Handle use case: common credentials for multiple sites (configured to use LDAP) #2020
Comments
You can set multiple additional URL's to entry using the Browser Integration page when editing it. |
|
keepassxreboot/keepassxc#9835 This would be probably helpful too. |
|
This is very much a solved problem already. You can use the multiple browser urls like mentioned by varjolintu. https://keepassxc.org/docs/KeePassXC_UserGuide#_advanced_usage You can also use the entry clone feature. By extension you can use field references manually as well. https://keepassxc.org/docs/KeePassXC_UserGuide#_clone_an_entry https://keepassxc.org/docs/KeePassXC_UserGuide#_entry_cross_reference I think this can be closed completed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Suppose you work in a company with many internal sites (on different domains / IP addresses) that all require you to use AD account credentials.
These are basically a single set of credentials and thus they need to be stored in KeePassXC db as a single entry (because if it changes due to, say, following policy of passwords rotation - then new credentials need to be used on all those sites).
A single entry in KeePassXC db has only 1 URL field.
Sometimes a company may utilize more than 1 domain (for example: 1 for sites in dev/test environment and 1 for pre-prod/prod environment, or when a company is an umbrella of multiple smaller companies each with its own domain).
Quite usually the set of internal sites is quite dynamic and one wouldn't want to save temporary domains as entries to their KeePassXC db.
All this leads to a problem, that there's a use case that currently doesn't fit in well.
I don't have a perfect solution for this problem, but I'd like at least something better compared to what I currently have to do about this.
Idea №1.
User modifies the entry in KeePassXC db that holds domain credentials and adds an extra field with a pre-defined name like 'domain' and arbitrary value.
KeePassXC-browser then should scan connected DBs for entries, containing the field named 'domain' and use them all as possible selections.
Values of that field could be used as labels defining specific domain (like MYCOMPANY for prod and TMYCOMPANT for dev/test envs).
I don't know whether KeePassXC-browser can even query KeePassXC for such a wide scan.
Idea №2.
Introduce a new UI to prompt arbitrary credentials to be remembered as 'common credentials', so that user could before visiting company sites could first point KeePassXC-browser to such specific entries that hold credentials that are common for multiple URLs.
Then, when user visits a site, KeePassXC-browser would suggest those credentials ~everywhere.
Idea №3.
Like №2, but also introduce a set of dynamic fields in KeePassXC-browser settings/UI so that user could curate a list of sites for each 'common credentials' entry and then KeePassXC-browser would suggest common credentials only on specific sites.
This way it's better that you won't be suggested to use credentials for your company when you auth on, say, youtube, but that feature will also require a lot of changes in the UI:
and so on.
Idea №4.
Solve the problem on KeePassXC side: KeePassXC db is a db, right? Well, dbs tend to support linking/referencing.
I doubt KeePassXC databases currently support that, but they could.
And then a user could create an entry per common credentials pair and as many entries for internal sites. Entries for internal sites wouldn't hold login+password themselves but instead would reference the entry with common credentials for these fields.
The minus of that approach is that the user would need to create an entry in their KeePassXC db for each internal site before being able to use them in browser and this will be a PitA for dynamic sites.
The text was updated successfully, but these errors were encountered: