Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KeeShare: Set import mode as read only #10884

Open
taurus227 opened this issue Jun 12, 2024 · 4 comments
Open

KeeShare: Set import mode as read only #10884

taurus227 opened this issue Jun 12, 2024 · 4 comments
Labels
feature: KeeShare new feature

Comments

@taurus227
Copy link

taurus227 commented Jun 12, 2024
edited
Loading

Summary

Allow the user to set a Group using KeeShare Import to read-only, where all editing would be denied for entries in the group

Context

We use Passbolt to share credentials within the company. These are credentials for internal systems, as well as external systems we support. It is very useful to keep track of who knows which credentials, which helps a lot when someone leaves the company: it will inform us which shared passwords should be changed.

Users can export all credentials that are shared with them into a kdbx file and use KeePassXC's KeeShare feature (set to Import) to import the shared credentials into a "passbolt-export" sub-Group of their personal kdbx file (which contains additional non-shared credentials).

It would be great if we could make the "passbolt-export" sub-Group read-only, so that the users don't accidentally update any shared credentials in the KeePassXC UI. Updating should only be done in Passbolt (based on user permissions), then re-exported into the kdbx file and re-imported into the "passbolt-export" sub-Group.
@droidmonkey
Copy link
Member

Setting to import mode for keeshare means no changes are written back to the main shared file (which can be set read only by permission). Your setup also means the source of truth is not impacted anyway.

Either way, a read only mode at any level is just not possible for us. We would have to undergo a massive rewrite of all GUI code and move to database transactional changes. At this time that is just not going to happen. As such we won't be able to entertain a request like this.

@droidmonkey droidmonkey closed this as not planned Won't fix, can't repro, duplicate, stale Jun 12, 2024
@droidmonkey
Copy link
Member

Upon further reflection, I bet I can implement something like this as a keeshare feature when using the import method. However it would only apply within keepassxc. Using any other keepass application would not honor read only.

@droidmonkey droidmonkey reopened this Jun 12, 2024
@droidmonkey droidmonkey changed the title Set a Group to Read-Only KeeSahre: Set import share as read only Jun 12, 2024
@droidmonkey droidmonkey changed the title KeeSahre: Set import share as read only KeeShare: Set import mode as read only Jun 12, 2024
@taurus227
Copy link
Author

Thank you! Yes, I would be happy with a KeeShare-specific feature. However, I realized that it's not actually a "read-only import" that I need, but more of a "one-way sync". Examples: if an entry is deleted from the imported file, it should also be removed from the group. And if it's renamed in the imported file, it should also be renamed in the group, not duplicated under both the old and new names.

@droidmonkey
Copy link
Member

Import should do those things right now as long as the entry uuid doesn't change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature: KeeShare new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@droidmonkey @taurus227