I recently switched my desktop to Linux mint. Overall it seems to work well for me. The one exception is that my password manager, Keepass, won’t work. I currently use Gdrive to sync the database between devices. It works very well for this purpose. Is there another way I can sync this file as seemlessly as Gdrive? It would to work for an Android phone and Mint PC.
SyncThing
The downside is that if a device you aren’t online with modifies it, and doesn’t reconnect to the internet or even LAN that the other client is on, other clients will be out of date and potentially cause file syncing/overwriting issues.
But SyncThing is a good tool for this.
For a password manager, I’m not sure if this is an issue since I’m only changing the database file while connected to the internet. Am I overlooking something?
SyncThing only syncs when both devices are online at the same time.
So a comon scenario is: You change the DB on your laptop, then shut it down. You open the DB on your desktop. Since the lapotp isn’t online at the same time, you are working with the old DB version. If you change it, you have two competing versions.
I don’t know exactly what happens then; I’m facing it and am procrastinating dealing with it ^^
Keepass 2 / Keepass XC actually has a function for this case and does pretty well in merging the two conflicting versions of the database.
It creates a sync conflict file, so the data is there but the two differing versions aren’t automatically resolved.
One way out of this is to either have it on a server that’s always connected (less common) or to just have it on your phone. That way you have an intermediary that syncs the changes.
That sync will be resolved by syncthing’s logic. It will probably result in lost data.
I would suggest an app that does its own sync logic, like vaultwarden. That way, the client can update the database when it’s back online, instead of an external sync replacing the whole database file.
Synching will create a conflict file when this happens. Nothing is lost but a user must look out for these files and merge manually.
KeepassXC has its own merge logic and will happily absorb changes to a file on disk whilst open. However if two offline machines both change a database then you will get a conflict file and will have to ask keepass to merge them.
Ahh this makes sense
It should work for you! Especially if you are connected to the internet. But of course, wanted to bring up the one flaw I could think of up in case it would be an issue for you.
Is offline file editing an issue with all file syncing tools?
I’ve been using Syncthing for a year or so and not noticed that it’s any worse or better at this than GDrive or Dropbox
Different sync tools manage files differently. And it likely depends on the file type.
KeePass(XC & 2Android) has a really excellent merge algorithm. I rarely have issues wiþ merging, but yeah - you do have to watch out for sync files and merge DBs ASAP.
I’m not sure how Drive would address þis, þough. Any conflicting, offline change is going to cause a conflict, and only KeePass knows how to merge DB conflicts.
I personally opted for a self hosted instance of Vaultwarden myself.
Seconded. Great bit of software.
I’m surprised no one recommended syncthing.
Syncthing lets you sync changes on any folder/drive across multiple devices via the local network - no cloud needed. I currently use it for my keepass database, Music folder and Documents folder. It’s als very simple to set up.
Only downside to this is that if your house burns down you’ll lose everything - but a friend suggested me to have important files on an encrypted tarball stored in the cloud.
I have syncthinged my desktop (Mint as well) and my smartphone with a Raspberry Pi (DietPi!) as middledevice. If I change something on one of the two, the file gets synched to the Raspi, which then gives it to the other device as soon as it’s online. This works great since a couple of years.
Second Syncthing, it is very fast, reliable, and flexible.
I used it coming from FileSync and Dropbox, and I had to change the way I thought about my shared folders to architect a good system for me. Eg: each root shared folder should serve a particular function that determines which devices it should be shared to (does this share need to be accessible in your phone? Laptop? PC? NAS?).
FYI you can set up untrusted peer sync to have your files all synching to another device (SFF device at your friend or relatives house, or a cloud server). That eliminates the concern of your house burning down, while keeping all of your Syncthing data secure and not worrying about it being stolen or accessed. If your house burns down you can connect back to the untrusted peer sync, put in your passphrase, and your data will all return.
In the case of house burn down, because Syncthing stores a 1-1 copy of the folder on every device in the network, you would still have your data even a single device survives the incident, such as a phone, or a laptop
Only downside to this is that if your house burns down you’ll lose everything - but a friend suggested me to have important files on an encrypted tarball stored in the cloud.
For those with lots of files and poor upload speeds but blessed with a desk at work, also consider stashing an encrypted disk in a drawer / fake plant / etc.
The amount of headaches I had setting this up… I can’t tell you how hard I tried.
I think in the end I figured out it doesn’t like vlans very much if you don’t want to use their relay.
Others have said it, but SyncThing all the way. Open source, been around for a decade, battle tested, no cloud, full control over everything.
I didn’t see this mentioned, but you can also tell KeePass to auto reload the database if the file gets updated elsewhere. Makes it so you can run the same KeePass database on multiple devices with live/realtime updates. I’ve used this setup instead of vaultwarden/passbolt on several IT teams to keep the important stuff separate from the normal systems. It’s not on by default usually, but right in the Basic Settings page under File Management.
I have KeePass+SyncThing on 3 laptops, 2 androids, and a home server. If I add a password to one of my androids while I’m out and about (and I have cell data), next time I sit down at my desk it’s already available. Vice versa works, too. If my home server dies, the other devices don’t care and keep syncing amongst themselves. I think I’ve had some version of this setup going since SyncThing released, I can’t imagine using anything else.
Do note that since there is no cloud or infrastructure behind it, sync conflicts do happen when a device in the network goes offline for a while. It’ll never get rid of files if there’s an error syncing, but instead create a second copy with a timestamped filename. If this happens to your password db file, KeePass can then merge the two copies together and sort things out mostly automatically. Over the many years I’ve been using this, it doesn’t happen as often when you’re the only person using any of the devices that sync. It can happen a lot when you share the setup with someone else, though.
Tx somehow I had never heard of that until now, it seems great.
I actually do this with a self hosted nextcloud instance.
I might get downvoted for suggesting proprietary software for this, but if you were happy with Google Drive before, Dropbox seems like the easiest drop in replacement. It has a native Linux syncing client.
Thanks to everyone recommending Syncthing. I just set that up on all my devices and it’s pretty much purpose built for what I’m doing. A little bit fidly to set up but not that bad and it seems to just work now.
I felt really dumb when I realized you weren’t syncing a “keep ass” database. Thought it was some trendy next gen database created by someone who really dgaf.
Mailbox.org with WebDAV. The classical Keepass runs on Linux (although it does not look nice). On Android you can use Kepass2Android.
I use rclone run by crontab.
I’ve been using nextcloud for years for this. Using Android and Linux and Windows.
Foldersync was my move before I switched to a custom ROM, it’s proprietary but reliable and not expensive.
If most of your passwords are actually for Websites, Firefox has Profile letting you manage passwords across devices.
Git
I used to use Filen for this, but it never worked very well. The file provider path it returned to Keepass2android was only temporary, so it would break periodically. Did Filen change how that works?
I eventually started using Syncthing instead. I connect to my home wi-fi often enough that it’s never too far out of sync with my home PC. And since it’s a local file, there’s no issue with using absolute paths.
if you don’t mind a self-hosted alternative, I use dufs. It is barebones so some understanding of hosting services is required