[Feature] Folder / Tag / Group sharing

[Ninos]

Hey there, is it possible to share complete folders or tags with a user group? Such feature would be awesome, e.g. for board/marketing/presales/customers groups :-)

PS: Thank you for the great alternative, which is much more integrated into nextcloud.

[le-patenteux]

Not only am I adding my name to the request, but I have to say that it is the final hurtle we need to fix to adopt Nextcloud company-wide!

Keep-on the good work, NextCloud is a great tool and the community makes it even greater!

[tibring]

Is estimation for this feature the same as published at Roadmap? I'm waiting for this feature :)

[kevinkk525]

I'm actually eagerly waiting for that feature too since 2 years now.. Would make it so much easier to use passwords in my organization. So even though I can't contribute with code, I can at least show my support for that feature :)

[rakurtz]

This is a killer feature that would separate this app from any other password-manager on the market:

Self hosted and secure in your Nextcloud and fully sufficient for teams!

By now it‘s „just“ a nice passwords app for individuals.

Really looking forward to this.

[majkinetor]

By now it‘s „just“ a nice passwords app for individuals.

You could use API to share folders now tho, although its far from user friendly...

[rakurtz]

How am i gonna do that? That would be awesome. We are a team of 6 - sharing one folder would be absolutely enough!

[majkinetor]

You need to make cron job that will use share api to a) get all passwords b) share them to list of people (or even group but that will require also NextCloud API to get people in the group).

Here is something in Powershell that can make you get started: https://gist.github.com/majkinetor/67037053246f4637bba50c3e3f5372f4#passwords

[aqos156]

@marius-wieschollek Hi, is there any ETA for this feature?

[marius-wieschollek]

no

[pReya]

@marius-wieschollek Is this a problem/task that could be sped up with money? Would you prioritize this feature, if there was some kind of "bounty" for it? E.g. would 1000€ or maybe 5000€ make a difference? Or is this still something that needs more conceptual work, which can't be easily sped up by throwing money at it?

I think there might be quite a large group of people and even companies, willing to shell out quite some money to get this feature. But first we'd need to know, if money can help here, or not.

[albjeremias]

I'm just sharing a folder between groups, and using keeweb to manage a kdbx file!

[rakurtz]

I'm just sharing a folder between groups, and using keeweb to manage a kdbx file!

We do the same. Works fine. It‘s not as convenient when you want to set different permissions on different password categories since you would have to create individual kdbx files to share with different users/groups. In that case switching from a set of passwords to another you would have to re-enter the master password when you open another kdbx file. But for our small team it works perfectly fine since we share all passwords with every member.

[kscherler-TWX]

This missing feature is the reason my organization can't use it. Give me a reason to get off of dashlane. This should be your #1 priority moving forward (as you can see by the guy offering money above to get it done)

[majkinetor]

This should be your #1 priority moving forward (as you can see by the guy offering money above to get it done)

You people need to learn that money can't buy you everything... You can always fork it and pay to someone else to do it who is willing to do so instead of harassing the author

[kscherler-TWX]

This should be your #1 priority moving forward (as you can see by the guy offering money above to get it done)

You people need to learn that money can't buy you everything... You can always fork it and pay to someone else to do it who is willing to do so instead of harassing the author

Just offering friendly advice. Expressing interest in prioritizing an issue over others isn't harassment. I think this is a great add-on and would love to use it, but can't because of this. But yeah "harrassment" lol.

[Ninos]

I aready offered a donation, just need some informations (donation link, how much, ?until date?). Everyone who can code well is welcomed to extend this plugin with such functionality (preferred as MR, preferred plugin owner).

[NEITG]

Would also consider a donation to push this one along.

[albjeremias]

if there is a bounty > 1K i can look into this.. :)

[Ninos]

I'll donate 500 €. If solved pretty good and is used by me (will then definitely happen!), additional 500 €.

[DanAtIntegrateIT]

Hi There, I'd happy offer to pay for this solution and assist with testing. Reach back out and let me know. And we can discuss as an official project backed by my business.

[IARI]

Considering the Roadmap and the last posts in this issue by marius-wieschollek, I think it is safe to assume that the author is working on the issue, well aware of the amount of interest present.

For the sake of reference: Going back to 2018, there have now been 14 people who have explicitly offered donations so far. 2018: tezukzai, LucyDemooon, alexanderdd, mokkin, Ninos, git001 2019: grickard, simondaigre, Djiock, JulesBalgue, jinjanko, JohannesHoffmann 2021: NEITG, DanAtIntegrateIT

[kscherler-TWX]

Considering the Roadmap and the last posts in this issue by marius-wieschollek, I think it is safe to assume that the author is working on the issue, well aware of the amount of interest present.

