mssun / passforios

Pass for iOS - an iOS client compatible with Pass command line application.
https://mssun.github.io/passforios
MIT License
1.51k stars 101 forks source link

What's your setup to synchronize pass on multiple devices? #315

Open rayx opened 5 years ago

rayx commented 5 years ago

I use pass on different devices (phone, laptop, etc.) and each device is set up to have its own branch. Ideally the workflow would be:

1) [On each device] Push local change to the device's remote branch 2) [On laptop] Merge the change on each device's branch to master branch manually. 3) [On each device] Pull and merge the change on master branch to the device's local branch

Unfortunately this doesn't work because pass app can't do step 3. So what I actually do is:

1) [On each device] Push local change to the device's remote branch 2) [On laptop] Merge the change on each device's branch to master branch manually. Then merge the change on master branch to each device's branch. 3) [On each device] Pull the change from the device's remote branch.

This usually works, but has merge issue when user makes local change on phone and the device's remote branch contains changes from other devices (as a result of step 2 above). In that case, I saw an error message like the following and the only way to proceed is to discard local change, which is annoying.

Merge conflict. Underlying Error: The operation couldn't be completed. (GTGitErrorDomain error -13.)

I wonder what workflow you folks use? Can you avoid the above issue?

yishilin14 commented 5 years ago

I only use a master branch. I pull before making any changes. And I push immediately after I change something.

The sync part might be a little bit buggy (e.g., https://github.com/mssun/passforios/issues/224). And I don't have time to look into it..

rayx commented 5 years ago

I only use a master branch. I pull before making any changes. And I push immediately after I change something.

Thanks, it helps to know how others use it.

The sync part might be a little bit buggy (e.g., #224). And I don't have time to look into it..

The issue I hit was a bit different (it was about pass failing to do automatic merge). But it may be due to the same code issue, as you commented.

Even if the bug has been fixed, pass app would still be unable to handle merge conflicts (I suppose pass app doesn't implement the UI to merge conflicts). So I wonder how do you and others think about one of following approach? Both methods tries to save user local change and don't require user to discard changes manually.

(Suppose pass app tries to push and fails due to merge conflicts. I'm also assuming all the git operations below are supported by the git library pass uses.)

Method 1) It aborts the merge by doing something like "git merge --abort". Then it creates a new temporary branch on phone to save user's change, and reverts local commits up to the revision which it pulled last time. Then it pulls the change from remote repo and pushes the temporary branch to remote repo. It may displays a message on screen to notify user that local change is saved in a temporary branch. Later user can merge the temporary branch to master on laptop and deletes it.

Method2) It resolves the conflicts by just using the file as it is, which contains unresolved conflicts in diff style. Then it marks the file as resolved by doing something like "git add " and commits the change. In this way, the pull completes without user intervention. Of course, the file will be displayed incorrectly on screen, but user will be able to fix it using the raw file editor.

I think the first approach is a bit better, but not sure if all agree it's worth the effort. I think it improves the app's usability in the situation where people need to modifies pass data concurrently. I may try to implement it if I know enough about ios programming someday :)

christian-weiss commented 4 years ago

I do not see a good reason to have multiple git branches. So you may want to explain it a bit more. Do you have a git (write) permission schema based on branches?

On a single user (and even on a multi-user) password store i think to avoid merge conflicts is pretty easy, as long as you configure all client to keep the local repo copy up-to-date (e.g. on app start) and to auto-push on every change. In that situation the time-window where two concurrent changes could appear is very limited to a very tiny time-frame.

And if that happen you should review your general password management procedures (not the pass-specific merge conflicts). Ask you self why should 2 or more persons do (for example a password-reset or a password-forget procedure) on a shared account at "the same point in time"? Why should that be ok?

Deal with offline situations: If your phone is in an offline situation (or off-side) passApp could setup a reminder in the IOS reminder app - to ensure that you do not miss to update your remote as fast as possible (feature request) or ask to start the VPN to get behind your remote firewall (feature request), if you are not offline, but off-side.

If you carry two devices with you (e.g. business trip or vacation: offline situation) then you could use one as the one-and-only device for changes (to avoid merge conflicts) or asking the developer to implement a "Nearby-git-repo-sync" (local wifi / BT: peer-sync instead of upstream-sync) (feature request) as git is a distributed technology .

rayx commented 4 years ago

Hi @christian-weiss, I appreciate the suggestions you gave, but in general I'd think they are workarounds which defeat the purpose of using git because I think conflicts are universal. See more below.

I do not see a good reason to have multiple git branches. So you may want to explain it a bit more. Do you have a git (write) permission schema based on branches?

In my case the password store is shared by a few people. In addition, I modify the password store from terminal and view it on phone.

On a single user (and even on a multi-user) password store i think to avoid merge conflicts is pretty easy, as long as you configure all client to keep the local repo copy up-to-date (e.g. on app start) and to auto-push on every change. In that situation the time-window where two concurrent changes could appear is very limited to a very tiny time-frame.

I agree auto-pull and auto-push is a simple and good idea. Does all clients support this? I just went through the settings of pass app on iOS and didn't find it. I don't think the pass CLI has that feature either.

