Vault Sync Sharing

Use case or problem

Now that Sync is basically working for multiple devices (mobile + workstation), we should extend it to add support for inviting other people to share Vault syncs.

This is a big need for us, as we individually use Obsidian for personal Vaults, but we have common knowledge we wish to share amongst our team.

Proposed solution

Syncs are already passphrase-encrypted. It’s not ideal, but given the current setup, sharing that passphrase is an acceptable solution. Both of these require (and I presume the existence of) unique IDs for syncs and users.

Given my lack of knowledge on how the Sync service is implemented, I can only speculate on solutions, but I see two obvious approaches:

Pure client-side sharing

The Server doesn’t care about sync access: so long as the client has the Sync ID, it can access the Sync.

The upshot is simplicity. The downshot is security:

  • single layer of access security; just two pieces of knowledge (no second factor)
  • in case of a breach, there is no way to re-secure the Sync

Server-mediated sharing

  1. Users declare other Users from whom they will accept Sync offers
  2. Users declare other Users to whom they wish to share a given Vault (or set of Vaults)

This is, then, a double opt-in, server-moderated sharing system. Sync passphrases must still be shared out-of-band, but this adds a server-mediated revokability and finer-grained control, as well as something of a second factor. The down side is that it involves much more UI complexity and Server-side facility.

This double opt-in model is mostly the same as what Syncthing currently uses. In particular, I do not think we should facilitate unsolicited share offers: that is a SPAM-inviting anti-pattern.

Current workaround (optional)

Currently, we use Syncthing to manage this, but that is an additional tool which should not be necessary with the Sync feature. Obviously there are myriad other external solutions (Dropbox, Drive, etc), but nothing beats the simplicity of having in-app support for this.

6 Likes

In truth, there is nothing particularly necessary about the Server-side solution which actually mandates a Server-side mediation. All of that can be done on the client side… and indeed, that is exactly what Syncthing does. However, that presumes a kind of peer-to-peer communications channel which may not presently exist, which is why I present it as a server-side implementation. It is certainly better to implement it in a completely distributed fashion.

Mightn’t this run into the Sync limit on the number of remote vaults?

Hello,

It would be great to have a feature which allows for collaborative editing for a team. I don’t mean real-time editing as that would require a server or cloud but rather something which implements version control, possibly through Git. It would have to handle conflicts, merging or generate alerts to make it work however.

You can put the md files directly under version control in git no?

Or something that does ‘auto-pull’ would suffice…

People rarely work in the same markdown file, at the same time.

Thank you for proposing this @ulexus . This is a killer feature that would be huge for groups. Our organization is loving Obsidian but we keep running into situations where we need to share vaults between users. The current conflict resolution algorithm is good enough for our use case, so really all we need is a way to share the vaults.

+1,000 for this feature!

P.S. I also notice that “Vault sharing” is listed in the help vault, obsidian://open?vault=Obsidian%20Help&file=Licenses%20%26%20add-on%20services%2FObsidian%20Sync – so maybe we don’t have to wait too long?

This would also be great for my wife and I. We share a vault via Obsidian Sync but the workaround we use to do so prevents her from having her own Obsidian account and settings. And because we use Obsidian Mobile, a Git-based solution isn’t great.

This seems like the feature I am looking for as well, as I think of implementing Obsidian as a Knowledge Management System for the company I work at. I tested the use of a remote drive which works but it ain’t ideal, as no version control is available and if we were to use it even in our team of 15 people it would be chaotic.

Also, I would like to add that an option to share the Vault partially or have different classes of users would be great.
For example, we would like to be able to share only basic information with technicians, a little more with engineers, and have unlimited access by managers.

@jag3773
I do not see that :<

Why don’t you simply grab Syncthing’s code and implement it in your Sync? The additional benefits would be:

  • people with iOS/iPadOS devices will finally be able to sync their vaults directly
  • you can enable direct p2p synchronisation with & without a central server

(Sync option will remain paid, but whether that can be reconciled with Syncthing’s license remains to be seen)