this post was submitted on 22 Feb 2024
48 points (90.0% liked)

Selfhosted

40200 readers
772 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I currently use keePass, and use it on both my PC and my phone. I like it because I can keep a copy of my DB on my phone and export it through a few different means. But I can't seem to find an option to actually sync my local DB against a remote one. I've thought about switching to BitWarden but from what I can see it uses a single DB with multiple connections. Is there a password manager that allows ultiple databases (one PC one Phone) with easy syncing between them - specifically from my phone? Or a way to setup keePass to allow syncing with a machine on my home network?

all 36 comments
sorted by: hot top controversial new old
[–] [email protected] 33 points 8 months ago (1 children)

Why not self host vaultwarden? I was using keepas for all of the reasons OP mentioned, but my woes went away when I migrated over.

Clean export from keepas and import into vauktwarden. Plus with passkeys being deployed, is there a reason against it?

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)

Why not self host vaultwarden?

How does that work when your vaultwarden instance goes down for some reason? Lose access to passwords? Or does the browser extension still have access to a cached copy of the db?

[–] [email protected] 3 points 8 months ago

Exactly... If you lose internet connection is just stays local until you reconnect.

Phone, browser, desktop...

[–] [email protected] 28 points 8 months ago (1 children)

I'm syncing my KeePassXC db with Syncthing to about 6 devices, have been doing so for years. And a second db which we share at work.

[–] [email protected] 4 points 8 months ago (1 children)

I also use keepassxc with syncthing. It works great and syncthing allows me to sync any other files I want. Mines set to automatically sync my photos and documents as well as keepass.

[–] [email protected] 1 points 8 months ago

I have too many photos to sync, but I have two different Document my own and family documents, so that I can share the family documents with my spouse.

[–] [email protected] 25 points 8 months ago* (last edited 8 months ago) (2 children)

Bitwarden is (primarily) a single db synced between devices via a server. A copy is kept locally on each device you sign into.

~~Changes made to an offline copy will sync to the server and your other devices once back online. (with the most recent change to each individual item being kept if there are multiple changes across several devices)~~ /edit: the local copy is for access to your passwords offline. Edits must be made with a connection to the server your account resides on, be that bitwardens or your own.

If you host your own sync server via vaultwarden, you can easily maintain multiple databases (called vaults) either with multiple accounts, or with a single account and the organizations feature. (options for creating vaults separate from your main one and sharing those vaults with multiple accounts) You can do this with regular bitwarden as well, but have to pay for the privilege.

Using vaultwarden also gives you all the paid features of bitwarden for free (as it's self-hosted instead of using public servers)

I've been incredibly happy with it after setting it up ~3 months ago. Worth looking into.

[–] [email protected] 6 points 8 months ago (1 children)

Vaultwarden really is great. The offline edits are my only grime with it. Also I dislike how happily the browser extension discards your inputs when you click outside.

[–] [email protected] 2 points 8 months ago* (last edited 8 months ago)

True, the browser extension can be rather annoying. I tend to do any edits through either the android app, or the web page.

[–] [email protected] 4 points 8 months ago* (last edited 8 months ago) (1 children)

Copying seems broken, but it looks like offline edits aren't possible, at least from mobile (https://bitwarden.com/help/using-bitwarden-offline/)

Edit: and now it's a 404

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)

Interesting, that I was not aware of. I've never run into a scenario where I've had to add/edit while offline.

When using vaultwarden however, you can be offline as long as the client can still reach the server (ie they are within the same lan network or are the same machine). You'd still be fine to add/edit while your home wan is out for example, just not on the go.

Plus there's the no-internet package mentioned in that link, but it's limited to the desktop application.

[–] [email protected] 1 points 8 months ago

I ran into it occasionally. It was annoying, but easy enough to turn on wireguard then try again.

[–] [email protected] 23 points 8 months ago (3 children)

You could just use syncthing to sync between devices. Works like a charm.

[–] [email protected] 7 points 8 months ago

Works great. Just remember syncing is not the same as a backup. Make sure you do backups!

[–] [email protected] 4 points 8 months ago

This is the way to go, IMHO.

Syncthing was weird at first, but it's super simple, it shouldn't take too long to get used to it.

[–] [email protected] 3 points 8 months ago

I'll look into this, thanks!

[–] [email protected] 12 points 8 months ago* (last edited 8 months ago)

Bitwarden does use a local database and syncs. When you authenticate it unlocks the local database and does regular syncing behind the scenes.

I do recommend self-hosting vaultwarden for the primary server though.

[–] [email protected] 6 points 8 months ago

Another happy Vaultwarden user here

[–] [email protected] 6 points 8 months ago

Keepass has a synchronization mechanism, maybe you can get it to work between your phone and your PC?

If the files to be synchronized are accessible via a protocol that KeePass supports by default (e.g. files on a local hard disk or a network share, FTP, HTTP, HTTPS, WebDAV, ..., see the page 'Loading/Saving From/To URL' for details), then no plugins/extensions are required.

