Been using keepass desktop for years with the kee browser plugin. I use a cloud to share a copy of the db that then the desktop app syncs with the local copy. That works great for my personal db from multiple machines. No issues with overwriting an entry even though there is no true “record lock”.
But now am maintaining a keepass db for a small organization and getting that setup (above) on multiple people’s personal machines is impractical.
Thus for the organization’s pw db I’m considering Kee Vault instead (can import the existing kdbx)
My main question is Kee Vault set up to have multiple users accessing a single vault(db)?
- Can each user have their own master pw to the same vault(db)?
- Can an administrator setup/revoke a user’s access?
- Is there a mechanism to lock an entry during editing?
- Is their role/permissions levels (e.g user role, readonly, admin role: rw)
kind of like this project. https://github.com/nilsteampassnet/TeamPass. Although that project is not getting regular updates, nor does it have browser plugin or android app so it’s really not usefull.
If the answer is a resounding NO then this I suppose this is a feature request cause with it comes to my pw data I only trust @dlech and none of those other corporate solutions.
Unfortunately it is a “no” to all 4 of your questions. Kee Vault is powered by the same KDBX file format as KeePass and all related password managers. That format is only designed for single user access. Sharing a single user account across a few people might work out just fine but it simply doesn’t support the more advanced features you’re looking for. Other password managers which are powered by servers rather than executing locally on your client would be able to offer those features, although you obviously then lose the benefit of being able to trust what code is actually executing while your private data is flowing through their system and hit problems when the server or network is slow or broken. If I had an easy answer to that ongoing conundrum I’d probably be a billionaire by now!
As for it being a feature request, we’re definitely interested in the idea (and have been for a decade). It would be great to have a solution for businesses as well as individuals but I’m not convinced that KeePass’s KDBX file is a reasonable starting point for that so it’s likely the amount of development work will be similar or more than we’ve already put into Kee Vault over the years. Given the difficulty of doing this efficiently while ensuring there is no need to trust us and the sheer amount of work required, it’s still highly unlikely to be something we can implement in the foreseeable future.