sharing of complete password vaults

[budachst]

In lastpass I am using the shared-password vault to setup some kind of family vault, where I can share and manage passwords that are available to other family members. This would make a great feature for passman to offer.

@brantje edit: Would you like this feature too? Please consider donating for it. Read more

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/41949458-sharing-of-complete-password-vaults?utm_campaign=plugin&utm_content=tracker%2F44880056&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F44880056&utm_medium=issues&utm_source=github).

[ariselseng]

This would also benefit teams where there shouldnt be a single owner.

[cmcotte]

i would love to share vaults with team members. so i would like to choose to share with users and with groups. i really need this feature :(

[animalillo]

well, right now implementing this feature in a secure way is out of our current priorities, you are welcome to create a fork and make a pull request, we will review your code, and if it's as secure as our current implementation of sharing, we will merge it.

Right now we are busy making plugins and apps for passman, you know, we can't cover everything, we have a life, and we also need food and sleep!

[budachst]

Sure, I fully understand your take on this. If I had to choose, I'd go with making plugins first as well. However, this still would make a very nice and useful feature.

[Ninos]

Hey there, I would also love to see such functionality. ATM I cannot use your password manager because such feature is missing (our team needs access to a customer container, we cannot share each password to each user). If a donation speed up the implementation of this feature, just let me know. I'm sure some guys would also love to donate for such a feature :-) I'm also ok if you want to sell this feature in first time (e.g. after reaching 100 sells -> implementing into core).

About security: You could use the users password for key decryption and usage of shared key, as NextCloud handles file sharing.

[metalcated]

Yeah I would also be willing to donate some coins. I am also having the same hurdle, would be much easier to share an entire vault. Thanks!

[brantje]

Feature request accepted Implementing this feature is gonna take time. We ( @animalillo and me), are willing to take a few day's (3 - 4) off from our full time jobs to implement this feature. Therefore donations to cover those day's would be gladly accepted. I made a special donation link for this feature, so we can track the donations for this feature. When: Tbd, need to plan it with @animalillo

Raised: $730 Thanks to:

• @Ninos
• Jung von Matt AG
• snowflake Ops AG
• @enoch85

[Ninos]

I've donated 50 USD, I'll donate 50 more after implementation. Thank you guys!

[brantje]

Thank you very much @Ninos it's much appreciated

[budachst]

Let me see, if I can get my employer to let me spend some money on this as well. Also, my dutch really is not that good. ;) I'd really like to get to the donation page in english…

[brantje]

@budachst I think it's fixed.

[budachst]

Yeah - great! Thanks… now let me try to collect some money… ;)

[brantje]

Thanks Mr F.W (using initials for privacy), for your generous donation ($150). Please comment if you want to use your github username in the donator list.

[budachst]

Hey, that was my company. :)

[brantje]

@budachst Thank you very much. How would you like to be listed? As in, your github username, or company name?

[budachst]

Actually, our company name would be nice, if that'd be possible: Jung von Matt AG

[brantje]

Everyone is welcome in our new telegram channel: https://t.me/passman_general Purpose: general talk, off topic chat

[gschoenberger]

This would be a great feature! Currently I am searching for a password manager for teams (self hosted, open source) and I must admit passman is currently by far the best looking option.

[Ninos]

@brantje is it possible to use slack or something like that? I don't have telegram.

BTW: For the container please use the users login password (user private key, decrypted via nextcloud with the user login password). Otherwise sharing containers with others will be very hard, because then you also need to send them the container password (for each container).

[animalillo]

We will implement it @gschoenberger, we don't have an ETA yet, but it's on the priorities list now, so expect it in the near future. We sadly can't do magic, tho, I wish we could :D

[Dark-Schnitzel]

Will it also be able to share Certain Tags with other Vaults? Great Job you are doing so far!

[gschoenberger]

Concerning password sharing - which is IMO a killer feature for teams - is it currently possible to en-/decrypt a single vault with multiple passwords? E.g. a team has a single vault and one single shared user to access the vault but each user knows a different password to decrypt the vault? That would be a simple solution to share a vault without using only one password, like it is done e.g. with cryptsetup key slots (dm-crypt).

[animalillo]

We are going to dive into this issue this weekend and a few days next week, we will keep you updated!

