I currently use keePass, and use it on both my PC and my phone. I like it because I can keep a copy of my DB on my phone and export it through a few different means. But I can’t seem to find an option to actually sync my local DB against a remote one. I’ve thought about switching to BitWarden but from what I can see it uses a single DB with multiple connections. Is there a password manager that allows ultiple databases (one PC one Phone) with easy syncing between them - specifically from my phone? Or a way to setup keePass to allow syncing with a machine on my home network?
Why not self host vaultwarden? I was using keepas for all of the reasons OP mentioned, but my woes went away when I migrated over.
Clean export from keepas and import into vauktwarden. Plus with passkeys being deployed, is there a reason against it?
Why not self host vaultwarden?
How does that work when your vaultwarden instance goes down for some reason? Lose access to passwords? Or does the browser extension still have access to a cached copy of the db?
Exactly… If you lose internet connection is just stays local until you reconnect.
Phone, browser, desktop…
I’m syncing my KeePassXC db with Syncthing to about 6 devices, have been doing so for years. And a second db which we share at work.
I also use keepassxc with syncthing. It works great and syncthing allows me to sync any other files I want. Mines set to automatically sync my photos and documents as well as keepass.
I have too many photos to sync, but I have two different Document my own and family documents, so that I can share the family documents with my spouse.
Bitwarden is (primarily) a single db synced between devices via a server. A copy is kept locally on each device you sign into.
Changes made to an offline copy will sync to the server and your other devices once back online. (with the most recent change to each individual item being kept if there are multiple changes across several devices)/edit: the local copy is for access to your passwords offline. Edits must be made with a connection to the server your account resides on, be that bitwardens or your own.If you host your own sync server via vaultwarden, you can easily maintain multiple databases (called vaults) either with multiple accounts, or with a single account and the organizations feature. (options for creating vaults separate from your main one and sharing those vaults with multiple accounts) You can do this with regular bitwarden as well, but have to pay for the privilege.
Using vaultwarden also gives you all the paid features of bitwarden for free (as it’s self-hosted instead of using public servers)
I’ve been incredibly happy with it after setting it up ~3 months ago. Worth looking into.
Vaultwarden really is great. The offline edits are my only grime with it. Also I dislike how happily the browser extension discards your inputs when you click outside.
True, the browser extension can be rather annoying. I tend to do any edits through either the android app, or the web page.
Copying seems broken, but it looks like offline edits aren’t possible, at least from mobile (https://bitwarden.com/help/using-bitwarden-offline/)
Edit: and now it’s a 404
Interesting, that I was not aware of. I’ve never run into a scenario where I’ve had to add/edit while offline.
When using vaultwarden however, you can be offline as long as the client can still reach the server (ie they are within the same lan network or are the same machine). You’d still be fine to add/edit while your home wan is out for example, just not on the go.
Plus there’s the no-internet package mentioned in that link, but it’s limited to the desktop application.
I ran into it occasionally. It was annoying, but easy enough to turn on wireguard then try again.
You could just use syncthing to sync between devices. Works like a charm.
Works great. Just remember syncing is not the same as a backup. Make sure you do backups!
This is the way to go, IMHO.
Syncthing was weird at first, but it’s super simple, it shouldn’t take too long to get used to it.
I’ll look into this, thanks!
Bitwarden does use a local database and syncs. When you authenticate it unlocks the local database and does regular syncing behind the scenes.
I do recommend self-hosting vaultwarden for the primary server though.
Keepass2Android implements syncing in a way that actually works. I sync through my nextcloud instance. On my laptop it’s just KeepassXC and the nextcloud desktop app, on my mobile (android) devices Keepass2Android. On iOS I think there was Strongbox but I haven’t used it in a long time. I tried using KeepassDX with the nextcloud android app for syncing for a while, but it lead to regular silent sync conflicts including password losses.
The sync conflict / corruption is what worries me. Currently I just export a copy as a backup but it’s all done manually and not on a schedule.
