A few weeks ago I wrote about KeePassX and while I'm very happy and it ticks nearly all the boxes the one feature that's missing and unfortunately would probably require a complete redesign is multi user support.

It would be great to be able to share passwords to some users but without sharing the whole KeePass file¹.

I have this idea in my mind of a password manager that stores each users private key AES encrypted in the same way that GPG does when you export your private key. Then each password and any attachments can be AES encrypted, and have the AES encryption key encrypted with each users public key. Again this is the same way GPG works when you send a 3MB file to 10 people you don't end up with a 30MB file, you have a 3MB file AES encrypted, then each recipient gets a copy of the AES key encrypted with their public key.

The idea is that you could have a database file (SQLite for example) and it wouldn't matter if someone had a copy of the whole file, they could only access things they could decrypt. From their you could have groups, so you could share these passwords with all staff in finance, and these ones with HR, and so on.

You could make this use a real database with a client server model, the database side could offer server side security² and not hand out the encrypted passwords to people who were not authorised but even if it got compromised and someone got the whole database it would still be secure³.

I guess what I'd effectively be inventing is a self hosted version of LastPass and that's really what I'd like, secure multi-user password storage that is not hosted off "In the Cloud".

EDIT To Add: After I wrote this but before I published it I came across Tim White's Team Password Safe. I haven't looked at it in too much detail but it looks like it will do more or less what I'd like.