I use KeepassDX on family mobiles with Syncthing for copies between laptop and phones. What would i gain moving to Vaultwarden, knowing that i would never open my network to the outside world? It would be easier to manage for sure, as im having to setup phones and laotops myself in the family and worry that they do silly things like turn off syncthing. But what about offline access to passwords? Does Bitwarden mobile client keep a local copy of database until it can sync?
deleted by creator
I do basically the same thing, haven’t found a better solution
tl;dr: yes, credentials are cached locally. https://github.com/dani-garcia/vaultwarden/discussions/4676
The major downside to the single file storage used by Keepass is that it’s easy to accidentally create a conflict between files on different devices if they’re not synced immediately. Conflicting files have to be merged manually or data might be lost. I’ve run into this several times with Keepass + Nextcloud. In comparison, a central master database with local cache can resolve conflicts between individual records.
Technically KeePass can “merge” and has some sort of conflict resolution, but you’re right that forgotten and unaddressed conflicts can lay around for unlimited time without you noticing. It’s the main problem with keepass + syncthing.
That is another problem i face when i have the app open on desktop and phone at the same time. Its a nightmare.
I use keepassxc and syncthing and have never had this problem.
I think there’s something in the settings to save after each change and reparse if there’s a remote change.
Keepass2Android can use an sftp server. If something was changed on the desktop, Keepass2Android will ask if it should merge the changes.
Doesn’t it only lead to problems if you change the same exact data on both copies to different values? It literally never happened to me, I never had a merge problem. It always just asks me to merge, I say yes, and that’s it.
Oh wait I use KeepassXC not DX, dunno what the difference is
KeepassXC is password manager for desktop computers and KeepassDX is application for Android phones.
Ah, for Android I use Keepass2Android which also seems to handle external changes perfectly.
The problem is that syncing between devices is not implemented in KeePass itself but through an external tool (Nextcloud, Syncthing, or whatever else). The sync client will only see the ciphertext and won’t be able to tell which records have been changed, only that two different binary files have a common ancestor and are in conflict.
The most obvious solution is to lock and close the database when it’s not in use (which is a good practice from a security perspective too), and to sync immediately when it is changed.
Idk what to tell you, but to me the merging is definitely implemented inside keepass itself, Keepass asks me if I want to merge the external changes and does so well.
On the other hand, Vaultwarden can only be updated online. While I do use it, I consider it a major downside, along with the inability to sync attachments.
I too use Keepass2android offline, never had a sync issue though recently I inexplicably encountered an issue where the keyfile couldnt be found or had become corrupted on mobile. This may have been a phone thing rather than a Keypass thing as I never had such issue in many years of use. Luckily I had the forethought to keep an encrypted backup so I was back up & running quickly.
If I remember Keepass allows pdf attachments without restriction which is excellent for vehicle insurance, breakdown cover etc as its good to have these available offline anytime “just in case”. I think this feature is restricted in Bitwarden (though maybe not Vaultwarden).
Do you worry about the sus new maintainer for syncthing-fork on android?
If you do don’t trust em then don’t update syncthing - it’ll work for quite a while I assume.
And in addition the keepass safe default encryption of AES-256 and is even secure against theoretically existing quantum computer attacks to our current knowledge. It is designed to be not trusted by the storage owner :)
The other maintainer, nel0x (who does the Play Store releases), has started distributing a degoogled version of their own. nel0x is arguably more trustworthy.
I use Vaultwarden hosted on my private server. It’s great, will never use another PW manager. and yes it’s cached locally so you’re good. on PC, at least via the bitwarden CLI, you do a one time login and that’s it. you’re logged in until you tell it to logout, logs you in automatically on restarts and what have you. plus it’s very easy to access on whatever pc or phone you want to use. for pc you can just add the bw extension and have your passwords where ever or just simply login to your vaultwarden page remotely. this has been a life saver for me a couple times when I needed a pw for something but I wasn’t on my machine and borrowing someone elses.
Haven’t used KeePass so can’t give a direct comparison, but to answer your question, yes as long as you don’t log out of your client bitwarden will keep a local copy until it can be synced
Important to know: the local copy is read only…so you can’t modify existing or create new entries if you aren’t connected to the server
Why do you want to ditch KeePass? I use it with Syncthing between at least six different devices without an issue.
And, i can’t find clients on f-droid. Any variants recomended that dont come from the playstore.
Another key feature will be Keepass data import.
They have a separate repo: https://github.com/bitwarden/f-droid
Nice one. I missed this
