Jump to content
Enpass Discussion Forum

Why is it not possible to sync two vaults to the same cloud storage


chribonn
 Share

Recommended Posts

@MisterT Nextcloud is anyway the best cloud solution ;) :D :P 

 

But I don’t quite get your intention. Why are you making it so complicated? Or are you sharing this vault somehow with not registered 3rd party users?

I‘ve solved it the similar way. In my nextcloud account I have a folder, let's say, "Enpass" and in this folder some sub-folders for each vault: e.g. vault_1, vault_2, vault_3 etc. Some of this vaults are shared with other nextcloud users and they've just added the appropriate shared sub-folder into their main folder "Enpass", too. This way everyone has their own login credentials and see only its sub-folder(-s)/vault(-s) he has the rights for. The vaults are still synced within my nextcloud instance and every user has its own WebDAV URL, like this:

https://<myowncloudserver>/remote.php/webdav/Enpass/vault_#/

 

I like your idea to share the vault with somebody, who is not registered as a nextcloud user. But I still don't get how you've solved it, though. Is it possible at all or did you meant sharing with other nextcloud users? I mean for the Enpass app you'll need a username and password to connect to and a guest user don't have those...

Link to comment
Share on other sites

48 minutes ago, xarekate said:

@MisterT Nextcloud is anyway the best cloud solution ;) :D :P 

 

But I don’t quite get your intention. Why are you making it so complicated? Or are you sharing this vault somehow with not registered 3rd party users?

I‘ve solved it the similar way. In my nextcloud account I have a folder, let's say, "Enpass" and in this folder some sub-folders for each vault: e.g. vault_1, vault_2, vault_3 etc. Some of this vaults are shared with other nextcloud users and they've just added the appropriate shared sub-folder into their main folder "Enpass", too. This way everyone has their own login credentials and see only its sub-folder(-s)/vault(-s) he has the rights for. The vaults are still synced within my nextcloud instance and every user has its own WebDAV URL, like this:


https://<myowncloudserver>/remote.php/webdav/Enpass/vault_#/

 

I like your idea to share the vault with somebody, who is not registered as a nextcloud user. But I still don't get how you've solved it, though. Is it possible at all or did you meant sharing with other nextcloud users? I mean for the Enpass app you'll need a username and password to connect to and a guest user don't have those...

Hi there,

 

First : yes, Nextcloud is my next move :-)

Then, to answer your second question ("why are you making it so complicated ?")... simply because I didn't know that we could do it this way :-) I mean : using this URL, with webdav syntax (and not "dav" only)

Thanks to your feedback, I modified my config and it works ! And it works both on 6.0.0 and 6.0.3

=> you saved my issue...

Thanks !

Link to comment
Share on other sites

@MisterT Then it was just a misunderstanding from my side. Nevertheless, glad that I could help you and now it works without any issues.

Btw. small tip at the end: try to avoid spaces or less common characters in usernames or passwords. It can lead to unpredictable consequences. So in usernames I use only underscore, minus and dot. In passwords the quotation marks or apostrophes, sometimes backslash could lead to problems, if you'll try to use this credentials in e.g. iOS profiles or similar things.

Link to comment
Share on other sites

I just forced my entire workplace to install enpass on their computers because I was thinking of sharing a vault with them but now I realise I can't do it in any simple way like I was planning. So just to be clear, Is a webdav service the only way to get around this issue?? I have formerly used 1password, which I left for a plethora of reasons, however it was simple enough to keep several vaults in my dropbox storage and share the ones I wanted to with others. This limitation which I had no clue about is just about to make my strife for securing my workplace passwords (that are currently being sent around through chats, emails and post-it's) much more cumbersome.

Can enpass please update us on if there are any plans on making this work in a simple way? With cloud providers like google drive or dropbox? A way to choose which folder we want to put the vault in and share it with another user should be simple enough and then to have the option of choosing a certain folder in the cloud to sync with? I honestly don't understand the explanation earlier, and it doesn't really matter either since it's possible for other password managers so it can't be impossible right?

