Decentralized Password Manager for Teams based on Matrix protocol

[MurzNN]

Because Matrix protocol gives us strong E2E encryption and decentralized storage, I think it will be good idea to implement decentralized Password Manager, based on Matrix rooms as storage, that uses Matrix State Events to store item data.

Now we have a lot of different password managers, but all of them are centralized, so there is no ability to share some passwords bundle with one team on one server, and other bundle - with second team on other server.

Using Matrix Room as storage for passwords automatically gives us ability to share data using room membership and decentralization, synchronization between devices and teams, PUSH notifications for changes, and data will be E2E encrypted!

What do you think about this idea?

[MurzNN]

Maybe we can even reuse some already existing opensource password manager client (eg Bitwarden or Passbolt) with reworking only part, where it syncs local database with server.

[ptman]

I think in a business/organisation team context having offline sync is potentially an undesired feature. Someone getting fired is going to end up with passwords in their copy of the database. Changing passwords can be a lot of work and can take a lot of time. Bitwarden is good software, but suffers from the same problem.

[MurzNN]

Even if you can instantly restrict access to all passwords database from employer side before firing, it's no guarantees that they don't already saved needed passwords manually (maybe unintentionally) even on paper, so action to change all passwords to which that user had access before is inevitable anyway!

[ptman]

Centralized, non-offline, password managers (like the one used at google, valentine?) can keep an audit log of which passwords a user has accessed, so you only need to change those.

[NathanC]

Maybe we can even reuse some already existing opensource password manager client (eg Bitwarden or Passbolt) with reworking only part, where it syncs local database with server.

This is an amazing idea @MurzNN, and honestly seems quite simple to do. Even the web extensions could do it with the matrix js library.

We don't need any changes to the spec for this, just a way of serializing the data to a room or space and thus having it automatically sync. People could do it on their own homeserver or on matrix.org, and either use their own account or create a new account for it (new account would be recommended, to reduce attack surface of signing into your account in a lot of places).

--

It wouldn't get replicated across homeservers though-- but maybe you could use multiple accounts with the same password, maintain a copy of the backend on both matrix.org and your personal homeserver. Is there a way to get servers to federate rooms with only 1 member in them, without sharing keys?