Hello,

Has anyone experienced the following setup:

On a standard system (Debian GNU/Linux):

- install keepassxc, create a master password and a database file
[ alternative: keepass2, but mono dependancy ]

- make sure that database file is on a git, pushable to a
remote repository (I like git-on-SSH), and push/commit it when
required

On an Android phone:

- install GitSync, and sync the above repository to a local directory

- install KeePassAndroid, and use the database file on that directory

Now, create the passwords and sync around.

I have quickly tested, it it works (I tested with keepass2, but
keepassxc should also work).

Do you use setups like this? Or do you prefer cloud solutions like the
ones offered by keepass2, or even a fully web (possibly mobile, too)
solution like bitwarden (I already use it, but it's a bit complicated &
has licencing issues)?

Any inputs?

Thank you.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 05/05/2025 11:59, Marc SCHAEFER wrote:

Has anyone experienced the following setup:

On a standard system (Debian GNU/Linux):

- install keepassxc, create a master password and a database file
[ alternative: keepass2, but mono dependancy ]

- make sure that database file is on a git, pushable to a
remote repository (I like git-on-SSH), and push/commit it when
required

On an Android phone:

- install GitSync, and sync the above repository to a local directory

- install KeePassAndroid, and use the database file on that directory

Now, create the passwords and sync around.

I have quickly tested, it it works (I tested with keepass2, but
keepassxc should also work).

Do you use setups like this? Or do you prefer cloud solutions like the
ones offered by keepass2, or even a fully web (possibly mobile, too)
solution like bitwarden (I already use it, but it's a bit complicated &
has licencing issues)?

I'd use syncthing (available on Debian and Android) for syncthing
instead of git (which is not exactly built for this specific purpose).


--
Eduardo M KALINOWSKI
[email protected]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Marc SCHAEFER <[email protected]> writes:

Hello,

Has anyone experienced the following setup:

On a standard system (Debian GNU/Linux):

- install keepassxc, create a master password and a database file
[ alternative: keepass2, but mono dependancy ]

- make sure that database file is on a git, pushable to a
remote repository (I like git-on-SSH), and push/commit it when
required

On an Android phone:

- install GitSync, and sync the above repository to a local directory

- install KeePassAndroid, and use the database file on that directory

Now, create the passwords and sync around.

I have quickly tested, it it works (I tested with keepass2, but
keepassxc should also work).

Do you use setups like this? Or do you prefer cloud solutions like the
ones offered by keepass2, or even a fully web (possibly mobile, too)
solution like bitwarden (I already use it, but it's a bit complicated &
has licencing issues)?

Any inputs?

I run a Nextcloud instance on a RaspberryPi and then use the Nextcloud
client on my laptop and on my Android phone to sync my important files, including my KeepassXC database. Additionally the Nextcloud instance
creates periodic snapshots on an external SSD with Btrfs. Provision of
backup for multiple devices was my original motivation for this set-up.

--
This signature is currently under constuction.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Marc SCHAEFER <[email protected]> writes:

Has anyone experienced the following setup:

I wonder how fast the git repo grows as you add stuff in the keepass
database?

Personally, for sharing a keepass database between Linux/Android/Windows computers I use keepass2 and keepass2android and the database is online, accessible via webdav. This setup has worked for a few years now.

I have syncthing running too, it seems to work but I don't much trust it
from some historical bad experience and adding new devices always seems
to need some considerable hair pulling.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 06 May 2025 07:57:53 +0200
"Loris Bennett" <[email protected]> wrote:

I run a Nextcloud instance on a RaspberryPi and then use the Nextcloud
client on my laptop and on my Android phone to sync my important
files, including my KeepassXC database. Additionally the Nextcloud
instance creates periodic snapshots on an external SSD with Btrfs.
Provision of backup for multiple devices was my original motivation
for this set-up.