 

Link to comment
Share on other sites

1 hour ago, david said:

I have formerly used 1password, which I left for a plethora of reasons, however it was simple enough to keep several vaults in my dropbox storage and share the ones I wanted to with others.

I'm just curious, how you managed to share your vaults with others in general? Were those people registered at the same cloud storage provider (in your case dropbox) and you only shared your vault-folder to their accounts or were they 3rd party users (guests) with no dropbox account at all? 

Link to comment
Share on other sites

10 hours ago, xarekate said:

I'm just curious, how you managed to share your vaults with others in general? Were those people registered at the same cloud storage provider (in your case dropbox) and you only shared your vault-folder to their accounts or were they 3rd party users (guests) with no dropbox account at all? 

1Password does not force the Vault into the App folder, so you then able to share the individual file with other users without needing a redundant third file store.

Dropbox in their wisdom have locked down the App folder to be unshareable - which suggests an underlying flaw in their architecture that they have had to do that.

Link to comment
Share on other sites

6 hours ago, xarekate said:

@WonderPass Ok, I see. But how exactly a person without a cloud account can use a vault within your shared folder? 

There’s a misunderstanding here. 

You both need to have the same service eg Dropbox but you only need one each. Enpass would require you have one each plus another account (that you both know the username and password for) in which you put the shared vault. That is to say THREE accounts between you. 

Edited by WonderPass
Link to comment
Share on other sites

@WonderPass

Indeed, thanks for the clarification. I just was searching for an opportunity to share a vault with somebody who is not registered at the same cloud service (Nextcloud/WebDAV in my case) and was hoping there is some possibility (would be something nice-to-have for me). But I think, I have to give up that idea, now it seems definitely impossible to me.

Link to comment
Share on other sites

WonderPass, I am curious to know if you've done research to be able to make the following statement—or if this your personal conclusion.

On 1/31/2019 at 8:09 PM, WonderPass said:

Dropbox in their wisdom have locked down the App folder to be unshareable - which suggests an underlying flaw in their architecture that they have had to do that.

 I can't imagine that a company as successful as Dropbox made a business decision only for it be deemed as a “flaw in their architecture”. I feel inclined to believe it is more likely they offer this as a solution for reasons related to security.

As such, I've taken a few minutes to find reference material that addresses your concern.

Dropbox allows third-party developer apps to request access to a Dropbox account via two methods.

  • A specific folder in your Dropbox account. The app can only access files in that folder.
  • All folders and files in your Dropbox account.

The second method was previously addressed by Vinod, in his statement:

On 12/29/2018 at 8:05 AM, Vinod Kumar said:

Hi all,

The access to a cloud resource is controlled by OAuth tokens. Suppose, you were able to create two vaults on your cloud account and you want to share one of it with another person. You need to set up sync on his device by yourself, with your cloud credentials at least once, as you certainly won't reveal your cloud password to him. But another person in possession of access token can access the whole drive area including your primary vault. If another person has malicious intentions he could delete/copy/replace your primary vault data file.

Hope this clears the air.

 

When designing Enpass, the team opted to request access to a specific folder so that a scenario such as the one described above doesn't occur, should a user's OAuth token become compromised—and it could happen, just as Vinod explains, you link your Dropbox account to a device owned by friend/partner/relative, granting them access to all of your folders and files... if their device or the OAuth token used to authenticate to Dropbox become compromised, then too does everything you have depended on Dropbox to securely store. I understand, we are speaking of probability for the incident to occur. What frightens me is what would happen if that did occur and how the user would respond. Someone would be blamed and it would be a a choice between the developers of Dropbox and Enpass.

Link to comment
Share on other sites

6 minutes ago, seancojr said:

WonderPass, I am curious to know if you've done research to be able to make the following statement—or if this your personal conclusion.