For the sake of reference: Going back to 2018, there have now been 14 people who have explicitly offered donations so far. 2018: tezukzai, LucyDemooon, alexanderdd, mokkin, Ninos, git001 2019: grickard, simondaigre, Djiock, JulesBalgue, jinjanko, JohannesHoffmann 2021: NEITG, DanAtIntegrateIT

Yeah apparently I'm a pushy asshole for suggesting it though. LOL.

[staeglis]

We are also very interested in this feature.

[alexanderdd]

To me it does not look like @marius-wieschollek is currently working on this. Here https://git.mdns.eu/nextcloud/passwords/blob/master/Donate.md it says that he or other devs do not accept bounties for features.

@albjeremias offered to look into this issue if the bounty reaches $1000, which should be easy. So how do we collect the money/pledges? Should I make a gofundme page? (I know this is slightly offtopic, feel free to suggest a different place to discuss this)

Also, it looks like people over here found a way to do this https://github.com/nextcloud/passman/issues/243

[pReya]

To me it does not look like @marius-wieschollek is currently working on this. Here git.mdns.eu/nextcloud/passwords/blob/master/Donate.md it says that he or other devs do not accept bounties for features.

Where does that assumption come from? He's updated his roadmap 3 weeks ago, and group/folder sharing is listed under "Next". So I'd assume it's pretty far up on his agenda, and he'll be working on it, soon.

[alexanderdd]

The assumption comes from the fact that this bug is open for more than three years now. Also, there are other things on the https://git.mdns.eu/nextcloud/passwords/wikis/Project/Roadmap before this. And, this issue is in the section "Next", not in "currently working on". That's why I don't think he is currently working on it.

I don't understand why we should wait (maybe another three years?). We have people who want to pay, we have someone who would do it for money, so we only need to figure out how to handle the money. Please @everyone write your ideas, or point to a different place where we can discuss this if it's too off topic.

[pavieinv]

well, i actually figured out a temporary solution... exporting passwords and importing them into another account ! thanks for this app anyway

[Ninos]

well, i actually figured out a temporary solution... exporting passwords and importing them into another account ! thanks for this app anyway

Very sad to read that 😂😂

Last reminder that I'm still willing to pay, just contact me :-) Most likely the main dev with a donation-link (paypal or something like that), but external devs with at least high security knowledge are also likely welcomed :-)

[eric-benjamin]

+1 for sharing passwords +1 for paying/donating USD,EUR,BTC, a finger?

[klemenkobetic]

Also really interested in this functionality.

What about going through https://bountysource.com/ ?

[LokeYourC3PH]

+1 on the feature, would really enjoy having some Group share function for collaboration or cases where multiple users need to utilize passwords/data for different services.

[mercury1337]

+1 Using passwords for a club and it would be awesome if we could share folders with groups.

[IARI]

Thanks for the continued active development on the project. Considering this issue, It looks as if there has not been any development on the sharing branch.

@marius-wieschollek if could you give us just a very a brief update on your current state of mind regarding this issue, I would be very happy

[FranziskaSom]

Hi :) we are also with you ... where can we donate?

we could use, for example, https://opencollective.com/. would that be something?

see examples for nextcloud support https://opencollective.com/floccus

Best regards to all :)

[Jean-Jaque]

Same here. Would be happy to donate as we love this plugin !

[PSchewe]

+1

[LokeYourC3PH]

I started using and integrating Bitwarden into my service. I'd recommend everyone to do so as well and just drop this, it won't happen.

[rlKoekie]

This feature request is a prime example of open source projects :-) I suspect @marius-wieschollek is more than happy to have this feature, but he probably has plenty of other things to do with his time. However, this does not have to be a showstopper: this is open source software, anybody can contribute! Yes, yes, not everybody can code, and probably even fewer of us can code in such a way that it is up to standard for such a security-sensitive topic (keep in mind: doing this in the wrong way could cause major security problems).

For those willing to pay money: check if you know somebody who can take on a project like this, and tell them about the bounties already offered here. The coder-for-hire could then spent a bit of time investigating the project and maybe have a chat with @marius-wieschollek about possible ways of doing this. If that works out smoothly, the coder could then work implementing the feature in an acceptable manner.

TLDR; work with what we have: Marius does not have to do anything for us, and we all could take some form of action if we really wanted to!

@marius-wieschollek : thank you for writing and maintaining this code, I still use it every day!