If one of the files to be synchronized should be accessed via SCP, SFTP or FTPS, you need the IOProtocolExt plugin, which adds support for these protocols to KeePass.

If one of the files to be synchronized is stored in a cloud storage: for most cloud storages, there is an integration with the local file system available (i.e. you can access your stored files using Windows Explorer). For example, Dropbox, Microsoft OneDrive and Google Drive provide such an integration. If such an integration is available, it is recommended that you access your database file this way; this often works better than accessing it via a protocol like FTP or WebDAV. If no such integration is available and your cloud storage also is not accessible via a standard protocol, a specialized KeePass plugin for this cloud storage might be available.

[–] [email protected] 6 points 8 months ago (1 children)

Keepass2Android implements syncing in a way that actually works. I sync through my nextcloud instance. On my laptop it's just KeepassXC and the nextcloud desktop app, on my mobile (android) devices Keepass2Android. On iOS I think there was Strongbox but I haven't used it in a long time. I tried using KeepassDX with the nextcloud android app for syncing for a while, but it lead to regular silent sync conflicts including password losses.

[–] [email protected] 1 points 8 months ago (2 children)

The sync conflict / corruption is what worries me. Currently I just export a copy as a backup but it's all done manually and not on a schedule.

[–] [email protected] 2 points 8 months ago* (last edited 8 months ago)

This is the setup I have (Nextcloud, Keepass Desktop, Keepass2android+webdav) and k2a handles file discrepancies very well. I always pick "merge" when it is informing me of a conflict on save. Have been using it like that for years without a problem.

Edit: added benefit, I have the Keepass extension installed in my Nextcloud, so as long as I can gain access to it, I have access to my passwords, no devices needed.

[–] [email protected] 1 points 8 months ago

Keepass2Android handles that pretty well. It checks for external changes to the remote database before every local edit. And the desktop nextcloud app notices conflicts as well and can create a second version of the file if there are conflicts. You can then check for the differences with something like keepass-diff. But that should only happen if you change your db without syncing first, so while you are offline or the nextcloud app wasn't running.

[–] [email protected] 5 points 8 months ago (1 children)

I just use Keepass2Android. You can use any solution you'd like that is able to sync normal files and sync your database between your devices

[–] [email protected] 3 points 8 months ago (1 children)

Was about to post this, this works well for me.

In my case I'm storing the DB on my Google Drive for now, but Keepass2Android supports many different systems, including "generic" things like WebDAV, so really anything should work.

While Keepass2Android is integrated with the syncing and will always check for conflicts (i.e. check for latest version before saving), the same isn't necessarily true for the desktop client. But since I rarely edit from both devices at the same time, anything that syncs to the Desktop in a somewhat realtime fashion should work just fine.

And for the few (long ago) cases where updates were overwritten, the "previous version" feature of Google Drive was god-sent! (And KeepassX can simply merge the old overwritten version into the current one and you'll get the correct merge).

[–] [email protected] 2 points 8 months ago

I use the default desktop KeePass client (no Xs or whatever) and it always synced correctly and picked up abd merged changes.

[–] [email protected] 3 points 8 months ago* (last edited 8 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
Git Popular version control system, primarily for code
HTTP Hypertext Transfer Protocol, the Web
HTTPS HTTP over SSL
SSL Secure Sockets Layer, for transparent encryption

3 acronyms in this thread; the most compressed thread commented on today has 16 acronyms.

[Thread #536 for this sub, first seen 22nd Feb 2024, 23:25] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 3 points 8 months ago

Bitwarden, keepass, pass

[–] [email protected] 3 points 8 months ago* (last edited 8 months ago)

If you're up for pgp and git, gnu password store is a killer app. There are a few guis, including Android and iOS, and if you use gopass there's a nice plugin for browsers as well. And it's ultimately just two tools that are both solid and generally well known.

[–] [email protected] 2 points 8 months ago

Just add in syncthing in your stack and you will get keepass with the benefit of syncing directly between devices in a p2p matter.

I have been using this combo for almost 2 years now and it's better if you ask me than using vaultwarden.

[–] [email protected] 2 points 8 months ago

I sync Enpass between iPhone and Linux with Mobius Sync (Syncthing for iPhone)

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (2 children)

That would be a single DB, no?

If you sync between 2 things, one of those things has to act as the server component, which holds the database, with other things syncing to that database. Otherwise who connects to who?

If you want separate databases, that implies multiple instances, which is something different.

[–] [email protected] 2 points 8 months ago

peer to peer is an option too

[–] [email protected] 1 points 8 months ago

KeePass will sync multiple databases by keeping the most recent change in any differences between them. It's very convenient when you're making changes to the list on separate devices, but having two copies of the database helps have a redundancy in case of a device failure.

[–] [email protected] 1 points 8 months ago

I don't quite understand, is this just the backup file or the file being used? I'd be worried about conflicts if some transfer doesn't work perfectly, since then it might all break