I can't imagine that a company as successful as Dropbox made a business decision only for it be deemed as a “flaw in their architecture”. I feel inclined to believe it is more likely they offer this as a solution for reasons related to security.

As such, I've taken a few minutes to find reference material that addresses your concern.

Dropbox allows third-party developer apps to request access to a Dropbox account via two methods.

  • A specific folder in your Dropbox account. The app can only access files in that folder.
  • All folders and files in your Dropbox account.

The second method was previously addressed by Vinod, in his statement:

When designing Enpass, the team opted to request access to a specific folder so that a scenario such as the one described above doesn't occur, should a user's OAuth token become compromised—and it could happen, just as Vinod explains, you link your Dropbox account to a device owned by friend/partner/relative, granting them access to all of your folders and files... if their device or the OAuth token used to authenticate to Dropbox become compromised, then too does everything you have depended on Dropbox to securely store. I understand, we are speaking of probability for the incident to occur. What frightens me is what would happen if that did occur and how the user would respond. Someone would be blamed and it would be a a choice between the developers of Dropbox and Enpass.

So much to unpack here. 

Yes I did research this hence I know how it works. 

Dropbox being big and successful does not make them right in all of their decisions. If you’ve worked for a large company some of the worst design decisions are dressed as a feature because it’s easier than fixing the underlying issue  

The poor architecture is the failure to anticipate that whilst locking down access of the app it then precludes interaction with those files with other users. You may consider my position arrogant but the fact that Enpass is supposed to allow shared vaults would indicate that this architecture doesn’t fit actual use cases. That the solution is to create this hyper restricted folder indicates that the all or nothing OAUTH model is on reflection a poor design. 

But frankly my opinion is unimportant as I have deleted Enpass. 

Link to comment
Share on other sites

20 hours ago, WonderPass said:

So much to unpack here.

Yes I did research this hence I know how it works.

Dropbox being big and successful does not make them right in all of their decisions. If you’ve worked for a large company some of the worst design decisions are dressed as a feature because it’s easier than fixing the underlying issue

The poor architecture is the failure to anticipate that whilst locking down access of the app it then precludes interaction with those files with other users. You may consider my position arrogant but the fact that Enpass is supposed to allow shared vaults would indicate that this architecture doesn’t fit actual use cases. That the solution is to create this hyper restricted folder indicates that the all or nothing OAUTH model is on reflection a poor design.

But frankly my opinion is unimportant as I have deleted Enpass.

Fair point about company success. I won't restate my previous thoughts about why they seem to take the current stance and use an app folder, because an member of their team already spoke on that. In the end, it's up to consumers to present a great demand to influence the direction of product development. Perhaps, the Enpass team will change how the program connects to cloud storage. Time will tell. Furthermore, your opinion is important. I wish you wouldn't feel such a way.

Link to comment
Share on other sites

  • 1 month later...

Hello!

I'm using 1Password for many year, and  I don't like their movements to cloud based subscriptional model.

It will be great If enpass will Support several vaults in one cloud account. And will give opportunity to the user to select location for storing (app folder or some folder in dropbox).

With 1P I use 4 vaults :

1) for privat logins/pass

2) busineses accounts passwords

3) scans of documents (shared with dropbox with my family)

4) "family" passwords (shared with dropbox with my family)

 

 

 

 

Link to comment
Share on other sites

  • 7 months later...
On 12/29/2018 at 7:35 PM, Vinod Kumar said:

Hi all,

The access to a cloud resource is controlled by OAuth tokens. Suppose, you were able to create two vaults on your cloud account and you want to share one of it with another person. You need to set up sync on his device by yourself, with your cloud credentials at least once, as you certainly won't reveal your cloud password to him. But another person in possession of access token mycoles can access the whole drive area including your primary vault. If another person has malicious intentions he could delete/copy/replace your primary vault data file.

Hope this clears the air.

 

Thanks for the information.

Edited by nenlein
spelling
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...