Right now, Padlock is able to sync with cloud.padlock.io, which is great, however, I would love to be able to run my own instance of the server and let the (mobile) apps (iOS/Android/possible stand-alone application to be developed) sync with it instead of trusting a third party with my password/sensitive information.

So there'd need to be a choice when setting up sync, i.e. entering a custom URL etc.

I know you've confirmed with me off-list that the newer Padloc will have hosting instructions and instructions on how to build the mobile apps for using these custom instances (since the newer apps won't support custom instance for syncing anymore) added to their repositories.

I'm opening this bug to track the efforts for these tasks, since as much as I love the new service(s) (and am I beta user myself) I won't use a centralized, managed service to sync my passwords.

Padlock, in the past, has been a phenomenal tool for managing my passwords and secrets efficiently and I would love for Padloc to carry on this legacy.

PS: Obviously, I'd rather love to have the official apps support custom servers, but right now there isn't any other choice I'm afraid

With Padlock 2.5.0, you can now individually set each password to either show or stay hidden on hover. But it's set to show by default. With 2.4.2 I had passwords hidden. After upgrading to 2.5.0 they are all shown by default. Changing them one by one is tedious, and there doesn't seem to be a global switch anymore.

Is there, or can there, be a way to hide all passwords in bulk?

Common password managers support the unlocking of the vault using the iOS TouchID fingerprint identification framework.

I will post more information to this issue about the implementation and possible ways in Polymer or cordova.

I simply added .env and tried to run command

npm run start -- --env=file/to/path/.env

but i am getting this as an exit code 
http-server ${PL_PWA_DIR:-dist} -s -p ${PL_PWA_PORT:-8080} --proxy ${PL_PWA_URL:-http://0.0.0.0:${PL_PWA_PORT:-8080}}?

i know that for running development environment i have to run:- npm run dev

but by default it is connecting to leveldb even after i added .env and once i added .env i am trying to run :- npm run start -- --env=file/to/path/.env and again getting the same error

i just need help and way to how to connect to mongodb in local environment and how to make .env work in local environment i am getting PL_DATA_STORAGE_BACKEND was set to 'mongodb', but no related configuration was found!

Please help me with this.

When creating a new item, filling all fields, and saving, the desktop (Mac OS) saves the item with all fields empty.

This doesn't happen all the time. It happens often (probably 40% of the time) and I haven't been able to identify any pattern on why/when this happens.

When Padlock is running, unlocked, under Linux, it appears to be using a consistent 5% of my CPU resources. I'm not sure what it's doing the whole time, but it sure shouldn't be doing anything that requires it to use 5% of my system's resources the whole time?

Let me know if there's anything I can help with in terms of tracking this down.

OS: Xubuntu Linux 18.04 Version: 2.7.2, custom server with auto-sync enabled

Hello,

When I try to login from a computer on my padloc (self hosted), I have the error "Failed to verify auth token".

So, I enter my email, the system doesn't detect that it's an existing account... So I enter a "wrong" password, I confirm, and then padloc detect that my account exist. Thus, it ask me to connect (with my password).

I receive this question ("trust this device ?"):

Then I have the error message:

Here is the console log:

I don't have any error in back.

How can I debug ? I see in the URL that "authToken" is defined... I supposed it's not the correct one, but don't know how to fix that xD

Small information: date and hour of my computer and my server are the same.

Hi there,

Issue: Confirmation Dialogue box never appears when accepting an invite to join a team.

I believe that this is related to using a self-signed certificate.

I am not exposing the site to the wider web.

I am able to sign-in, create vault items, create teams/ orgs but unable to accept the invite for teams.

Time: 2022-01-11T15:04:26.058Z 
Error Code: unknown_error: 
Error Message: Failed to register a ServiceWorker for scope ('https://padloc.holbrookacademy.org/') with script ('https://padloc.holbrookacademy.org/sw.js'): An SSL certificate error occurred when fetching the script.

Time: 2022-01-11T16:33:28.543Z 
Error Code: unknown_error: 
Error Message: Failed to register a ServiceWorker for scope ('https://padloc.holbrookacademy.org/') with script ('https://padloc.holbrookacademy.org/sw.js'): An SSL certificate error occurred when fetching the script.
Stack Trace: 
undefined 

Similar issue to #87, however the following scenario is the case:

• Padlock Cloud running and web interface can be reached from every device I own
• Windows and iOS app connect to the custom padlock cloud server and data gets synchronized
• OS X app throws an error saying "Failed to connect to Padlock Cloud..."

There are no error logs to inspect, as far as I could see. Hard to troubleshoot this issue. Things I have tried:

• Waiting 48 hours to see if DNS was an issue
• Flush DNS cache
• Reinstall Padlock Cloud
• Change port and hostname of Padlock Cloud
• cors set to true

None of the above helped or solved the issue.