[mokkin]

Thank you for you work @marius-wieschollek and thank you for your words @rlKoekie ! This is exactly my opinion too. Sometimes people have to be reminded to the basics while they are demanding something ;)

[codePau]

Hi, I am interested in three different functionalities:

1. Share one password with a group (1 to many)
2. Share several passwords with a person (many to 1)
3. Share several passwords with a group (many to many)

Functionality 1 seemed to be addressed in Issue 311 (https://github.com/marius-wieschollek/passwords/issues/311), which was closed after referencing this conversation (Issue 27). This conversation is about functionality 3, which would be a combination of functionality 1 and 2 so, in my opinion, Issue 311 shouldn't have been closed. I am happy to give some traction to this. Would anyone be interested in working in functionality 1 or 2? You can drop me a line at pau@pau.company. @marius-wieschollek it would be great to have a conversation with you. Thanks for all the work put on this app. Thanks everybody!

[cnh003]

First off, I'm not a PHP developer. I'm coming from a C++ world. But as most users of the plugin probably don't understand how complex this is, I'd like to paint a picture of how this could work.

First off: Especially the part of sharing with groups seems rather tricky to me. At some point or another, some user will be granting access to data they don't have access to themselves. If not implemented carefully, this will lead to a potentially disastrous security issue!

Second, for sharing groups, we do NOT want to duplicate the actual data. This WILL become a reference nightmare, especially if we allow users to reshare shared passwords. So, what we instead want to do is: keep the passwords and structures the same, and share the encryption keys.

This can be done with a relatively straightforward concept:

• Each user and each group has an own public/private key pair
• Each user has access to all their groups' private keys
• We have an asymmetrically encrypted key storage, and a symmetrically encrypted password storage
• Each password is encrypted with a unique key
• These keys are stored in the key storage, encrypted with a folder key
• To share, just add another entry in the key storage, encrypted with the recipient's public key

Things to consider:

• if a share is revoked, all affected keys must be replaced
• whenever a share is revoked, should we remind the users to change the previously shared passwords?
• how can we handle granting/revoking access if a user who is not a member of a group adds or removes users from a group?
• if a user's account password is reset, they lose all access to their data, or their private key is not stored encrypted

The last two points can be addressed by storing a copy of all users' and/or groups' private keys encrypted with a single master key. This master key should then be only shared with admins (i.e. stored encrypted with their respective public keys), and could be used for changing group memberships and/or recovering users' access to their passwords.

If I understand the codebase (from roughly skipping through) correctly, this doesn't only affect sharing, but the way how Passwords stores and accesses data as a whole.

That is why it really takes a lot of effort to implement, and at the same time might make the system a little less secure.

[ssergio-ll]

Is there any information on whether there has been progress on this feature? I think this app is excellent, but we don't use it because we can't share folders with groups. In our company, it's essential. It's very cumbersome to share the passwords one by one. For now, we use KeePassX locally and synchronize the file with Nextcloud, but if this functionality is implemented, it would be a great advance that I think would give the app enormous power.

[battosai30]

My advice : don't expect this feature ... I switched to VaultWarden.

[karge-itestra]

This feature would be very helpful!

[johnnyq]

This would be very useful for us too as we have several departments that need to share passwords

[NikoKS]

Truly need this feature 🙏

[Mululu]

Hello Earth to developers?

The folder / tag / group sharing function has been requested for more than 2 years but nothing has happened?

If you can't do it alone, get some help from other developers.

[pReya]

Hello Earth to developers?

The folder / tag / group sharing function has been requested for more than 2 years but nothing has happened?

If you can't do it alone, get some help from other developers.

You should dial back your tone. No one owes you anything. I suppose you never paid anything for this app. So you'd be better off by saying something like "Thank you for this app, which is already pretty good and I've been using for years, without paying anything".

This GitHub repo is not the primary repo for this plugin. If you really want to get answers, you'd be better off here: https://git.mdns.eu/nextcloud/passwords

[Natureshadow]

I suppose you never paid anything for this app.

You should stop assuming things about others. Especially while putting yourself in a position where you tell others how to behave.

[Mululu]

Hello Earth to developers? The folder / tag / group sharing function has been requested for more than 2 years but nothing has happened? If you can't do it alone, get some help from other developers.

You should dial back your tone. No one owes you anything. I suppose you never paid anything for this app. So you'd be better off by saying something like "Thank you for this app, which is already pretty good and I've been using for years, without paying anything".

This GitHub repo is not the primary repo for this plugin. If you really want to get answers, you'd be better off here: https://git.mdns.eu/nextcloud/passwords

If you feel attacked by something like this after 2 years of feature requests, something is wrong. You just want to see an answer or some progress. What's wrong with that!?

I'm happy to pay for software, plug-ins, etc. if they meet the basic requirements. And in my opinion, a sharing function for folders, tags and groups is a must, especially in Nextcloud.

Furthermore, I don't use this app because of the missing feature! As soon as this feature is available, I'll be happy to include it in my Nextcloud.