I’ve been using Enpass for a while now.
Enpass is a passwords manager, that works fine on desktops running Windows / Linux / Mac, and perfectly integrated with my browser (Firefox,…). It also works on Android and IOS, which makes it really convenient for day-to-day usage…
I may create a special post just to explain why you must use a tool such as Enpass to store your passwords, and why did I chose Enpass (commercial license => you have to pay on mobile devices / but it’s free -like in free beer- on desktops)
I’ve got it installed on all my devices (Linux, Windows, Android phone, Android Tablet,…), as well as for my whole family.
Enpass recently migrated to version 6.x. Among several major changes, one was very expected on my side : multi-vaults…
This means you can create separate vaults to store your passwords, and share some of them with others… I was waiting for it to share many passwords with my wife (on-line shops, government agencies,…)
I managed to do it properly, but you need to know how to configure things.
Here is how I proceeded…
Preliminary notice about synchronization
Enpass is working by storing data (“wallet”) locally, on your device, using strongly encrypted files (256-bit AES with 100,000 rounds of PBKDF2-HMAC-SHA512 using the peer-reviewed and open-source encryption engine SQLCipher)
The encrypted file is not even disclosed to anyone (compared to LastPass, as an example…)
Enpass also proposes to sync your local wallet, using several “Clouds” available on the market (Google, Amazon,…). Even Owncloud/Nextcloud can be used, as Enpass knows how to use webdav to manage this sync…
Once synced, your wallet file is stored both on your local device and on your Cloud account.
Main advantage of Cloud repository usage : you can sync your wallet on multiple devices, each one being in sync with the wallet on your Cloud…
How to setup your main vault
At first you need to create your “primary” vault when installing Enpass.
That’s for you, for your own passwords.
You are efficiently guided when launching Enpass for the first time, so I will not elaborate on this here.
But then, you need to sync on the Cloud, if you want your multiple devices to use the same wallet…
I chose to synchronize on my owncloud personal instance (data is hosted at home). This is done using Webdav… Just select “webdav” sync and enter your URL. Syntax is the following :
https://<myowncloudserver>/remote.php/webdav/<directory>/
(If you leave <directory> empty, then it will use “/” of your owncloud home dir as basedir). Personally, I created a “/Vaults” directory at my owcloud root, to store my multiples vaults.
Remember to enter your owncloud credentials (full login name + password) below, for Enpass to connect to your Cloud.
Then, from <directory>, Enpass will create a subdir named “Enpass” and will store a copy of your wallet with which it synchronizes properly.
Done.
Simple, isn’t it ?
Repeat on all your devices, and you have a wonderful way to manage hundreds of passwords and sensible data (today, I have ~600 entries in my vault).
Of course, don’t forget your “master password” !!! This is the one you use to open your Enpass vault. If you loose it, there is no way to recover… so… be careful…
(but, once Enpass is installed, that password is the last and unique password you have to remember !)
How to setup additional vault(s) ?
First, I suggest that you prepare the hosting structure within your Cloud repository. This will make things simpler.
In my case, as I already created a “/Vaults” directory at the top level of my Cloud, I simply created a subdir “Common” there. Then, I shared this sub-dir with my wife, using owncloud sharing capabilities (remember to grant read/write access when sharing).
Next step is within your Enpass configuration. Simply go to the Vault menu and press the “+” button to add a second vault.
Give it a name (and an icon).
Then you can create it (if it is the first time you create it), or sync with an existing one (if you are repeating the action on other devices)…
Whatever situation, you will have to explain Enpass how to sync.
Here again, after selecting synchronization through Webdav, the URL to provide is :
https://<myowncloudserver>/remote.php/webdav/<directory>/
(in my case, <directory> = /Vaults/Common/)
Be careful not to provide the URL of another vault, such as your primary vault !!!
Provide your Cloud credentials, and… That’s it !
(you just need to provide Enpass with this second vault password – I suggest to store this password in your main vault, so that Enpass can open the secondary vault without your help once you manually open the primary one…)
Note : on my wife’s devices, the URL is slightly different, as owncloud is “mounting” the shared directory directly at top level, with the same name (I don’t know if we can change this). So I renamed it, from “Common” to “Enpass_Common”, but this is not very “nice” when you look at her home dir in owncloud… 🙁
Nevertheless, the URL in her case is :
https://<myowncloudserver>/remote.php/webdav/Enpass_Common/
=> adjust to your needs !
Conclusion
Once again, it looks very simple, but I could not find appropriate documentation about this. Even worse : documentation was mentionning that you need multiple Cloud logins to use multiple vaults ! This is not true on Owncloud/Nextcloud, but I could not find any doc on it… And on the Enpass forum, people were complaining about this Enpass limitation.
Truth is that Enpass is not limited and can store multiple vaults within a single Owncloud/Nextcloud access, if you know how to set it up…
And please : use a password manager such as Enpass, to make sure you have different passwords for each of your login, with strong, random and complex characters (12 chars min when possible),… That’s basics today…
