What do you use for syncing your password manager between your Android phone and your PC? Apparently Nextcloud doesn’t support two-way syncing on Android for some reason, and Syncthing-Fork is still untrustworthy since the disastrous handover. The AI generated profile picture of researchxxl doesn’t exactly inspire confidence either, neither does his GitHub bio:
Hi! My name is Jonas and I like to use my coding skills from games and modding to continue work on the Syncthing for Android wrapper.
Everything about this person screams vibe coder.
Bitwarden is an alternative, but I don’t like how non-standard it is. It’s cumbersome to manage and backup, meanwhile the KeePass format is just a file that I can backup wherever and however I want and there are many frontends to choose from.
Have you solved this?
I use KeepassDX syncing via Nextcloud, works flawlessly. I also used to use Keepass2Android, also works very well.
Can you elaborate on the “nextcloud doesn’t support 2-way syncing on android” statement? I can sync my Keepass database back and forth without issues.
I am also using KeepassDX and Nextcloud. I’ve had this setup for years and never had an issue with syncing.
I’m talking about this issue: https://github.com/nextcloud/android/issues/19
I see where you’re coming from. I also really wanted that in my early days of android and nextcloud. Turns out, nowadays you don’t really need that for most use cases, and definitely not for KeePass syncing. Nextcloud app for android exposes all the files via content framework and KeePassDX can sync two ways via that. Other apps like Keepass2Android even have direct nextcloud support via WebDAV, though these days I prefer KeePassDX a little bit more for unrelated reasons.
I recommend you try either KeePassDX or Keepass2Android and see for yourself.
Also, most file managers support CF and will show you your nextcloud files as if they were real files on the device, even without “real” two way sync, and most other apps will be able to save & open files directly from nextcloud.
I’m currently using KeePassDX and I’ve set up the Nextcloud server and downloaded the Android app. I’ll give it another shot. Can you explain more how you’ve set this up for yourself? What does CF mean, and what file manager do you recommend?
Thanks!
CF = content framework, android somehow decided that users shall not see and interact with “real” files and instead, have apps like nextcloud act like content providers and expose a file-like API …whatever, it is what it is, but in the end it works.
I’m currently using Material Files, but even android’s default file manager, bundled with the OS, shows Nextcloud in the left sidebar (your mileage may vary on this one, as each phone vendor tend to customize it a bit).
As for my setup, there’s really not much to it: I selfhost nextcloud, have KeePassDX and the Nextcloud app, and when you setup KeePassDX, select “Open existing vault” and in the sidebar you should be able to select Nextcloud and pick files from there.
Note: For Material files, and most file managers really, nextcloud might not show up by default (“security” or something), but you can “add external storage” and give it permissions.
I managed to get it up and running now, thank you! It wasn’t intuitive at all, compared to using nextcloud-client on the desktop. I’ll try this for a while and see if it works for me.
Glad to help!
Yeah, self-hosting often means trading more control for less convenience, some times more than others. Either way, I hope this setup works for you!
I’ve run into this issue with obsidian, but for whatever reason I haven’t had any issues with keepassdx.
When opening an existing keepass vault, on the left there’s an “Open From” pullout menu. You should be able to select your nextcloud from there. Then find your keepass file and it’ll just work.
I don’t know why, but obsidian doesn’t have the same file picker. There’s no “open from” menu. So you just have to drill into the filesystem, find the folder nextcloud is using, and choose your notes vault you’ve sync’ed in there. And for whatever reason, that seems to be the method that breaks Two-Way Sync.
Selfhost Vaultwarden. Browsers Bittwarden extensions and Android with Keyguard app.
Keepass for Android, my database is stored on OneDrive. Easy access on my win pc and android (KPA has built in sync for many cloud storage providers)
KeePass2Android:
bitwarden
seems odd you say how cumbersome it is to manage and backup (not an issue I’ve faced though) and yet you are using some cumbersome alternative ?
I use Vaultwarden. Each synced device is a backup, so there’s no real need to keep anything further than that, but I do keep one backup of the server files anyway.
Yeah, that’s a good point. There are still a few cons though:
- If the server goes down (or your internet connection goes down), you can’t add entries to your database. Local changes aren’t allowed.
- Bitwarden doesn’t support supplementing your passphrase with a key file.
- The Bitwarden clients aren’t enitrely FOSS as far as I understand, the SDK used has a non-free license.
There are pros and cons in both alternatives, and there is unfortunately not a perfect solution. I like the idea and philosophy behind the KeePass format, so the increase in syncing complexity is worth it (for now at least).
