keys-pub/keys

Where is data stored? How can it be synced / backed up?

clehene opened this issue ยท 6 comments

I looked through settings and then docs, but was unable to find any information about the local storage and whether it ca be synced / backed up.

Keys and secrets are stored in the system keyring (macOS/Keychain, windows/wincred, linux/SecretService).

There is currently no tool to export everything yet. You can export individual keys (keys export) or in the app (right click a key then Export).

I'm working on an export all feature, and after that a self hosted backup option, probably available in the next week or so.

Thank you, @gabriel.
BTW, please let me know if this isn't the right forum for the discussion and we can move it someplace else.

I'm using both Keybase and Keepass for slightly different use-cases and it seems this brings together concepts from both, which is nice, but at the same time it brings up questions whether it can fundamentally fulfill those use-cases at the same time.

One of the problems (from a user standpoint) is portability across devices. Backup is a good use-case but syncing is the main one that tends to make things that are normally very secure, less secure in reality. In particular, storing secrets without a secure way to share/sync them is problematic.

Keybase benefits from the "magic" server stuff that gets in a battery-included shape from the get-go, sync all devices, etc
Keypass has a portable database that you can put in dropbox and sync across devices.

If I properly understand keys.pub goals (especially managing user identities) I think the aspects above should be part of the core capabilities (I think it's hard/impossible to retrofit them as second class citizens).

Thanks for your feedback!

This project is meant to be for those who want to find a key or want to publish a key and have some identity associated with it, and those who want to manage keys themselves maybe like they do with PGP. It's also meant to be a library and service for developers too. And to promote Saltpack which is great.

I am interested in having it do password/secrets management as well, but yeah, it is still missing many many important features including sync, backup or even mobile apps. I think first even is warning users that it doesn't do backups currently, and be more clear that the project is in beta/alpha/early stages.

Really appreciate the feedback.

@gabriel have you looked at pass (www.passwordstore.org)? I know that theage project was looking to integrate it, into password management. Maybe there is an opportunity to do something like this.

Yeah I have and I like the feature of being able to use a git repo as backup/sync. I haven't had a chance to look too deeply though but I plan to. If possible I would probably try to do the same thing as pass (each keyring item as an encrypted file in a git repo) for backup/sync.

The latest release has an experimental feature called Vault which provides backup and sync (if optionally enabled).
I've started some really basic documentation at https://keys.pub/docs/specs/vault.html, will be adding to it more in the next few days.

I haven't experimented yet with alternative methods of backups, like copying the vault (leveldb) database into a Dropbox or iCloud folder, though that might be possible.

I originally tried the git approach but it's actually pretty hard to build a good UX around that, when dealing with conflicts, setting up a repo, dependencies and all that.

I am going to close this but feel free to keep the discussion going?