Even if all clients had this feature, there was still a small window in which things went wrong (as you pointed out). I think software should be designed to address all possible (known) issues rather than just work by chance.

And if that happen you should review your general password management procedures (not the pass-specific merge conflicts). Ask you self why should 2 or more persons do (for example a password-reset or a password-forget procedure) on a shared account at "the same point in time"? Why should that be ok?

I don't see why you think that this shouldn't happen. There were tons of password manager before Pass. The way I understand it, Pass becomes popular not only because it provides a public password store format and access protocol, but also because its distributed nature, which comes from git. In my opinion, it's a common scenario for multiple people to modify pass store or for a single person to modify pass store on different devices. That's the strength of Pass.

Deal with offline situations: If your phone is in an offline situation (or off-side) passApp could setup a reminder in the IOS reminder app - to ensure that you do not miss to update your remote as fast as possible (feature request) or ask to start the VPN to get behind your remote firewall (feature request), if you are not offline, but off-side.

But what if other people modify the pass store during the time?

If you carry two devices with you (e.g. business trip or vacation: offline situation) then you could use one as the one-and-only device for changes (to avoid merge conflicts) or asking the developer to implement a "Nearby-git-repo-sync" (local wifi / BT: peer-sync instead of upstream-sync) (feature request) as git is a distributed technology .

Can you elaborate a bit about what the peer-sync is? I know the concept in general (e.g., syncthing), but I'm not sure how it's supposed to work in this context (pass and git).

I think I understand what you ment. Yes, it works in this specific case (synchronizing two specific devices), but I'm afraid it's not a general solution that work for all issues (see above).

Anyway thanks for all your suggestions :)

savyajha commented 4 years ago

@rayx You might want to check out gopass which does have auto-push and support for multiple password stores. It also has a lot of functionality which pass uses plugins for as built-ins. I don't use it with multiple stores or keys, but the built-in hibp support and otp support made me switch. In general it's the same as pass (and with an alias in your terminal can be a drop-in replacement) but the quality of life improvements are fairly substantial in my opinion. An example which I like is that gopass example.com will copy the password to your clipboard instead of putting it on the terminal, and will clear the keyboard after 45 seconds (the duration is configurable).

rayx commented 4 years ago

@savyajha Thanks. I knew about it but never tried it. Will certainly give it a try in future.

christian-weiss commented 4 years ago

The pass ecosystem gives you a trillion of options and the same amount of challenges. So strive for auto-update / auto-push is a good general advice.

On the other side if you stick to a tool that do not (yet) support auto-update and auto-push then checkout gopass or the cross-platfiorm GUI qtpass (frontend for pass). On IOS i stick to mssun's pass and i got used to it by training a reflex on app start (wipe up/down to do a update) and do the same when i changes or added a password. If you change or added a password you will see a red number to remind you that there is still some local change not yet pushed to remote git repo - so you can not "forget" to push it...

Feel free to vote for: https://github.com/mssun/passforios/issues/387 https://github.com/mssun/passforios/issues/388

Teams can work perfectly in parallel on the same git branch, as long as the do not edit the same file.

As each password lives in a separate file you will nearly never experience a merge-conflict, even if you have a large team, working on the same git branch. If two persons or two devices are changing the same password-file in "the tiny time-frame" (as mentioned above), then you should rethink why is your team doing that at the exact same point in time? Most of the time that is more a non-technical issue that a real issue which requires a technical solution. But pure engineering-thinking, yes, a merge-resolution-support should be implemented. But (as it is time-consuming) i think the tool developer should focus his limited workhours to other github tickets instead.

I do not see a merge-resolution-support in another tool in the pass-ecosystem. Looks like everybody tell you to use native git commands to do the merge (out of scope of pass tools).

rayx commented 4 years ago

Feel free to vote for:

387

388

Done.

Teams can work perfectly in parallel on the same git branch, as long as the do not edit the same file.

There is actually a merge occurring even in this case. It's just that it occurs automatically (e.g., by the git CLI tool) rather than manually by user because there are no conflicts.

BTW, I don't think the pass app on iOS supports this.

As each password lives in a separate file you will nearly never experience a merge-conflict, even if you have a large team, working on the same git branch. If two persons or two devices are changing the same password-file in "the tiny time-frame" (as mentioned above), then you should rethink why is your team doing that at the exact same point in time? Most of the time that is more a non-technical issue that a real issue which requires a technical solution. But pure engineering-thinking, yes, a merge-resolution-support should be implemented. But (as it is time-consuming) i think the tool developer should focus his limited workhours to other github tickets instead.

Note that the "tiny time-frame" is actually not that tiny. It's normal for an user to open Pass app and spend several minutes to edit an entry and save it. Depending how you view it, several minutes may be long enough for conflicts to happen. For example, it's not uncommon for family members to sit together to organize their passwords in Pass. In this scenario it's almost certain the merge issue will crop up. That said, I see your point and I agree a well designed workflow may help to avoid such issues in most cases.

I do not see a merge-resolution-support in another tool in the pass-ecosystem. Looks like everybody tell you to use native git commands to do the merge (out of scope of pass tools).

I agree. Merging is a complex and confusing task even for software engineers. In pass case, however, it doesn't need a universal merging tool but just something specific to its characteristics. I'll think more about this in future.