Another options is pass [0], which uses GPG to encrypt your stuff. Everything happens through the CLI but there are also GUI frontends for it. There's also gopass [1] which is very similar and compatible but does some extra stuff such as versioning with git.
Similarly to this API compatibility there's KeePassDX [2] for mobile phones which is compatible with the KeePass database format. There's also KeePass [3] which is the original built with .NET.
I personally use Bitwarden though because maintaining sync of databases on mobile phones is painful. Also keeping backups up to date is hard and time consuming, I do export my encrypted database once in a while though.
Not a solution. My passwords database needs to work seamlessly on my laptops and phones so I only use KeepassXC and KeepassDX synced with Syncthing. Free and super effective. I don't have to do any manual work for everything to be in sync always.
Seconding Keepass and many of the compatible software as excellent choices!
Use whatever you want for sharing your database across devices, like Syncthing or Nextcloud (or even USB thumb drives), as long as you have a strong password for it (or other means of unlocking it) and it should alleviate many of the availability related complaints about file based secret management.
It even allows storing files (like SSH keys) and on some platforms has the possibility of typing your credentials for you so they don't end up in the clipboard, even though when you use the clipboard functionality they get cleared out of it after a little bit.
The good thing about Pass is that, it’s just a small bash script. It’s amazing how much it does with that footprint. It even provides QR code for transfer to phone. It has multiuser capability with multiple public keys and sharing, sync and versioning via git. There is almost no way there can be a vulnerability in the script, as you can just check it.
A touch on Yubikey will give you one password out (as opposed to unlocking the whole database). As secure as it gets!
Also very convenient to use, since the password is a short pin.
Personally I use the official KeePass 2 executable via Mono on my desktop. I would have given KeePassXC a chance but it lacks the trigger system or a simpler alternative.
I use the trigger system to sync my local database with a copy on my server via the help of a shell script (because I couldn't get the SFTP / scp plugins to work properly).
The trigger runs when the local database is being saved. As a first step it disables itself, as a last step it enables itself again. As a second step the trigger calls my script which downloads the database from my server. Then it runs the sync action against the freshly downloaded database and afterwards the trigger calls my script again and instructs it to upload the database to my server.
I suppose this might be problematic if multiple devices try to change the remote file at the same time but that's nothing I have to worry about and other solutions like using Dropbox or other cloud storage solutions would run into some sort of problem as well (but at least you might be given the choice of which version to keep).
On my Android phone I use Keepass2Android and it's built-in SFTP support to open the remote database (and also keep a local offline-copy).
When saving it seems to synchronize with the remote file first before uploading the file, so even if I change entries on both devices the copy on my server shouldn't lose any entries. But I haven't really tried to break it yet.
I didn't find the sync that hard with pass and iOS (I'm sure Android has something equivalent): Set up a private git repo somewhere and configure passforios to pull from it. I have been running it for a few months now and it's smooth. This assumes you are on Linux or Mac.
That's FANTASTIC. THANK YOU SO MUCH. I really cannot thank you enough. Google and Brave Search failed me but I found with Startpage this pass-compatible password manager for Android with sync through Git [0]. Amazing solution. Will probably migrate my passwords to this solution soon, only need to see if I can get something similar for Aegis TOTP and life will be good.
My pleasure! Ping me if you run into any issues. I also exported my TOTP keys from Authy and have them working from pass as well (using the pass otp plugin).
Sorry, I can't remember exactly how I imported the key, but what I did was generate new SSH ed25519 keypair, uploaded the public key as a deploy key to github, and then I think I copied the private key to iCloud and then accessed it that way.
Nextcloud is amazing, I just don't have the resources or time to self host right now so I'm currently not using it. Big problem for me is that most cloud providers don't actually support syncing to the filesystem through Android's Storage Access Framework and instead keep all of the data in the app data, requiring me to manually export from the cloud application, and re-import into the password manager.
That's amazing, I'm going to try it out since they added support for my current cloud provider at the start of this year. Another poster here has also talked about pass, which I'm going to try out too I knew it synced with Git, but I wasn't aware that the mobile applications available would do the sync through Git too.
How do people use KeePassXC? Do people not need access to their passwords when they're on their phones? And how do people choose between all the KeePass derivatives?
I'm another very happy user of keypassxc. Passwords are too vital to me to depend on the security and reliability of network services. They also have a browser extension, so I mostly don't experience a large usability difference.
Similarly to this API compatibility there's KeePassDX [2] for mobile phones which is compatible with the KeePass database format. There's also KeePass [3] which is the original built with .NET.
I personally use Bitwarden though because maintaining sync of databases on mobile phones is painful. Also keeping backups up to date is hard and time consuming, I do export my encrypted database once in a while though.
[0]: https://www.passwordstore.org/
[1]: https://www.gopass.pw/
[2]: https://www.keepassdx.com/
[3]: https://keepass.info/