Jump to content
Enpass Discussion Forum

Why is it not possible to sync two vaults to the same cloud storage


chribonn
 Share

Recommended Posts

Hello,

I upgraded to 6.0 today and was really looking forward to the vault feature in the hope that one vault would be shared while the other would not.

My setup consists of 3 windows devices and 2 android devices (each with their own PRO licence).

I managed to generate the new vault but when I come to tell it to sync to the same google drive location I get an error telling me that this is not possible.  In my opinion the name of the first vault was system generated while 2nd vault onward require a name. Can't this name be used to generate a unique file name?

Thanks and Regards,

  • Like 5
Link to comment
Share on other sites

Firstly I love the new look and the new features but like @chribonn I can't use vaults for my use case; from a business perspective, I would like to make a vault for each client; unfortunately, I don't have 30 or so Google accounts to hand.

I can understand that the vault name could change and so runs the risk of messing up the sync, perhaps just letting us choose where the file gets stored would work, that way we could just create subdirectories for each vault.

Please add multiple vaults to sync with a single account.

  • Like 3
Link to comment
Share on other sites

This is quite depressing news, if this is the case (haven't tested yet), since I mentioned the same thing a few months ago during the beta.  This should be a simple modification to the code to sync to multiple vaults under different file/folder names on cloud provider of choice.  I was hoping this would work in the final release.


Ben

Link to comment
Share on other sites

The multi-vault feature seems very myopic and consumer focused and is definitely not very business or workgroup friendly.

In the 'real' world, especially the business world, users have just one single authorized account/credential.

Use case:
For my eCommerce business, i have other people in the business who need to log into various supplier and wholesale sites using the company's assigned account.
Just like all our training materials, legal docs, OneNote notebooks, etc.  All that collateral is in a shared folder structure on either OneDrive or OneDrive for Business.
All our people authenticate with their standard personal Microsoft account as is security best practices.

It should work the same was for the password Vault. 
It should be able to be placed into the shared, but secured OneDrive location.
Then authorized people can log in with their personal credentials and access the Vault with the pre-shared key/master pwd.

 

Additionally, like @Toby Osborne stated....
As an consultant, I have credentials for many different clients.  I agree that it would be fantastic to isolate them into dedicated Vaults for better client security.
But, I should be able to sync them all to ONE single cloud account for backup sharing across my devices.  Making us have to have 30 separate cloud provider accounts does not seem to be a proper direction to take us.  Having to have 30+ different accounts seems very counter to the whole modern SSO direction...

 



 

Edited by rgsiiiya
typo
Link to comment
Share on other sites

Hi all,

The access to a cloud resource is controlled by OAuth tokens. Suppose, you were able to create two vaults on your cloud account and you want to share one of it with another person. You need to set up sync on his device by yourself, with your cloud credentials at least once, as you certainly won't reveal your cloud password to him. But another person in possession of access token can access the whole drive area including your primary vault. If another person has malicious intentions he could delete/copy/replace your primary vault data file.

Hope this clears the air.

 

Link to comment
Share on other sites

Hi, @Vinod Kumar

Thanks for the reply.

Would it not be possible (at least for Google Drive); to simply let Google's file permissions handle it. e.g. Sharing a vault with my client I would need to first share the folder (Via Google Drive), then they can get their own OAuth token, and point the vault to the in their own drive account. (This would also mean that if I decided later to revoke access I could just remove their permissions on Google Drive).

With a little more code, it could be that Enpass verifies permission to the folder via the Drive API and gives the request access button if they don't.

Please, Please, Please reconsider this. I love the idea of Vaults, but simply can't use them as they are now.

  • Like 1
Link to comment
Share on other sites

Hi,

 

Same request here : in order to share common passwords within our family, I thought I could use my Owncloud/Nextcloud repository mechanism:

1- store primary vaults of each family member in its own personal Cloud space (personal login/password to access the Cloud)

=> this works fine. That's the "sync" normal feature using webdav

2- create a secondary vault to each member, stored in a directory shared (= Cloud notion/permissions) to each family member

=> here, we should be able to use the same Cloud service (webdav), with the same (personal) Cloud login/password, but specifying a different directory to use (the one that is shared).

