovers that the password is no longer shared, it is deleted and a 404 is returned by the api.
   • The initial creation and regular synchronization would still be done by a cron job.
   • To keep track of which user has which revision of a shared object, i would probably introduce a less unique id, that is the same for each copy of a shared object or revision. This would also replace the id given to the user trough the api to make it clear that the objects are the same.

3. Folder sharing

   • Will it be possible to move a password outside the shared folder?
   • How is this handled if you're the owner, and how if you're not?

4. Tag sharing

   • Will it be possible to remove the tag if you're not the owner?

5. Group sharing

   • How is adding/removing users from the group handled?

[alexanderdd]

Hey, if I can offer my two cents: In our context it would be most useful to have folder sharing and be able to share that folder with individual nextcloud users or nextcloud groups. All password app behavior should follow the same logic as nextcloud files.

My opinion:

Folder sharing - should be implemented first

• Will it be possible to move a password outside the shared folder? - In the long run, it would be good to have a feature "copy entry to folder...". But it is not necessary now.
• How is this handled if you're the owner, and how if you're not? - No difference. If people have access to a password, they can also save it in another way, with or without a copying feature. Later on, it would be useful to implement read/write permissions for folders per user/group, and only owner can edit that.

Tag sharing - not neccessary ATM

• Will it be possible to remove the tag if you're not the owner? - No.

Group sharing - not neccessary ATM (later, it should work the same way as Group Folder App)

• How is adding/removing users from the group handled? - Same logic like data folders in Nextcloud files. Adding a user gives full access, removing a user deletes the folder. (After all, when an owner of a folder or admin removes someone from a share this has happened for a reason.)

  Maybe it makes sense to write some user stories or ask the community (in the forum, on facebook?) to describe some ways how they would like to use password sharing (including must-have and nice-to-have distinction).

[rwagnon]

Thank you. This gives a lot of initial information. I'll look at the code a bit to learn more about your observations.

---

From: M. Wieschollek notifications@github.com Sent: Sunday, February 9, 2020 6:51:03 AM To: marius-wieschollek/passwords passwords@noreply.github.com Cc: rwagnon rwagnon@acumen-corp.com; Comment comment@noreply.github.com Subject: Re: [marius-wieschollek/passwords] [Feature] Folder / Tag / Group sharing (#27)

I had planned to take a closer look at this after i'm done with the browser extension. I haven't made a plan, just some thoughts on the issue. Sharing is a nightmare of edge-cases and management functionality.

I would like to split this ticket into four new ones since folder sharing, tag sharing and group sharing are different features and Client-Side-Encryption should be part of the package. (Also this ticket is full of "+1" comments)

1. Encryption Issues

   • CSE is already there in the app, so the easiest way would be to use the existing CSE but add a new keychain that handles the keys of shared objects.
   • The big issue how to handle the keys. One key per object would result in a huge keychain. One key per account would mean that once someone shared one password with you, you could also decrypt all other shared objects from that user. (Evil admin issue) One key per share would cause conflicts (Sharing a subfolder or sharing also with a tag). Maybe one key per folder would work. Or maybe you can check which elements already have a shared key and then assign a new key to the rest with a maximum number of objects per key.
   • To get the keys to the other user i would imagine some kind of inbox. If you share something, the necessary keys are encrypted with a password, stored on the server and you have to give the password to the other user so that he can accept the share request and add the keys to his keychain.
   • You probably need different keychains for keys you shared and keys shared with you.

2. Sharing synchronization

   • The current system causes synchronization issues and misunderstandings for the users. The app does not allow any user to access the data of any other user. So there needs to be some kind of synchronization.
   • I would imagine a system, where the shared properties of an object are copied to a log table. When a shared object is requested, that table is checked for new data. If there is new data, a new revision is created, if not the current one is used.
   • If the check discovers that the password is no longer shared, it is deleted and a 404 is returned by the api.
   • The initial creation and regular synchronization would still be done by a cron job.
   • To keep track of which user has which revision of a shared object, i would probably introduce a less unique id, that is the same for each copy of a shared object or revision. This would also replace the id given to the user trough the api to make it clear that the objects are the same.

3. Folder sharing

   • Will it be possible to move a password outside the shared folder?
   • How is this handled if you're the owner, and how if you're not?

4. Tag sharing

   • Will it be possible to remove the tag if you're not the owner?

5. Group sharing

   • How is adding/removing users from the group handled?

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/marius-wieschollek/passwords/issues/27?email_source=notifications&email_token=ACXU762ERNDKXYHB7NXT5MLRB7U2PA5CNFSM4ES3X6F2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELGKEII#issuecomment-583836193, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ACXU7667G5KSF2A57MMYAKLRB7U2PANCNFSM4ES3X6FQ.

If you have a service request please send it to support@acumen-corp.com for prompt attention.

Confidentiality Notice:

The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.

