[PB-28543] As a user I can create resources with encrypted file attachement

Q1. What is the problem that you are trying to solve?
Sometimes the password is an actual file, it is not possible to store them in passbolt.

Q2 - Who is impacted?
People with SSL certs, keys and pdfs.

Q3 - Why is it important and/or urgent?
TBD

Q4 - What is your proposed solution? (optional)
Allow uploading file and encrypt them as a part of the secret.
See also: As an administrator I can create new secret types and define their associated input fields

ref. Feature Request: File Attachment · Issue #25 · passbolt/passbolt_api · GitHub

Q5. Community support
People can vote for this idea to show traction:

  • :ok_woman: Must have: this is critical for me to have this
  • :raising_hand_woman: Should have: this is important for me to have this
  • :tipping_hand_woman: Could have: this could be nice to have
  • :no_good_woman: Won’t have: we should not schedule this (explain why)
0 voters
6 Likes

For our team we created also a group to store license keys for applications and other stuff. But sometimes license are also files. So this feature would be great to have.

1 Like

I’d like to store the QR image TOTP apps use to set up accounts for enabling 2FA on shared service-accounts.

Shared accounts are not the best thing to do, but they do exist, and this helps making it shared between a select group of people instead of shared by attackers also.

3 Likes

This feature will be truly useful. There is any update about it?

Thanks for your time! :slight_smile:

Likewise we get customers send us VPN instructions etc. in word documents of .pdf files, would be great store these also.

1 Like

Hi, I believe this become bigger issue and will be urgent very soon.
Those days almost all users using MFA. In lots of cases we need to store Barcodes for MFA, option to add barcode to user account will be crucial for our and many organisations.

this feature would be highly appreicated!

It is essential for us to share Wireguard certificates in order to connect to the VPN along with other credentials.
It is unlikely we will use one software for credentials and another one for certificate files so it is essential for both credentials and files to be supported by Passbolt.
I see it’s 5 years since this first appeared as a requirement, does anyone have any insight in this?

What would be a reasonable file size for such attachment? Basically the main issues with file are the ones related to performance (encryption/decryption speed), configuration compatibility (max request size) and space (network usage, and storage usage). So according to you what should be the maximum file size for one entry? 1MB? More?

I would say 5-10 MB. We also have the demand to store and encrypt certificate files, abd other small files.

ideally Passbolt should give a default size (5-10MB seems reasonable to me) then if a user wants to tweak it to something bigger he should be able via configuration file or web interface but with a big warning regarding performance.
The default size should allow to attach secret files (which are never bigger than some hundreds KB), if one wants to attach PDF files or other documents, as some suggested, a simple external link would be sufficient so that’s not the use case imho.

Passbolt should not become a secure encrypted data storage, it should simply allow to attach small files inherent to authentication/mfa/secrets and these should never be bigger than the default in most cases.

It would be interesting to me to know how these would be stored: inside the db or as encrypted files?
I would suggest to encrypt them and store them as encrypted files outside of the db, in this latter case one would not clutter the db with binary streams, a clear documented procedure to decrypt the files manually in case of disastery recovery would be a plus imho.

It is yet to be decided. Personally I’m inclined to using symmetrically encrypted files (with the key stored in a secret table, like a regular password). In this scenario we would then store the files in DB with an additional cache on file, pretty much like we did for avatar.

This way the files are only accessed from DB when cache is warming up. This facilitate making backups (only one source of data), which we know from experience a lot of people struggle with. Also we don’t have to implement and test multiple file storage configuration and options (as people will want to use S3 buckets, NTFS, etc. for high availability setup).

The disadvantage obviously is more strain on the database.

I think this is workable if the files are small. But it’s up for debate with the team, we will most likely experiment before making a decision.

1 Like

Any news on that feature?

This one is a show stopper! Any news? Workarounds?

If you need to store text files, you can use the encrypted decryption to store those data.

For binary files, we will do something but most likely during/after the summer.

Best,
Max

2 Likes

Would be highly appreciated

Finding out that attachments aren’t possible are a big deal breaker to me, as I’ve used it extensively in keepass.
So far I’ve noticed that Passbolt has no offline functionality and you cannot attach files either.

The reason why file attachments are quite important to me is because I keep a digital copy of important documents (e.g. tax / insurance / national ID / my bank’s ITAN listing), along with some other rather critical files such as SSH/Wireguard config packages.

Of course, I could read these out and write an elaborate Description text but this is something that absolutely must be supported in the app itself.

3 Likes

Heya, just wanted to ask if there area any news regarding this feature.
It’s still highly anticipated, so I wanted to bring it back to attention.
(intentional bump)

2 Likes