 

As Enpass would connect through webdav, using Cloud credentials, I don't see any issue/risk there...

(when I'm browsing with my Cloud credentials, using web browser, or using Owncloud application, I can only R/W folders that I'm supposed to be able to Read or Write... : the server only present me directories that I own, or ones that are shared to me legitimately, nothing else...).

 

What is wrong there ?

Thanks,

 

 

Link to comment
Share on other sites

On 12/29/2018 at 6:05 AM, Vinod Kumar said:

Hi all,

The access to a cloud resource is controlled by OAuth tokens. Suppose, you were able to create two vaults on your cloud account and you want to share one of it with another person. You need to set up sync on his device by yourself, with your cloud credentials at least once, as you certainly won't reveal your cloud password to him. But another person in possession of access token can access the whole drive area including your primary vault. If another person has malicious intentions he could delete/copy/replace your primary vault data file.

Hope this clears the air.

 

Hi @Vinod Kumar,

Although what you described about sharing vaults with other people totally makes sense, the use case described first by @chribonn and confirmed by @Toby Osborne and @rgsiiiya is quite different! Specifically, it's about syncing several my own vaults using one my own cloud account.

To  make a dramatic comparison, imagine that you were allowed to have just one google docs document per google drive account. That would be outstandingly inconvenient. But this is exactly what Enpass 6 does!

Sharing vaults and having multiple vaults are orthogonal features. I hope you will sort things out at some point.

Thank you.

  • Like 3
Link to comment
Share on other sites

I am wishing all the people from Enpass all the best. I purchased a desktop and mobile license to support this product and further development, but I cant use it at this moment due to the fact how it handles 2 vaults using cloud storage.

I am a long time 1password user (offline version). Unfortunately 1password is more focused on the cloud version. 1Password supports multiple vaults for the same dropbox account, but multiple vaults is not supported in the android app. This hinders me in the way how I want to handle my passwords.

For 1 password I have 2 vaults, one for me personally (work stuff) and one for the family. I am sharing the family vault through the dropbox sharing feature. This works fine.

Don't understand why Enpass cant do the same thing, I am guessing it took a different approach. I hope in future it would be easier to have multiple vaults within the same cloud provider.

 

/edit

Perhaps folder sync can be a solution, just place your folder within a dropbox folder. What disadvantages would this have?

Edited by ido
  • Thanks 1
Link to comment
Share on other sites

Thanks for the reply Vinod Kumar.

I am also missing folder sync in the Android app. I am guessing this "trick" wont work.  Perhaps a webdav server can act as the central storage.

Or use dropbox and onedrive to have 2 vaults, not ideal, but gets me where I want to be.

 

Link to comment
Share on other sites

Here's the screen when I start a fresh install of enpass on Android (sorry its in Dutch, dont know how to get it to English)

I only see local storage, under backup section. perhaps thats it.  mm wondering how dropbox keeps a local folder up-to date. 1password syncs the dropbox folder for me, dont really know how to do this in the enpass scenario.

Screenshot_20190104-103847_Enpass.thumb.jpg.fd550bdf14e43d73ab25744556d06000.jpg

Link to comment
Share on other sites

36 minutes ago, Vinod Kumar said:

@ido That is restore screen not sync. Choose "Local Storage" or WiFi and restore a backup from your desktop. Alternatively, create a fresh vault by pressing "I am a new user". After completing initial setup goto Settings->Vaults->Primary->Setup Sync.

I see, thanks. Now I can sync the vault with a folder. I only need to figure out how dropbox handles this, it should sync the folder with the cloud version when anything changes.

/edit

too bad, not for the free version

Save folders for offline viewing on a mobile device is available to Dropbox Plus, Professional, Business, and Enterprise customers.

/edit 2

Single file will work in offline mode. Dont know if enpass uses a single file to store all its data, of so, it could work.

