What do you use for syncing your password manager between your Android phone and your PC? Apparently Nextcloud doesn’t support two-way syncing on Android for some reason, and Syncthing-Fork is still untrustworthy since the disastrous handover. The AI generated profile picture of researchxxl doesn’t exactly inspire confidence either, neither does his GitHub bio:
Hi! My name is Jonas and I like to use my coding skills from games and modding to continue work on the Syncthing for Android wrapper.
Everything about this person screams vibe coder.
Bitwarden is an alternative, but I don’t like how non-standard it is. It’s cumbersome to manage and backup, meanwhile the KeePass format is just a file that I can backup wherever and however I want and there are many frontends to choose from.
Have you solved this?
Vaultwarden
Its a port of linux
passwith git built in.You backup your passwords in a private repo and sync back and forth. It’s great if you already use
passYeah,
passhas been discussed a bit in the thread already, but there are a few security issues that keep me from using it. Speaking of security, I had no idea the Android app was archived in 2024. That’s quite a long time without updates. Are you using a fork?Thank you for sharing your workflow either way! Using a git based solution would be amazing.
I’m a vaultwarden user, who likes the idea of both the bitwarden and the keepass way. Just to consider new possibilities, isnt it possible to put the keepass db in a private git (selfhosted forgejo or gitea). And sync the repo with an app like puppygit which syncs automatically everytime I open or close keepass. Is this a safe walkthrough?
KeepassXC and Nextcloud. Been working fine for years.
Same setup here. Worked for years and I’ve no plans to switch. As long as Nextcloud is up, bidirectional editing is simple. Trouble comes when one of the clients edited the KeePass file and can’t sync.
Keepass + syncthing = win
Vaultwarden with the Bitwarden Android app and browser extension for my desktop. I already have a solid system for backing up the important data for all my docker containers. As soon as I added it, it was automatically added to that process.
My spouse has an account so if I side she can gain access to my passwords with a simple request. That’s function is important to me.
I still think a syncthing client of some form is ideal. As someone else mentioned there is the option of using the Syncthing Tray devs experimental android build. To avoid issues with sync-conflicts / maintain high-availability access to the most recent file, I sync the databse to a raspberry pi with the encryption option selected (not that the pi is untrusted per se, but it is a device that doesn’t need access to the file, it just serves the most recent changes to other devices since often my laptop / phone / desktop are not all on at the same time).
I use keepass2android and “sync” via its native WebDAV support with my nextcloud instance as the source. Been working great forever.
On Android I use KeePassDx Syncthing-Fork. The handover was rough but the maintainer of the Play version joined researchxxl’s team. Many on the Syncthing forum seem to have accepted research which is good enough for me. Also, KeePass’s database in encrypted so no danger there.
I use KeepassDX syncing via Nextcloud, works flawlessly. I also used to use Keepass2Android, also works very well.
Can you elaborate on the “nextcloud doesn’t support 2-way syncing on android” statement? I can sync my Keepass database back and forth without issues.
I’m talking about this issue: https://github.com/nextcloud/android/issues/19
I see where you’re coming from. I also really wanted that in my early days of android and nextcloud. Turns out, nowadays you don’t really need that for most use cases, and definitely not for KeePass syncing. Nextcloud app for android exposes all the files via content framework and KeePassDX can sync two ways via that. Other apps like Keepass2Android even have direct nextcloud support via WebDAV, though these days I prefer KeePassDX a little bit more for unrelated reasons.
I recommend you try either KeePassDX or Keepass2Android and see for yourself.
Also, most file managers support CF and will show you your nextcloud files as if they were real files on the device, even without “real” two way sync, and most other apps will be able to save & open files directly from nextcloud.
I’m currently using KeePassDX and I’ve set up the Nextcloud server and downloaded the Android app. I’ll give it another shot. Can you explain more how you’ve set this up for yourself? What does CF mean, and what file manager do you recommend?
Thanks!
CF = content framework, android somehow decided that users shall not see and interact with “real” files and instead, have apps like nextcloud act like content providers and expose a file-like API …whatever, it is what it is, but in the end it works.
I’m currently using Material Files, but even android’s default file manager, bundled with the OS, shows Nextcloud in the left sidebar (your mileage may vary on this one, as each phone vendor tend to customize it a bit).
As for my setup, there’s really not much to it: I selfhost nextcloud, have KeePassDX and the Nextcloud app, and when you setup KeePassDX, select “Open existing vault” and in the sidebar you should be able to select Nextcloud and pick files from there.
Note: For Material files, and most file managers really, nextcloud might not show up by default (“security” or something), but you can “add external storage” and give it permissions.
I managed to get it up and running now, thank you! It wasn’t intuitive at all, compared to using nextcloud-client on the desktop. I’ll try this for a while and see if it works for me.
Glad to help!
Yeah, self-hosting often means trading more control for less convenience, some times more than others. Either way, I hope this setup works for you!
Vaultwarden handles the syncing for me.
However I do export backups on both my phone and laptop just in case.
Do you do it manually into e.g. protected json, or to a normal zip (the former doesn’t support attachments as far as I know)? Or have you found a way to do it automatically? One con that I’ve read about this is that backups from one version is not guaranteed to work on another version. Thanks.
Keepass for Android, my database is stored on OneDrive. Easy access on my win pc and android (KPA has built in sync for many cloud storage providers)
I don’t update my Keepass db often enough to need syncing. Maybe every other week or so I just pull the latest backup from my desktop from backblaze b2 to my phone, or if I change something on the phone, I send a copy to myself using signal “note to self.” Then I manually merge the databases.
Pretty low-tech.
Yeah, I have a tendency to modify my database quite often. I often make new accounts, add attachments, modify passphrases on older accounts, etc. I modify it several times a week. I might be an outlier, and in that case I understand why people don’t consider this to be a huge problem haha.
I use passwordstore.org which is basically a bash script that wraps GPG; but there is an Android client as well.
Everything is stored in encrypted files tracked by git. Files are synchronized by git/SSH to a server I run.
I actually used
passmany years ago and I quite enjoyed it, except for the fact that the entry names are presented in clear text. You’d also have to manage your GPG secret which I’m not a fan of (in fact, my password manager is how I usually manage GPG and SSH keys in the first place). On the other hand, I guess you should keep a key file on each device on top of a passphrase even if you use a KeePass database, so I guess that point is moot. There are also no good way to include attachments. At that point Vaultwarden feels more convenient, but the more I’m thinking about it, the more I’m warming up to the idea. We’ll see, maybe I’ll give it a shot again.Thanks for sharing your thoughts!
Edit: I did some quick research and I found this video:
https://www.youtube.com/watch?v=j-qBChKG15Y
It brings up some pretty important security concern that still seem to be relevant.