Nextcloud will indeed do the job, and do it better than a git
installation will. However it is overkill, as nextcloud provides so
many other capabilities. The original poster (OP) might be better
served with syncthing, which I also use.
--
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Charles Curley <[email protected]> writes:

On Tue, 06 May 2025 07:57:53 +0200
"Loris Bennett" <[email protected]> wrote:

I run a Nextcloud instance on a RaspberryPi and then use the Nextcloud
client on my laptop and on my Android phone to sync my important
files, including my KeepassXC database. Additionally the Nextcloud
instance creates periodic snapshots on an external SSD with Btrfs.
Provision of backup for multiple devices was my original motivation
for this set-up.

Nextcloud will indeed do the job, and do it better than a git
installation will. However it is overkill, as nextcloud provides so
many other capabilities. The original poster (OP) might be better
served with syncthing, which I also use.

When I was setting Nextcloud up, it also seemed to me that it might be
overkill (in particular as I had to do it several times due to SD and
external HDD failure). However, now it has been stable for a couple of
years.

I wonder what I would miss if I move to syncthing. I mainly just use
the file sync, contacts, calendaring, and photo upload features of
Nextcloud.

--
This signature is currently under constuction.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 7 May 2025 08:39:32 +0700
Max Nikulin <[email protected]> wrote:

On 06/05/2025 16:25, Stanislav Vlasov wrote:

I put keepassxc database in ~/Sync folder and use it on every comp +
phone (keepass2android), sometimes simultaneously.
Even if i does not have link to any other device (sometimes internet
is broken), i can use credentials from local copy of database.
On storages I configured syncthing to save several copies of deleted/overwritten files in this dir, so i can restore data after
some disaster.

What will happen if you add or change a password for some resource on
some of your devices and *without intermediate sync* (due to some
network issue) you add another password on another device? At this
moment 3 different versions of password database exists and none
contains all updates.

At the first change, syncthing will recognize the conflicts, and
preserve both versions. I don't know about the second, but I suspect it
will do the same, resulting in three files. If you have the syncthing
GTK client running at the time the discrepancies are discovered and transferred, it will notify the user. I have also written a systemd
timer unit which will send me an email if it discovers conflicts.

Of course, you get to reconcile the conflicts manually.

--
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

On Tue, May 06, 2025 at 10:53:08AM +0300, Anssi Saari wrote:

Has anyone experienced the following setup:

I wonder how fast the git repo grows as you add stuff in the keepass database?

That's indeed a good question. I liked the idea of having an history
of the password database, and I guess binary delta won't help on
an encrypted file.

Personally, for sharing a keepass database between Linux/Android/Windows computers I use keepass2 and keepass2android and the database is online, accessible via webdav. This setup has worked for a few years now.

That would also be KISS, indeed.

Actually I went the git path because my first idea was to use the Debian pass package, on Termux, with multiple password-GPG encrypted files that
don't change that often. That works for me, but for end-users a solution
like keepass2/keepasscx and keepass2android would be better.

For the use case (few changes), git would work as sync layer. Or another
layer, as was suggested by you and others, e.g. syncthing (without
history apparently), or as you suggested, WebDAV (there history could
be done through regular backups on the server).

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 7 May 2025 15:30:57 +0200
Marc SCHAEFER <[email protected]> wrote:

e.g. syncthing (without
history apparently)

syncthing does what it calls file versioning. https://docs.syncthing.net/users/versioning.html

--
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

On Wed, May 07, 2025 at 08:41:00AM -0600, Charles Curley wrote:

syncthing does what it calls file versioning. https://docs.syncthing.net/users/versioning.html

Aha, interesting!

Thank you.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2025-05-07, Marc SCHAEFER wrote:

Actually I went the git path because my first idea was to use the Debian pass package, on Termux, with multiple password-GPG encrypted files that
don't change that often. That works for me, but for end-users a solution
like keepass2/keepasscx and keepass2android would be better.

In keepasswc you can have a master db and secondary dbs. You can set the secondary password in the master. Then the secondary can be opened
seamlessly from the master. I use this to put only a smaller (safer?) db
on my phone.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)