[Jedd]

> I also considered "offline" managers like KeepassXC, but synchronization gets way worse, and there's also the issue about trusting someone else with your mobile apps.

I'm using KeePassXC. Originally between three computers (Debian desktop, Debian laptop, and Microsoft laptop) where it was part of my git repo that I'd sync in between the machines as needed (git repo hosted within my own instance of gitolite, btw).

I've migrated more functionality into Syncthing - so now it's very rare that I ever need to do a manual merge within KeePassXC (which was always a robust operation anyway). KeePassXC has a setting to reload from disk if it sees that the password db file has changed, which makes this process seamless.

Part of my Syncthing setup is that I have a receive-only copy of my various repos on a Debian VM that runs a couple of archive tools (dirvish and borg) which provides for point-in-time restorations if needed.

So - I'm wondering what synchronisation problems you've had, and what you've tried. And what alternatives there are to trusting someone else's OS (replete with non-free components) on mobile, along with someone else's bundling of code into mobile packages?

There's a handful of keepass-compatible android apps, some of which are GPL, and Syncthing can keep a copy on Android easily enough, but ultimately there's a lot of trust in mobile land no matter how you slice it.

[WorldMaker]

Yeah, I find synchronization the least of my problems with the Keepass family. The file format uses GUIDs internally for most changes and most conflicts are easily merged/fixed. The fact that it is synchronized as files gives a lot of flexibility in options. You can use whatever cloud file sync provider you trust that month, and you have the flexibility to switch providers as your trust model and/or threat model change.

Mobile OSes are finally making it easier for arbitrary "file" sharing between such apps. (The iOS Files app is finally "decent" for this compared to just a few years ago.)

A similar file sync option to Syncthing I like to point out is Resilio Sync, a P2P device-to-device "torrent-like" sync tool. Among other things it also supports "encrypted shares" that cannot read inside the share but can still participate as a "seed" in the torrent-like share. Resilio Sync is relatively a lot more closed/commercial than Syncthing, but it's torrent-based underpinnings make it sometimes much faster with large shares. (As with everything, trade-offs to be made based on your personal threat model.)

[cycomanic]

Yes I always wonder why keepassxc does not get mentioned more when password managers come up. It's really an excellent piece of software. Some of the features that are crucial for me: 1. ssh-agent support 2. Browser plugins 3. Can provide secret service (i.e. be a substitute for gnome-keyring and kwallet) 4. Excellent oss android client 5. Absolutely snappy, starts in an instant, compared to electron apps it's like day and night

It also has yubikey support or can support other key files, which is good if you don't trust your cloud sync for example

[nolroz]

What Android client do you use if you don't mind me asking?

[CrendKing]

Keepass2Android is pretty much the de-facto standard client for KeePass database. Also open source.

[CrendKing]

I use Rclone to sync the database to a online storage. It is not triggered automatically, so every time I change the database I need to manually run a one-line script. But it's not that bad because once stable, one doesn't change the database often. Rclone also support strict one-way copy. On the mobile side, Keepass2Android can automatically sync down the database.

Also, not all hopes are lost. There is a 3-year-old ticket to add trigger system to KeePassXC: https://github.com/keepassxreboot/keepassxc/issues/1016

[skratlo]

This is one great setup, and you can change KeepassXC for any other thing, eg. https://www.passwordstore.org/