[xrkolovos]

Thank you. I talk with my company, and we are going to donated too, for this feature.!

[brantje]

Just letting you guy's know that we didn't forget this feature. At the moment the feature is about 30% ready, it is taking more time that we initially expected.

[pafcioooo]

Can anybody describe how exactly this feature will work? It with be great if the description would refer to what is in #340. Thanks.

[animalillo]

automatically adding people in groups access to shared password is not going to be implemented anytime soon due the way sharing works, everything is encrypted client side, so we have no way to share the password with a group currently

As of how will this work, it will be very similar to a normal share, except it will be performed from the vault settings page.

We have yet to decide if we include the share as a link inside a vault or ask the user to enter a vault key upon share completion to encrypt the shared vault shared key and then show the vault as another vault

[Ninos]

Why you're not using the user/group keys as NextCloud is doing it? It's much easier for you, you only need to encrypt/decrypt with the NC keys. Other things are done by NC.

[animalillo]

The way passman handles sharing and encryption is way diffrent from nextcloud, it's full clientside encryption, that's the problem, the user key never ever touches the server, so to share it we must fulfill that to keep the current passman secutiry

[Ninos]

Thanks for the answer. Normally the user keys are also secured with the user login password in NC, as I know correctly.

[animalillo]

The encryption owncloud/nextcloud performs is based on the user's login password, but it's performed on the server side, which makes auto sharing way easier.

The way we handle our encryption is on the client side, so the user key never touches the server. Then we encrypt it again on the server so in case the database gets leaked it's even harder to get to decrypt the vaults (get the server encryption key + clientside encryption key).

The process to view a passman item requires:

• Server decryption with server side key
• Client decryption with client side key

So if you access the vault trough the server it does the decryption normally, but then it sends you a bunch of encrypted data that has to be decrypted on your browser.

[Ninos]

OK understood, thx. But for me it's ok if the passwords get decrypted server-side by user password (linke OC/NC is handle it). If the server gets compromitted, you have much other problems than that. The hacker can also send manipulated js-files :-) I think server-side is much enough secure and also much better in ux. Think about big companies. The people should just have one password for the complete NC instance, otherwise they'll select not strong enough passwords :)

[maestroi]

So for example if i own the server, where you are storing your passwords you have no problem that i can read them?

Also if server is infiltrated and they could read passwords from all vaults that would be a real problem.

[animalillo]

@Ninos you can always use our browser extension or android application which can't be hacked server side! ;·P

Or use it as an API so we don't have to trust server provided js!

It's on passman philosophy to keep everything client side encrypted, if this complicates some stuff in exange of security, that's something we don't mind.

For us, passwords are a precious resource!

[pafcioooo]

I agree with @Ninos. Also smaller companies, like we are, want to have both security and easiness (it always need to be balanced). With #340 we currently stay before sharing problem though we have only 5 people. We have like 500 passwords and we can't move if the sharing would be vault based: this is why we did not go with lastpass.

I am looking at this from another side. If I am using some public service than I would go with client side encryption to be sure no one is reading my passwords. If I go with my company own hosting password server, then those are company passwords anyway. Of course in this later case, it should be additionally protected so reading would not be so easy.

I am not a coder, but if there is possibility to make users life both secure and easy, then maybe it is better to make a few steps back, and think if there is some better way. Thanks.

[brantje]

We won't drop client side encryption ever, that is one of the features of Passman.

[pafcioooo]

@brantje cool:-) Please make sharing easier then:-) So we can share single password or group of passwords both for a single user and a group of users:-)

[animalillo]

we are adding this feature so you can share a whole vault, if that's not sharing a gorup of passwords i don't know what is sharing a group of things anymore o:

[maestroi]

@pafcioooo so you are suggesting this password manager should only be for small teams? also shareing passwords in most situations are bad, for example if someone used your credentials for some critical sevice you are the one to blame because you shared your credentials.

we know some people want sharing and we are looking into it but its far less secure than not sharing.

