Self-hosted keypass fork recommendation
from altphoto@lemmy.today to selfhosted@lemmy.world on 30 Jun 20:53
https://lemmy.today/post/55733352

I’m using Vaultgarden. Things are okay after losing my SSD yesterday morning. My strategy worked… HDD for data, SSD for the OS. I promptly found an available drive, installed Linux mint and recovered.

But that was scary. I keep a backup on another computer. The only way to actually run it and see the passwords needed to do anything was thru my phone. I was lucky that somehow the database was available offline. But if I had run out of battery I would be extremely screwed.

So I’ve decided the Vaultgarden is encumbered by not really having a local reliable copy. Maybe I’m wrong, but as I understand, if your server goes down and you log out, you’re screwed… No more passwords until your server is up again. I find that to be extremely stupid unless I was protecting my severed testicles… No wait, that would be way worse.

So I’d there a server + local system? Like Joplin… You can write notes all day with no server at all. The server just Synchronizes it all. In the past I used syncthing and I will continue using it. One thought was to have an automated backup from Vaultgarden that was automatically synced to my various devices as a Keypass database.

#selfhosted

threaded - newest

curbstickle@anarchist.nexus on 30 Jun 21:09 next collapse

That would just be keepass, which is what I use.

Keepass has native support for ftp, http, https, and webdav, and with a plugin supports scp, sftp, and ftps through the native save/open from url. There are even plugins for proton drive, google drive, onedrive, s3, box, dropbox…. etc.

What else do you need/what do you need a fork for?

lka1988@lemmy.dbzer0.com on 30 Jun 21:24 collapse

Keepass has native support for ftp, http, https, and webdav, and with a plugin supports scp, sftp, and ftps through the native save/open from url. There are even plugins for proton drive, google drive, onedrive, s3, box, dropbox… etc.

Important distinction: The OG KeePass desktop program supports that. KeePass XC (popular fork for Linux users, which includes OP) does not, and the maintainers have loudly rejected any attempts to add it.

It’s the only reason I still run the OG KeePass on my work laptop; webdav is the only way I can access my password database within the restrictions of my employer’s policies. I would prefer to run XC.

MasterBlaster@lemmy.world on 01 Jul 00:40 next collapse

There is also KeePassDX, for android.

GreyEyedGhost@piefed.ca on 01 Jul 04:19 collapse

While you’re correct, you can merge databases with KeePassXC, which just means the method of syncing is separate. So you could have a shared folder using one of those methods you mentioned to sync and just merge it in regularly. Certainly not as simple, but does solve the problem.

lka1988@lemmy.dbzer0.com on 01 Jul 07:13 collapse

Ah yes, I forgot about the merge ability. Pretty sweet protocol, honestly.

frongt@lemmy.zip on 30 Jun 21:16 next collapse

Vaultwarden?

You can write notes all day with no server at all. The server just Synchronizes it all.

Yes, that’s exactly how it works right now. Clients will keep a local copy of the database, so even if the server goes away for a while, you can still use it.

But you had the backup, you restored it, everything worked properly. I’m not sure what the issue is here.

zikzak025@lemmy.world on 30 Jun 21:25 next collapse

Just don’t count on the current Bitwarden client being compatible with Vaultwarden forever. Bitwarden’s new CEO is pushing to make more profit wherever possible, and recently rescinded the statement from the company’s website that the client would be free forever.

They’ll never be able to walk back the open source nature of the product, but they can choose to make their client incompatible with Vaultwarden and push for the centrally hosted option as the only option.

Not sure if anyone’s forked the Bitwarden client yet, but that’s how I’d start using Vaultwarden if the option exists.

Or, you know, skip the headache and just start using Keepass.

altphoto@lemmy.today on 30 Jun 21:53 next collapse

I have the same feelings about it. For now, the system does function very well.