This is the setup I have (Nextcloud, Keepass Desktop, Keepass2android+webdav) and k2a handles file discrepancies very well. I always pick “merge” when it is informing me of a conflict on save. Have been using it like that for years without a problem.
Edit: added benefit, I have the Keepass extension installed in my Nextcloud, so as long as I can gain access to it, I have access to my passwords, no devices needed.
Keepass2Android handles that pretty well. It checks for external changes to the remote database before every local edit. And the desktop nextcloud app notices conflicts as well and can create a second version of the file if there are conflicts. You can then check for the differences with something like keepass-diff. But that should only happen if you change your db without syncing first, so while you are offline or the nextcloud app wasn’t running.
Another happy Vaultwarden user here
Keepass has a synchronization mechanism, maybe you can get it to work between your phone and your PC?
If the files to be synchronized are accessible via a protocol that KeePass supports by default (e.g. files on a local hard disk or a network share, FTP, HTTP, HTTPS, WebDAV, …, see the page ‘Loading/Saving From/To URL’ for details), then no plugins/extensions are required.
If one of the files to be synchronized should be accessed via SCP, SFTP or FTPS, you need the IOProtocolExt plugin, which adds support for these protocols to KeePass.
If one of the files to be synchronized is stored in a cloud storage: for most cloud storages, there is an integration with the local file system available (i.e. you can access your stored files using Windows Explorer). For example, Dropbox, Microsoft OneDrive and Google Drive provide such an integration. If such an integration is available, it is recommended that you access your database file this way; this often works better than accessing it via a protocol like FTP or WebDAV. If no such integration is available and your cloud storage also is not accessible via a standard protocol, a specialized KeePass plugin for this cloud storage might be available.
I just use Keepass2Android. You can use any solution you’d like that is able to sync normal files and sync your database between your devices
Was about to post this, this works well for me.
In my case I’m storing the DB on my Google Drive for now, but Keepass2Android supports many different systems, including “generic” things like WebDAV, so really anything should work.
While Keepass2Android is integrated with the syncing and will always check for conflicts (i.e. check for latest version before saving), the same isn’t necessarily true for the desktop client. But since I rarely edit from both devices at the same time, anything that syncs to the Desktop in a somewhat realtime fashion should work just fine.
And for the few (long ago) cases where updates were overwritten, the “previous version” feature of Google Drive was god-sent! (And KeepassX can simply merge the old overwritten version into the current one and you’ll get the correct merge).
I use the default desktop KeePass client (no Xs or whatever) and it always synced correctly and picked up abd merged changes.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters Git Popular version control system, primarily for code HTTP Hypertext Transfer Protocol, the Web HTTPS HTTP over SSL SSL Secure Sockets Layer, for transparent encryption
3 acronyms in this thread; the most compressed thread commented on today has 16 acronyms.
[Thread #536 for this sub, first seen 22nd Feb 2024, 23:25] [FAQ] [Full list] [Contact] [Source code]
If you’re up for pgp and git, gnu password store is a killer app. There are a few guis, including Android and iOS, and if you use gopass there’s a nice plugin for browsers as well. And it’s ultimately just two tools that are both solid and generally well known.
Bitwarden, keepass, pass
I sync Enpass between iPhone and Linux with Mobius Sync (Syncthing for iPhone)
Just add in syncthing in your stack and you will get keepass with the benefit of syncing directly between devices in a p2p matter.
I have been using this combo for almost 2 years now and it’s better if you ask me than using vaultwarden.
That would be a single DB, no?
If you sync between 2 things, one of those things has to act as the server component, which holds the database, with other things syncing to that database. Otherwise who connects to who?
If you want separate databases, that implies multiple instances, which is something different.
peer to peer is an option too
KeePass will sync multiple databases by keeping the most recent change in any differences between them. It’s very convenient when you’re making changes to the list on separate devices, but having two copies of the database helps have a redundancy in case of a device failure.