Posts posted by Christof
As much as I wait for this feature, for now we manage multiple password stores with Enpass Portable. It's only half the fun since browser integration is bound to the main Enpass instance but for us it's still better than the cloud solutions and the very 1980's KeyPass look and feel.
Btw: I'm still a huge fan of this approach:
On 28.4.2016 at 0:09 PM, mabe said:
I think there is an easier way to implement it and cover a wide variety of needs. And I myself would love it!
Let us assume everyone has his own master vault (i.e. the one you are using just right now).
Imagine you just add a new type of password entry ("enpass-vault") where you define:
- the name of the embedded vault
- the file_name of the vault file
- the master password for this embedded vault
- define read-only or read-write behavior
- setup synchronization for (i.e. different dropbox account)
Now the enpass app will at its start scan the main vault for these "enpass-vault" entries for available embedded vaults and will make them available/searchable for the user.
When the user wants to store a new password, it will be stored into the main vault by default unless the user specifies any of the embedded read-write vaults to store it in.
In this way, it is solely on the user's decision what kind of embedded vault he/she wants to have (team vault, external company vault, wife's vault, family vault etc.)...
+1 Would be a great solution
As an alternative to the master password hardware tokens (YubiKey, smart card) should be supported. Some YubiKeys (e.g. Neo) support not only U2F or OTP but can also store PGP and X.509 certificates (and private keys). This could be used to decrypt the password store and if the token is removed the vault gets locked but one can still use the master password.
Compared to 2FA this works perfectly well with the offline concept of Enpass. And it would also support those who yearn for a short PIN alternative (like myself) w/o compromizing security.
Including another vault as a folder would be great. Then one should be able to decide whether the master vault should store the sub-vaults password or not. If the password is stored this would be the share-with-team/family-members use case. However, if the password is not stored one can keep there the really secure notes (like the list of potential presents for your wife) and private pages (the ones that should not pop up when the kids and fathers-in-law tamper with your computer) w/o compromising usablity for the day-to-day entries.
When storing the attachments as separate files (which is certainly preferable) also the filenames should be obfuscated.
SSH Agent support
in Feature requests