We are exploring the possibility of KeePass becoming one of the Tiki Suite Components
KeePass is a popular, full-featured FLOSS password manager. Beyond passwords, you can also attach files to password entries (ex.: PGP signature files, sensitive spreadsheets, contracts, etc.), which is immensely useful. There are use cases which instead warrant folder encryption or even full-disk encryption, which is not handled by KeePass, but the keys to decrypt could be stored in KeePass.
It is not possible to have more than one password per database, thus, each project / team needs to share a KeePass database (a .kdbx file). Each user could manage their own database of passwords (with all the nifty integrations that are available). For Team passwords, we'll be investigating storage in the Tiki File gallery, protected by User Encryption. So the shared password to open the KeePass database could be entered by the sysadmin while the user is currently logged in (via a Jitsi remote desktop control session), but after that, the user accesses the data without ever knowing the KeePass password. The KeePass data will in some cases be shown to the user (to copy-paste somewhere) or to access external systems. For more sensitive contexts, we could even log who accessed what password when and even send an email notification with the Watch feature ("user jo.smith has accessed the password for system XYZ"). Down the road, we could add a mechanism to block a user to sequentially access all the passwords (like the throttling feature we have in Tiki forums).
Some web-related plugins & add-ons
URL in task bar
- https://addons.mozilla.org/en-US/firefox/addon/hostname-in-titlebar/
- https://chrome.google.com/webstore/detail/ur
l-in-title/ignpacbgnbnkaiooknalneoeladjnfgb?hl=en
chromeIPass & PassIFox
- https://github.com/pfn/passifox/blob/master/documentation/chromeIPass.md
- https://github.com/pfn/passifox/blob/master/documentation/PassIFox.md
- https://github.com/pfn/keepasshttp/
KeeFox
Web / PHP access to KeePass data
Browsepass
- http://techualization.blogspot.ca/2013/09/introducing-browsepass-keepass-on-web.html
- https://bitbucket.org/namn/browsepass
WebKeePass (Perl)
- http://blog.sukria.net/2013/08/27/webkeepass-or-how-to-build-your-own-cloud-aware-keyring/
- https://registry.hub.docker.com/u/velocity303/webkeepass-docker/
libKeePHPass
CliPass
KeePassPHP
PHPpw
KeePass-Node
- https://github.com/gesellix/keepass-node
- http://gesellix.net/keepass-node-with-https-support/
- http://gesellix.net/node-js-with-angularjs-implementation-of-a-keepass2-browser/
keepass.io
CloudKeePass
gui.keepass.io
Keeweb
https://github.com/jhass/nextcloud-keeweb
Android
KeepShare
KeePassDroid
Keepass2Android
https://f-droid.org/forums/topic/keepass2android/
Other
KeePassKit
kpcli - A command line interface to KeePass database files
Passopolis
Chainpad and Cryptpad
Passbolt
- https://www.openhub.net/p/passbolt
- https://medium.com/passbolt/passbolt-case-study-96b6d0d689c4
- https://medium.com/passbolt/meet-passbolt-new-group-feature-f20261f2ff51
- https://www.passbolt.com/faq
KeePassXC
sysPass
Teams
- Feature: keepass central management concept
- Easy way to transfer password entries between databases
- This is useful to make a project/team Keepass file and for users to easily move data there
- KeeAutoExec can be used to automatically open additional databases when opening a database.
- https://medium.com/passbolt/how-passbolt-will-implement-groups-ee49108a6ff1
OTP or MFA
Other
Feature requests
- Export to Encrypted HTML
- Multi-user / Multi-access / DBMS
- References to other KeePass Databases
- Multiple User with access rights
Related links
- http://sww.nz/an-alternative-to-storing-passwords-in-filezilla-or-other-ftp-clients/
- OpenPGP
- https://securityinabox.org/en/keepass_main
- Tiki Suite Security
- https://blog.mozilla.org/internetcitizen/2017/01/25/better-password-security
Other FLOSS options
- https://github.com/subdavis/Tusk
- https://www.kee.pm/
- https://bitwarden.com
- http://rattic.org/
- KeePassX
- https://github.com/pklink/ppma
- TeamPass
- Vaultier
- SFLvault
- Clipperz
- HashiCorp Vault
- https://github.com/zombiezen/sandpass
- https://anarc.at/blog/2017-02-22-password-managers/
- https://www.justwatch.com/blog/post/announcing-gopass/