45o3b@lemmy.ml on 01 Jul 13:28 collapse

It looks like there are 1900 forks on GitHub.

altphoto@lemmy.today on 30 Jun 21:52 collapse

I just feel uneasy about not knowing exactly where the database is and how to keep it safe. I thought that database just went poof if you logged out.

frongt@lemmy.zip on 30 Jun 22:58 collapse

It’s on your server, and whenever you keep your backup. I don’t know if it keeps a local copy on your phone when you log out or not. Generally I just don’t log out.

lka1988@lemmy.dbzer0.com on 30 Jun 21:18 next collapse

So I’d there a server + local system? Like Joplin… You can write notes all day with no server at all. The server just Synchronizes it all. In the past I used syncthing and I will continue using it. One thought was to have an automated backup from Vaultgarden that was automatically synced to my various devices as a Keypass database.

This is exactly how I use KeePass, and is fully supported as well. Set it up, import the VW database (might need some fuckery to do so, I’ve not played with VW), place the KeePass database in a location that makes sense to you on your device, then sync that folder via Syncthing to your other devices.

You’re using Linux, obviously, and the OG KeePass program was never written for Linux, so you’ll want a fork called KeePass XC. Unfortunately, the XC team doesn’t support plugins, but that should be a non-issue if you’re using Syncthing. Just point XC at the folder that’s being synced and you’re golden.

What other platforms are you using? Android? iOS? Windows? There are many forks of KeePass available for every platform. they are all cross-compatible and can utilize the same database.

I was lucky that somehow the database was available offline.

That’s how BW/VW is supposed to work. It retains a local database that syncs with the main server.

mbirth@lemmy.ml on 30 Jun 21:52 next collapse

That’s what I settled for as well. Keeping my *.kdbx file in iCloud, doing nightly backups to my NAS, and using Strongbox as a client (there’s also KeePassium with similar features) - which beautifully integrates into Apple’s AutoFill API, so it feels native - i.e. as if you’re using Apple’s Passwords app. And I can access all passwords from Windows using KeePassXC as well.

curbstickle_lw@lemmy.world on 01 Jul 16:03 collapse

OG KeePass program was never written for Linux

It’ll run with mono, package is named keepass2 on deb, keepass on arch and fedora, among others.

keepass.info/download.html

Contributed/unofficial keepass section at the bottom, the top contributed section is a list of ports

MasterBlaster@lemmy.world on 01 Jul 00:38 next collapse

Well, the approach I use is “synology Drive” and I replicate it down to all clients. Also, NAS 6 with regular offline backups on the server.

Lacking an equivalent, there are multiple peer to peer replication tools. I used one to replicate Balder’s Gate III saves between gaming laptops.

If you decide to build something, plz try to make it a pluggable feature to existing clients rather than fork one or more implementations.

mhzawadi@lemmy.horwood.cloud on 01 Jul 05:41 next collapse

You all need to get on vaultwarden, the small self host bitwarden. I move to that after my keypass db got out of sync on my nextcloud for the second time that day, I’ve not looked back.

vapeloki@lemmy.world on 01 Jul 10:42 next collapse

Pass. Uses pgp for encrypting your password and git for storing them.

Has mobile apps, browser plugins, desktop frontend and a bunch of cool plugins like rotation helpers

captcha_incorrect@lemmy.world on 01 Jul 12:29 next collapse

I use KeePassXC + Strongbox (iOS) and sync it with Syncthing. I have a server always running so if I save a change on my computer, it will always be synced to the server. I use an iPhone 13 so I have to use möbius sync and it is not perfect, I have to manually open the app to make sure it syncs (something iOS background usage something). I also have an old Android phone that also syncs my kbdx file. You could have a RPI Zero (or any other kind computer) as a cheep backup solution just for Syncthing.

ExLisper@lemmy.curiana.net on 01 Jul 13:17 collapse

I tried some keypass tools and immediately went back to Vaultwarden. Bitwarden clients work offline until you have to sync, no risks here, but the user experience is way way better. It’s easier to add new accounts, search for them, store additional data like addresses or credit cards and fill them out automatically. I can imagine using keePass for some password I have to access once a week but not for everyday use in my browser and on mobile.