I use KeepassDX on family mobiles with Syncthing for copies between laptop and phones. What would i gain moving to Vaultwarden, knowing that i would never open my network to the outside world? It would be easier to manage for sure, as im having to setup phones and laotops myself in the family and worry that they do silly things like turn off syncthing. But what about offline access to passwords? Does Bitwarden mobile client keep a local copy of database until it can sync?
tl;dr: yes, credentials are cached locally. https://github.com/dani-garcia/vaultwarden/discussions/4676
The major downside to the single file storage used by Keepass is that it’s easy to accidentally create a conflict between files on different devices if they’re not synced immediately. Conflicting files have to be merged manually or data might be lost. I’ve run into this several times with Keepass + Nextcloud. In comparison, a central master database with local cache can resolve conflicts between individual records.
Technically KeePass can “merge” and has some sort of conflict resolution, but you’re right that forgotten and unaddressed conflicts can lay around for unlimited time without you noticing. It’s the main problem with keepass + syncthing.
On the other hand, Vaultwarden can only be updated online. While I do use it, I consider it a major downside, along with the inability to sync attachments.
That is another problem i face when i have the app open on desktop and phone at the same time. Its a nightmare.
I use keepassxc and syncthing and have never had this problem.
I think there’s something in the settings to save after each change and reparse if there’s a remote change.
Doesn’t it only lead to problems if you change the same exact data on both copies to different values? It literally never happened to me, I never had a merge problem. It always just asks me to merge, I say yes, and that’s it.
Oh wait I use KeepassXC not DX, dunno what the difference is
KeepassXC is password manager for desktop computers and KeepassDX is application for Android phones.
Ah, for Android I use Keepass2Android which also seems to handle external changes perfectly.
The problem is that syncing between devices is not implemented in KeePass itself but through an external tool (Nextcloud, Syncthing, or whatever else). The sync client will only see the ciphertext and won’t be able to tell which records have been changed, only that two different binary files have a common ancestor and are in conflict.
The most obvious solution is to lock and close the database when it’s not in use (which is a good practice from a security perspective too), and to sync immediately when it is changed.
Idk what to tell you, but to me the merging is definitely implemented inside keepass itself, Keepass asks me if I want to merge the external changes and does so well.
Keepass2Android can use an sftp server. If something was changed on the desktop, Keepass2Android will ask if it should merge the changes.