Edited by ido
Link to comment
Share on other sites

@ido You can find some third party app that can work for you.

2 hours ago, ido said:

Single file will work in offline mode. Dont know if enpass uses a single file to store all its data, of so, it could work. 

Enpass will create additional files for attachments. It will be a single file if there is no attachment.

Link to comment
Share on other sites

This architecture of one vault per cloud service and the insistence on using non shareable folders fails to take account of how actual users work in the real world and offloads complexity unnecessarily into the user instead of working out the appropriate application architecture to support actual use cases. 

Multiple vaults as implemented is not workable in the real world. 

As a user I refuse to setup another Dropbox account in order to share vaults with my family because Enpass has setup a deficient application architecture. 

  • Like 1
Link to comment
Share on other sites

Hi,

i change to Enpass to use the multiple vaults feature on different devices (MacOS and Android). I need five separate vaults.
Why it's not possible to use one account (e.g. onedrive or google) and store all separate vaults with separate names in that account?

Do I really create four other accounts, to use multiple vaults? What's the restriction behind this?
In KeePass I had all vaults in one account, without problems...

Hope you could change this ... please.

Marcel

//Edit: Opened a separate thread, because i didn't saw this thread, sorry. Thanks for merging my thread into this one.

Edited by maeck
Link to comment
Share on other sites

9 hours ago, maeck said:

...What's the restriction behind this?...

Hope you could change this ... please.

Marcel

//Edit: Opened a separate thread, because i didn't saw this thread, sorry. Thanks for merging my thread into this one.

The restriction behind this is that they stupidly chose to use the most restrictive set of file permissions which prevents sharing of the file from the file sharing service

Link to comment
Share on other sites

  • 3 weeks later...

Good news !

You can share multiple vaults using the same Cloud (at least OwnCloud/NextCloud).

This is possible through Webdav file access.

The solution is the following : when adding a new Vault in Enpass, using webdav synchronization, define the URL as such:

https://<myowncloudserver>/remote.php/dav/files/<username>/<directory>/

Where:

  • myowncloudserver is your owncloud/nextcloud server, with any additional sub-path needed
  • username is your owncloud/nextcloud username (with appropriate coding, such as "%20" replacing spaces if any) - Note : there is currently a bug in version 6.0.3 that prevents it from working !!! but it's OK with 6.0.0
  • directory is any sub-directory structure you may have under your owncloud/nextcloud home dir to store your vaults

Enpass will create an additional sub-directory in your provided <directory>, named "Enpass", where it will store your Vault wallet and needed files.

 

Practical example:

URL = https://myowncloudserver.com/remote.php/dav/files/John Doe/Vaults/

 

Then, you just need to share your <directory> at owncloud/nextcloud level with whomever you want (allowing modify capability), and... that's it !

 

Now, we just need to 6.0.3. bug to be corrected, and all will be fine...

Link to comment
Share on other sites

12 hours ago, MisterT said:

... and... that's it !

Now, we just need to 6.0.3. bug to be corrected, and all will be fine...

Congrats on working out a solution that works for your setup. 

A multiple step self rolled file store to replace a simple commercially available log in isn’t a great alternative for, and is beyond the capability / interest level of, the average user. 

I don’t buy a car so I can tinker with it, I don’t pay for features so I can then build a bespoke platform to deliver them. 

I’m sure there will be some people who will be happy to go this route it’s not really a workable alternative for the majority. 

 

Link to comment
Share on other sites

12 hours ago, MisterT said:

... and... that's it !

Now, we just need to 6.0.3. bug to be corrected, and all will be fine...

Congrats on working out a solution that works for your setup. 

A multiple step self rolled file store to replace a simple commercially available log in isn’t a great alternative for, and is beyond the capability / interest level of, the average user. 

I don’t buy a car so I can tinker with it, I don’t pay for features so I can then build a bespoke platform to deliver them. 

I’m sure there will be some people who will be happy to go this route it’s not really a workable alternative for the majority. 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...