It’s true re adding passwords while the server is offline, but my server runs 24x7 and it’s never down for more than a few minutes. If it goes down, I fix it. I also backup the encrypted DB regularly to cloud, so there is little risk of data loss. I am a very satisfied Vaultwarden user. Especially because it allows password sharing with my family. Everyone has an account.
Paid bitwarden.
I use Bitwarden too. I now use the paid version (which is incredibly cheap) but I was able to sync between Android and PC without the paid for version iirc
The only (known to me) perk of the paid version is the encrypted storage (and probably the org feature).
So yeah. I see it more of a donation/appreciation than a service fee.
But the recent peice increase stung a bit.Paid also helps if you share passwords with multiple people.
I use Nextcloud + KeepassDX on android and KeepassXC on PC. Have never had an issue. Changes on desktop/phone are propagated virtually immediately across devices.
Same here. There was a window of a couple of months when some NC background process wasn’t running reliably in Android, but that got fixed (a year ago?) and it’s been rock solid before and since.
Vaultwarden, no question. When I used KeePass, I had Synology Drive which worked well to sync.
@clifmo @versionc not on android but vaultwarden syncs across basically everything. Mac, Linux, Windows, ios, and should hit the bitwarden app and extensions on android too. my only extras catch is I put it behind my tailnet. so I have to have the device on it to see it. Though if you are trying to stay away from bitwarden/vaultwarden I’m not sure.
Works perfectly on android. Push notifications, sync, passkeys, everything
OpenCloud seems promising. It’s a fork of ownCloud from former developers of ownCloud, lighter weight than NextCloud, it uses flat files to store data rather than a DB, and it has an Android client on F-Droid (and Google Play).
well, now i need to move from owncloud to owncloud
I’m hesitant about OpenCloud. Their parent company is Heinlein Group, whom I know nothing about, nor can I find anything about their reputation. The website uses a lot of marketing fluff, which puts me off already.
If you’re curious, their GitHib issues and website have a bit more about them: https://github.com/opencloud-eu/opencloud/issues/231
The Heinlein Group, to which OpenCloud belongs, is probably best known as the operator of the email provider mailbox.org, but also develops OpenTalk, an open source video conferencing solution.
from heise.de.
Being the owner of mailbox.org doesn’t mean anything to me, but it’s context. And there’s more info in that GitHub issue’s links.
My impression is that they know what they’re doing when it comes to production ready software–I share the OPs concerns about the syncthing-fork maintainer–and they have the funding and acumen to stay in business, meaning their software will be maintained.
I can’t endorse them beyond my own personal opinion though. I don’t have any info beyond what a few hours of digging turned up last time I looked into them.
This bit from the heise.de article stood out:
Kiteworks, on the other hand, is less than enthusiastic about – a closed group of developers who are now using the same code in their own company that they already developed under Kiteworks or ownCloud? For Kiteworks, this smells like poaching, so the company is going on the offensive: in an interview with heise online, Kiteworks CEO Jonathan Yaron stated that he intends to sue Peer Heinlein under German and US law: “We love open source, but we won’t let anyone steal from us”.
facepalm
Yeah, it seems like ownCloud isn’t happy about some of their developers forking the code and starting a new company.
For me, that doesn’t really affect my opinion of OpenCloud for my personal use, though.
Bitwarden.
Paid. Not because I need the added paid features, but because I value it and want to show my appreciation for the developers.
Keepass + syncthing = win
I use keepass2android and “sync” via its native WebDAV support with my nextcloud instance as the source. Been working great forever.
I migrated out of keypass and into vaultwarden, not looked back since.
I use passwordstore.org which is basically a bash script that wraps GPG; but there is an Android client as well.
Everything is stored in encrypted files tracked by git. Files are synchronized by git/SSH to a server I run.
Are there mechanisms for fully automatic synchronization on every file change and every initialization in the Android and console apps for password-store out of the box these days? Using Syncthing with password-store at the moment to get a user experience as close to that as possible. Had to switch from the Android app to Termux and the CLI because the app no longer supports usage with Syncthing.
I actually used
passmany years ago and I quite enjoyed it, except for the fact that the entry names are presented in clear text. You’d also have to manage your GPG secret which I’m not a fan of (in fact, my password manager is how I usually manage GPG and SSH keys in the first place). On the other hand, I guess you should keep a key file on each device on top of a passphrase even if you use a KeePass database, so I guess that point is moot. There are also no good way to include attachments. At that point Vaultwarden feels more convenient, but the more I’m thinking about it, the more I’m warming up to the idea. We’ll see, maybe I’ll give it a shot again.Thanks for sharing your thoughts!
Edit: I did some quick research and I found this video:
https://www.youtube.com/watch?v=j-qBChKG15Y
It brings up some pretty important security concern that still seem to be relevant.
