Jump to content

Passwordstate Scenario / Syncing two Databases


Recommended Posts


we are looking for a solution for the following case, we have one office in Germany and one Office in China. The two offices have 2 distinct Active Directories and most of the productive servers are standalone machines.
What we want is two Passwordstate installations that can synchronize between each other, so if one employee in China or in Germany updates or adds a password the change is synced to the other Server.  


The reason why we not just run one installation in Germany that our Chineese employees can connect to is that our VPN connection to our China office encounters regular Problems and Delays.   


These regular delays are also the reason why we  think the active/active High Availability Option wont work for us because the  SQL Server Listener (as shown here https://www.clickstudios.com.au/about/high-availability.aspx) will either be located in China or Germany so the listener will encounter connection problems at some time.
The active/passive High availability configuration looks like what we want but the problem ist that you can only edit Data on one instance.


The Solution should still work if for Example the Office in China looses Connection to our Office in Germany, in such a case its fine when the Passwordsate in germany is not reachable from china but the local Installation in China still holds all the information until the connection is up again. Than when the VPN connection is back up the databases synchronise again.

Is it possible to find a solution for this case ? 


Edit: if we use a third party tool that is syncing SQL Databases, will passwordstate still function or will we encounter problems with for example the encryption or anything else ? 


Link to comment
Share on other sites

The Active/Active design is the best way to achieve this and is supported by the vendor.

You need to weigh up how often connection problems arise, my bet is not often enough to warrant not setting it up in a supported manner.


The other option, although I'm not sure how this would work with licensing (you may still need the HA module), would be to have two seperate instances, and use the REST API to export the passwords from one instance and update them in the other instance.
I doubt this would be a supported method, but its doable.
You're basically using the API to homebrew a compare then update script.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...