[marius-wieschollek]

@alexanderdd The issue with moving passwords out of a folder is the data structure for everyone else with access to this objects. All passwords and folders need a parent folder. If that is missing, the object will be missing from the ui. There are the following options to work with that: a) If you move an object out of the shared folder, it will be removed from the shared objects and only exist in the account of the user which moved it. (Nextcloud handles it like that) b) If you move an object out of the shared folder, the system will ignore that for everyone else. Do we have to mark the object as "don't move" so it will not randomly be moved back if someone else moves it within the shared folder? (Probably the most user friendly) c) You can't move an object out of the shared folder. You will receive an error message. d) Folder structure is not synchronized. Only if the owner moves something out of the shared folder, it will be removed from the shared objects. Any moving action by another user only exists in his account. (Easiest method, just like with favorites)

I think a) will cause a lot of support overhead because people will not expect this behavior and will complain about passwords etc. suddenly missing from their accounts. c) will cause people to request that this option is added. d) sounds easy but will set users up for a disaster. You task your intern with bringing some structure in the shared passwords. He does so in his account and deletes no longer used folders afterwards. Suddenly all the passwords in those folders are deleted too, since they were still in those folders in the owner's account. I would prefer b) or c).

Group sharing [...] (later, it should work the same way as Group Folder App)

No it wouldn't. This means sharing an object with a group. Group folders in the app are different from that since they don't have an owner.

[joostvkempen]

For my organisation sharing like with 'group folder app' is the most preferable. It is a volunteer organisation that is organised in small, fixed teams. Every team is a Nextcloud group. So every volunteer has his own personal workspace ánd shared workspaces equal to the teams they participate in.

With the passwords I would like something similar: most of them are personal, only few are shared by the team or even the whole organisation. Most of these passwords have no organizational owner, they are linked to the team. So when team members change, the password will be persistent to the team.

For our organisation it's a problem when files (or in this case password objects) are owned by a single user. When this volunteer quits, the file or password will be gone for the rest of a team and for his successor.

As a workaround I sometimes use a admin-account that will share everything with the organisation and the teams. The admin-account is owned by a board member, next to his personal account. In this case sharing a folder to nextcloud groups would be the best option. And being able to set permissions for edit, delete etc.

This would be our use case. I'm not a developer, so can't help with the hard work, but I'm willing to support with testing or further thinking.

[rwagnon]

@marius-wieschollek As the primary developer, I think you should simply make the decision (after people comment.) I would like to see implementation of small practical steps so we can work to move it forward.

I believe option a) is the only realistic option. I use other systems (LastPass Enterprise and SolarWinds Passportal) and if someone removes something, it is simply gone. People can look at the audit history to see what happened. They should be able to move an entry from one Shared Folder to another if they want to keep it in circulation.

[rwagnon]

I've been using the Password Share tool and find that it is a decent short-term mechanism AS-IS. It isn't fancy, but I can share passwords with others. We can each organize them as we wish. With user training, I would even have everyone use a common folder structure to organize things. The two short-comings I notice are that only the owner can edit it and ownership cannot be transferred.

[rwagnon]

@marius-wieschollek I think we'll need a formal spec document with use-cases. We could create and share the document for comment. Ultimately, contributors get to work on whatever they need most.

[nicoh88]

+1 for sharing a password-folder with all included passwords! ❤️

[Ninos]

1. _Encryption Issues_

   * CSE is already there in the app, so the easiest way would be to use the existing CSE but add a new keychain that handles the keys of shared objects.
   * The big issue how to handle the keys. One key per object would result in a huge keychain. One key per account would mean that once someone shared one password with you, you could also decrypt all other shared objects from that user. (Evil admin issue) One key per share would cause conflicts (Sharing a subfolder or sharing also with a tag). Maybe one key per folder would work. Or maybe you can check which elements already have a shared key and then assign a new key to the rest with a maximum number of objects per key.
   * To get the keys to the other user i would imagine some kind of inbox. If you share something, the necessary keys are encrypted with a password, stored on the server and you have to give the password to the other user so that he can accept the share request and add the keys to his keychain.
   * You probably need different keychains for keys you shared and keys shared with you.

Hey @marius-wieschollek , thx for feedback. About encryption I would solve it like NC-Core. For each password/entry create an own master cert. After sharing with users, use the users private key to access the master cert. After sharing with a tag, use the tag master cert for access to the master cert and the user cert for access to the tag master cert. After user was kicked from tag group, you can renew the tag master cert with the public certs of the users. Same could be done with folder sharing, group-sharing...

I'm not a pro in encryption, but should be the most elegant way.

[martinadieb]

are there any news about the feature? It would really solve a lot of problems for many teams ... thanks in advance

[pascal-ts]

I'm also really looking forward for this feature! imho only folder sharing is necessary atm, once shared with other users, the owner can add/move/delete passwords and the changes will sync for everyone. this would allow me to use Passwords in my company