[pafcioooo]

I am saying that sharing passwords using passman, even in small team, is not easy. We have tried it and decided to stay with WebPasswordSafe, old java app, which is not so secure but makes sharing those 500 passwords, much easier - but this is server side encryption. This is why I am suggesting that sharing with passman within teams should be easier. In my opinion, with current vault idea, vault sharing, with each vault having its own password (which with web browser extension requires changing vault that to you currently read/write), would be more than cumbersome. Security is a top concern for me. But another top concern is user experience.

[brantje]

(which with web browser extension requires changing vault that to you currently read/write) Not really, since version 2.0 of the extension adds the possibility of having multiple accounts / vaults installed. The extension will use all those sources to find matching accounts.

[pafcioooo]

@Brantje thanks for that:-) So that makes the life easier now...:-)

[Ninos]

Sorry for the late response, I was in holidays. Can you tell me the exact process for password sharing.

• Do my team and I need additional passwords for the vaults or just the users login password once time?
• Is it possible for a new group member to access the vaults without additional tasks of the vaults owner?

Please please think about small, middle and big companies. For us it's important to have the passwords encrypted in database, but it's enough if they can be decrypted users password (private key...).

1. For companies it's more secure to have a strong login password for all vaults instead of having an own password for each vault (leads them to write the passwords somewhere else [may under their keyboard?].
2. For companies it's important to be able to add/remove members from groups without additional tasks. So the new members should be able to access the vaults without additional tasks.

I hope it will be so, otherwise my feature request and so donation were for nothing and I could also use keepass or something like that. And about the client-side encrpytion, please don't argue that I can use the android app or browser extension. NextCloud is thought to be a collaboration software, so using NextCloud via browser should be first prio and here it's also possible to send manipulated js-files, if server is compromitted. Think about the future. In future companies want to handle all of their tasks online through a collaboration software like NextCloud.

[animalillo]

@Ninos what I can tell you so far is that the shared vaults would be integrated in a way that the target users either: a) get them as an special item inside their vault that opens a new vault when clicked b) have to type a password to access that vault upon share completion c) keep both options and let the user chose upon vault share acceptance

As for the sharing process it would be pretty much like the current credential item share process.

I can't assure you which path we will chose at this point, but it will depend on the challenges implementing them.

As for the automatic addition of users into shares, nextcloud user creation and edition hooks are not compatible with our sharing system. You must understand that passman is a full app on itself and that it is integrated within the owncloud/nextcloud ecosystem because we think it is easier for people to get everything in the same site.

As of this last point, we are not going to change that anytime soon, we might, however add at some point bulk actions so you can apply a share to a whole group, or change permissions to a whole group. But that might come in the future, we are an small team and we do this in our spare time for the most part, altought we have booked some vacation days to work on sharing, we can't quit our jobs and work full time on passman doing everything we would love this app to have. And believe us, we would love to be able to work full time on passman and get all this small things running.

What we are not going to do is lower our security standards, but if you feel like some feature is very easy to do, we would gladly review any merge requests that come as soon as we can.

[ria-stamopoulou]

Any updates on this feature?

[creolis]

This would be REALLY helpful. We would love to use passman, but we need a "shared vault" for our team. Individual password sharing is not that great here :)

[chrisHRD]

Yes, this would be a very necessary feature. Our small team is looking to replace a shared Keepass database with Passman running off a dedicated/isolated Raspberry Pi 3. So far the Nextcloud snap works just fine on the Pi, we just need Passman shared vaults to complete the transition!

[animalillo]

Don't you worry, we have not forgotten this feature! It will come, we have had almost no free time lately, busy with life, work and fixing bugs on the extension and the android app.

This feature is on the top of our priority list and we have even give it a little kick even if you don't see anything yet, took some days off from work to make this feature, but hadn't been enough, I would love to get it finished and released as everybody seems to need this feature, but the way passman is designed difficult adding complex features like this that would look pretty simple to implement on other non client-side encrypted systems.

[Ninos]

May you can use new NC13 End2End-Encryption feature for that task :-) https://nextcloud.com/blog/nextcloud-introducing-native-integrated-end-to-end-encryption/

[Sideboard]

We are also seeing forward to the new shared vault feature.

In the meantime, we wanted to share some single keys within a user group. The share form suggest that this is possible but is it implemented? Doesn't really warrant a bug report at this point so I'm asking here. Hope that's ok. (Sharing with users works, by the way.)