I’m trying to sync a KeePassXC database between my Android phone and my Manjaro Linux system. I want full two-way sync of changes, but I don’t want deletions on one device to remove the file on the other. What’s the best way to configure this? Tools like Syncthing seem close, but I’m not sure which folder settings or ignore rules would prevent deletion sync while still keeping both sides updated. Any guidance or examples would help. Thanks!
It seems like you need backups, so perhaps just add backups?
Also, it could always happen that a bug breaks your file during sync.
Many Keepass clients have support for not actually deleting entries, and instead moving them to a “Trash” subgroup inside the kdb that is ignored when searching entries. Also they usually keep track of the history of changes to each entry, to make it non-destructive.
Coupled with Syncthing typically automatically creating backups whenever it encounters conflicting changes, I feel this should be enough, at least for me personally.
There is a way to make this work. It goes like this:
- You do not use any external sync mechanism. Instead you work on one file only. Multiple clients can have it open simultaneously.
- The apps I use succesfully that way are KeepassXC on Linux and Keepass2Android on Android.
- You make the file accessible via SFTP (WebDAV might work too, although I haven’t tried that). I have a public server running where I created an account to only serve this keepass db file.
- On the Linux clients I created an automount via SSHFS. KeepassXC opens the file via this mount.
- Keepass2Android has SFTP built-in and can therefore access the file directly itself. This is important since all solutions that involve presenting the file via Android Storage Provider are not designed for that task and can lead to data loss (ask me how I know.) That’s why KeePassDX is not an option. It deals with local files only. (I haven’t checked any of the other Android apps.)
- The syncing is handled by the apps themselves. They can detect or be made aware of changes to the file by the user that may happen even whilst they have it open, and they both handle the syncing correctly and reliably.
- Keepass2Android can even deal with network outages since it is smart enough to keep an internal local copy of the file and to take care of the sync later.
- Since KeepassXC doesn’t have this caching it needs the network to be up. You should create a cron job (or systemd timer) that makes a local copy every now and then, so you have a fallback.
Might be time to self host vaultwarden if you need real DB features like that.
This is the cost of offline password managers. You can’t do this at a file level, there is no way for a sync protocol to merge changes from two files. I say this having suffered thanks of a couple passwords from this exact scenario.
You either need to exercise diligence in only adding passwords at one place, or run a “real” db-based password manager.
What you’re describing is not a two-way sync then. You’re expecting this to be an actual database, but it’s just a flat file with XML at its core. Here’s the file format specification .
Best you can do is set frontend options to prevent accidental deletions, and keep lots of backups, or put it on a versioning storage backend.
You may want to switch to a different solution if this is your desired use-case.
