dotMage 2.0 — teams, same product, same license
dotMage started as a solo tool — one person, many machines. Then the obvious happened: people brought it to work and shared one master password between colleagues. That works until someone leaves. 2.0 makes the team a first-class citizen: each member has their own password wrapping the shared vault key, the server enforces roles, and offboarding is one command instead of a prayer. Solo users: your workflow is byte-for-byte unchanged — and everything stays AGPL, there is no "enterprise edition".
Highlights
Your own password, a shared vault
# owner
$ dmage user invite kolya --role editor
dmage_uinv_eyJp... # one-time token, send privately
# kolya, on his machine
$ dmage auth --invite dmage_uinv_eyJp...
✓ Joined as 'kolya' (editor). Key cached.
your password is yours alone — nobody else on the team knows it
The invitation carries the vault key sealed with a key that lives only inside the token — the server stores a blob it cannot open. One-time use, 24-hour TTL.
Roles the server actually enforces
owner manages people, rotates keys, deletes; editor pushes and pulls; viewer reads.
The audit log now names people, not just devices. Honest limit, documented in the threat
model: roles are authorization, not cryptography — every member holds the vault key.
Offboarding that actually works
$ dmage user rm kolya
✓ removed 'kolya' (1 device(s) revoked)
Rotate the Account Key now (recommended)? [Y/n]
Wraps deleted, devices revoked, and the chained key rotation (from 1.4) makes their cached key useless for anything pushed afterwards. The docs spell out the two things software can't do for you: rotate the secret values they saw, and destroy pre-rotation backups.
Migrating from a shared password
Been sharing one master password with a colleague? The docs now have a step-by-step runbook: invite them properly, rotate the key, change your password — the shared password dies completely.
Solo users
Nothing changes. The server defaults to DOTMAGE_MODE=solo where team endpoints don't
even exist, your output is identical, and your account silently became a "team of one"
during migration — ready if you ever need it.
Changelog
Added
- Team mode:
dmage user invite/list/role/rm,dmage auth --invite,dmage whoami; per-user wraps of the shared Account Key; sealed one-time invitation tokens. - Server roles (owner/editor/viewer) enforced on every write; last-owner protection.
- Audit log attributes actions to users; web admin shows the team roster.
DOTMAGE_MODE=solo|team(default solo — team endpoints hidden entirely).
Security
- Offboarding chain: wrap removal → device revocation → key rotation, one command.
Downloads
Binaries and SHA256SUMS: github.com/dotMage/dotmage/releases/tag/v2.0.0
dmage upgrade # self-update
brew upgrade dotmage # Homebrew