IDK if this is a real issue or not, but I was thinking about it this morning

It seems like the architecture is that the DB file is symmetrically encrypted using the passphrase I choose and stored on the server to be synchronized with other devices

That means if someone gets ahold of my database file somehow (e.g. back end server breach) they could relatively easily brute force or dictionary attack passwords on the file unless my passphrase was very complicated (and I doubt most people have complicated passphrases)

Seems like padlock should be using public key encryption where each machine has its own key pair and the key pair has a passphrase-allows you to use different keyphrases on different machines as well. The only limitation of that approach is that a machine with access to the file has to be used to approve adding another device, because it would have to decrypt the file and re-encrypt with a new set of public keys

LMK if I'm totally off base here (I'm hoping that I am)

Trying to use Padloc on a lower tier VM provided through Linode and running into some memory heap issues. I'm wondering if it's possible that there's a memory leak occurring during the Webpack bundling, or if potentially switching to something like generally faster than Webpack like Vite might help with memory usage?

I wasn't able to find any benchmarks comparing memory usage between Vite and Webpack, but it seems strange that the PWA would require significant memory to be able to build. In the meantime, I'm upgrading my VM to try and get an idea of how much memory is needed, and might resort to bundling locally and then uploading to a lower tier VM.

Update: a VM with 2GB was able to build successfully after 114804ms. That's better than I was expecting to be honest, but I'd still be curious if the required memory could be brought down a bit.

> @padloc/[email protected] build
> webpack


<--- Last few GCs --->

[9360:0x666b830]    69185 ms: Scavenge 477.4 (496.7) -> 476.3 (496.7) MB, 15.7 / 0.0 ms  (average mu = 0.695, current mu = 0.806) allocation failure 
[9360:0x666b830]    69204 ms: Scavenge 477.8 (496.7) -> 477.0 (496.7) MB, 4.5 / 0.0 ms  (average mu = 0.695, current mu = 0.806) allocation failure 
[9360:0x666b830]    69214 ms: Scavenge 478.3 (496.7) -> 476.6 (500.7) MB, 3.3 / 0.0 ms  (average mu = 0.695, current mu = 0.806) allocation failure 


<--- JS stacktrace --->

FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory
 1: 0xb06730 node::Abort() [webpack]
 2: 0xa1b6d0  [webpack]
 3: 0xce1e60 v8::Utils::ReportOOMFailure(v8::internal::Isolate*, char const*, bool) [webpack]
 4: 0xce2207 v8::internal::V8::FatalProcessOutOfMemory(v8::internal::Isolate*, char const*, bool) [webpack]
 5: 0xe99875  [webpack]
 6: 0xea953d v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags) [webpack]
 7: 0xeac23e v8::internal::Heap::AllocateRawWithRetryOrFailSlowPath(int, v8::internal::AllocationType, v8::internal::AllocationOrigin, v8::internal::AllocationAlignment) [webpack]
 8: 0xe6d77a v8::internal::Factory::NewFillerObject(int, bool, v8::internal::AllocationType, v8::internal::AllocationOrigin) [webpack]
 9: 0x11e64e6 v8::internal::Runtime_AllocateInYoungGeneration(int, unsigned long*, v8::internal::Isolate*) [webpack]
10: 0x15da159  [webpack]
Aborted

With some direction, happy to investigate more; I don't have a good idea what next debugging steps might be. I might be able to submit a PR for migrating the PWA to Vite, but can't guarantee I'll have the time. Thanks!

This PR adds github workflows which will trigger uffizzi preview environments for PRs to this repo. A PoC has been created at this PR. Once this PR is merged, you should be able to see comments like these on PRs to this repo. These comments are created after a preview env has been deployed for the PR.

fixes https://github.com/padloc/padloc/issues/613

Currently even after installing the padloc chrome extension, it doesn't show any option to use it as a password manager. This is something that's available on 1Password and turns out to be a great productivity boost.

I would like to make life easier for existing and new Padloc contributors including maintainers by implementing Uffizzi previews. Disclaimer: I work on Uffizzi Uffizzi is a Open Source full stack previews engine and is free for Padloc. This will provide newcomers with previews of their PRs in the cloud, allowing them iterate faster, without having to first set up a complete development environment themselves.

TODO:

• [ ] Intial POC

Barely any documentation has been updated to V4, there are no usable docker files, the docker-compose.yml is over a year old, and there aren't any particularly clear instructions on how to get up and running. As previously stated, the instructions that we do have at the moment are very outdated and I've had quite a bit of trouble trying to get myself a self-hosted instance.