# Sharing secrets (Shares)

This section will explain how to share a particular entry (secret or folder) with other users. There are multiple ways to share an entry (secret or folder), depending if the other user has an account or not

# With another Psono user

This method describes how to share entries with other users that have a Psono account.

  1. Initiate the sharing

    If the other user has a Psono account too, then you can share an entry either "right click"-ing the entry or by clicking on the three gears button of the entry. Click on Share

    Initiate sharing

  2. Add new user

    Click on the plus symbol to add a new user.

    add new user

  3. Search user

    Use the username or email field to search the user that you want to share the entry with

    search user

    TIP

    Your form may look different depending on the configuration of the server.

  4. Select the appropriate permissions

    Check the appropriate permissions and compare the Public Key with the Public Key that the user did tell you.

    sharing permissions

    • Read: Allows a user to read the content of a share
    • Write: Allows a user to modify the content of a share
    • Grant: Allows the user to modify the access permissions (including his own) and share it with other users / groups.

    WARNING

    Make sure that you ask the user on a secure channel whether this is his real Public Key to make sure that you share the entry with the right person.

  5. Finally create the share

    Finish the process by clicking Create at the bottom.

    You will notice that the icon of the entry has changed and this little green mark appeared. This indicates that the entry does not live anymore directly in your datastore and instead in a so called "share object" that may be shared with others and has own share permissions.

    finish sharing user

    TIP

    We recommend to share folders instead of secrets, as they allow other people to receive new secrets and subfolders without having to accept them one by one. In addition it makes audits easier. Further we recommend to share entries based on groups instead of single users. E.g. so all people in the marketing department have access to a particular entry and not just user XY.

# With a group

This method describes how to share entries with a group of users.

  1. Initiate the sharing

    You can share an entry either "right click"-ing the entry or by clicking on the three gears button of the entry. Click on Share

    Initiate sharing

  2. Select Groups tab

    Click on the Groups tab

    add new user

  3. Add new group

    Click on the plus symbol to add a new group.

    add new group

  4. Select the appropriate permissions and group

    Check the appropriate permissions and the group.

    sharing group permissions

    • Read: Allows a user to read the content of a share
    • Write: Allows a user to modify the content of a share
    • Grant: Allows the user to modify the access permissions (including his own) and share it with other users / groups.

    TIP

    If you don't have a group yet, you can use the little plus icon to create a new group.

    If you don't see a group here that you for sure are a member of, then you most probably don't have share admin privileges for the group.

    Only groups that you are a member of will appear here. If you want to share it with a group that you are not a member of, you will have to share it with an individual user who is a member of the group, who then can share it with the group.

  5. Finally create the share

    Finish the process by clicking Create at the bottom.

    You will notice that the icon of the entry has changed and this little green mark appeared. This indicates that the entry does not live anymore directly in your datastore and instead in a so called "share object" that may be shared with others and has own share permissions.

    finish sharing user

    TIP

    We recommend to share folders instead of secrets, as they allow other people to receive new secrets and subfolders without having to accept them one by one. In addition it makes audits easier. Further we recommend to share entries based on groups instead of single users. E.g. so all people in the marketing department have access to a particular entry and not just user XY.

This method describes how to share entries with external parties, that don't have a Psono account yet can (network, firewall wise) reach the Psono server. It tries to solve the problem of sharing secrets securely without them ending up in emails or chats.

  1. Initiate a link share

    You start the process by a right click on the entry or by clicking on the three gears button next to the entry and then clicking on Link Share

    initiate link share

  2. Specify link share details

    You can now specify a public title shown to the user, the amount how often the link can be used, a time until the link expires or a passphrase that needs to be typed in in addition to access the link share.

    link share settings

    Once you are happy with the settings, confirm the dialog with OK.

  3. Copy link

    You will see now a link that you can copy and share with others.

    link share url

    You can distribute the link by mail or chat and will be sure that the link expires or can only be used maybe once, so everyone who might gain access to your emails or chat logs later will not have access to the secret.