One of the security advantages of KeePass being just a file is that you can sync it in the way that makes sense to you.
The need to have an opinion on how you’d like to sync a file does, as you suggest, eliminate some portion of the population who need a fully baked answer in one step.
I used to use Google Drive, but now I use Syncthing, further reducing my exposure. Paired with Synctrain and KeePassium on iOS.
One tip: enable the atomic save option in settings to reduce the risk of weird cloud sync issues.
The mobile app is quite good, it works and gets out of your way. I use it on Android.
For syncing, I do it manually with rsync. Given the database is 1 file it's easy to move around. You can rsync / scp it over, use a USB cable, use cloud storage, etc..
I use a password manager in a "read many, write infrequently" way so I don't mind occasionally syncing it as needed.
These threads are always filled with keepass people who will tell you how great it is and not mention that you’re on your fucking own for you know Miner things like syncing or mobile use.
I’m sure it works for many people to Dropbox their vault around anytime they want to access something and manually handle copies and sync. I’m not nearly so naive as to think that has any degree of success outside tech bubbled people.
I have yet to meet a KeePass user under the illusion that the syncing story is a good fit for everyone.
But we are prioritizing “can’t” over “won’t” in terms of provider access to our credentials. That’s why these hack-related threads tend to draw folks who will remind you that other tradeoffs exist.
For a technical audience like HN, “can work out how to sync a file” is a decent assumption to make.
Syncing isn't a KeePassXC problem. The database is just a file. That may or may not make your life easier.
There are a few decent Android and iOS apps that work well. I use Nextcloud and WebDAV for access.
Not a setup I can recommend to just anybody though.
One of the security advantages of KeePass being just a file is that you can sync it in the way that makes sense to you.
The need to have an opinion on how you’d like to sync a file does, as you suggest, eliminate some portion of the population who need a fully baked answer in one step.
I used to use Google Drive, but now I use Syncthing, further reducing my exposure. Paired with Synctrain and KeePassium on iOS.
One tip: enable the atomic save option in settings to reduce the risk of weird cloud sync issues.
And if you use an untrusted sync like Google Drive, you can enable a keyfile and never let that file lane on Google Drive.
What would happen if the file was edited concurrently? Would any data be lost?
1 reply →
The mobile app is quite good, it works and gets out of your way. I use it on Android.
For syncing, I do it manually with rsync. Given the database is 1 file it's easy to move around. You can rsync / scp it over, use a USB cable, use cloud storage, etc..
I use a password manager in a "read many, write infrequently" way so I don't mind occasionally syncing it as needed.
I use keepassxc. I don’t sync mobile. My mobile device has an only the minimum subset of passwords I need saved on it.
These threads are always filled with keepass people who will tell you how great it is and not mention that you’re on your fucking own for you know Miner things like syncing or mobile use.
I’m sure it works for many people to Dropbox their vault around anytime they want to access something and manually handle copies and sync. I’m not nearly so naive as to think that has any degree of success outside tech bubbled people.
I have yet to meet a KeePass user under the illusion that the syncing story is a good fit for everyone.
But we are prioritizing “can’t” over “won’t” in terms of provider access to our credentials. That’s why these hack-related threads tend to draw folks who will remind you that other tradeoffs exist.
For a technical audience like HN, “can work out how to sync a file” is a decent assumption to make.