I’m currently using Bitwarden and using KeepassXC as the backup password manager. As Bitwarden is in the cloud, I am trying to find options to replace that with a local application. My current options are the following:
gopass - not comfortable with a CLI app with my passwords running constantly. With the Bitwarden app, I can close it when I want, but this does not seem like the case with this.
I wanted to ask for feedback from others in this situation. How are you dealing with this? If all of your passwords are local, is it just everything in KeePass? My worry is that if my database is corrupted, I am out of luck. So that’s why I am looking for an alternative.
A lot of people combine keepass with syncthing to sync between devices. Syncthing can be set to keep multiple versions, rather than deleting. It could be a good option for you if you want the ability to revert to an earlier one. You can also put it in a cloud provider since the file by itself isn’t very useful, assuming you have a good password.
Online password managers work for the vast majority of situations, so I wouldn’t feel too bad if you outsource this one. Not losing all your passwords is indeed the first priority here.
From what I’ve seen, Podman isn’t that complicated by the way. You basically just get a mini minimal OS and you tell it what folders it can use, I think by default it shares home. It handles the container part and it’s only needed on the server. Personally I would pick a different computer than my desktop to run the server, just to keep things simple and have as few things running on the server as possible. I’m planning to do this, but only because I don’t like the keepass UI. Vaultwarden is probably overkill for one person.
I’m in a similar spot, I have been using bitwarden for a few years, more recently as a subscriber. I quite like it but it feels scarey at times, notably when I have to navigate around the webapp (on my phone). The webapp isn’t very well suited for this and some very important things are only available via the webapp - something that bitwarden support agree with and are looking into improving.
Also on more than one occasion I have saved different passwords to the vault and the application which is proper annoying. I know (now) how it happens - I generate a new password, copy it to the application to see if it is accepted (how many applications only tell you their password syntax AFTER you’ve entered one that fails?). So with the password saved in the application I return to bitwarden and save it there only to find bitwarden does a sneaky regeneration just before I save it. I have of course worked out a way to avoid this but it still feels like a precarious process.
So I too tried KeePass(DX) and I love it, creating/changing passwords is much more “me" proof and I really like the idea of the file being right there on my device which, used wisely, has no equivalent point of failure to bitwarden not working.
I can sync between phones using mega and keep a couple of strategically placed backups about the place.
The downside? Transferring all the passwords
Also I have a small glitch whereby I have to input my fingerprint everytime I click the little eye to see hidden fields. I’m sure this must be an erroneous setting but it’s is annoying enough to be a delabreaker if not.
There is also pear pass, by the makers of keet. It is local only and will eventually be able to share individual vaults p2p. Still a work in progress on the sharing vaults mind so really its a per device basis
Can you not just transfer your whole database in one go by exporting it from Bitwarden and importing into KeePass? I’m pretty sure I did it that way when leaving LastPass years ago.
I do have backups in place, but I like to have another software holistically that can take care of passwords as well, just as a software stack backup.
I do use podman for a service, but with password-related services I’m just worried about messing it up somehow.
I agree with you on outsourcing. For me, whenever I have had my PC connection go down, the bitwarden app would not let me log in (to the local app) or work properly. I could be an edge case, but that also is the reason I am trying to roll off. Hope that adds a bit more context on this.
I do still use KeePassXC, just looking for a secondary local password app as a backup to it. gopass seems to be command-line and potentially running constantly, so I’m trying to avoid that at the moment.
Wait, why do you want two programs? You might as well install both keepassxc and the original keepass to let them share the file.
What matters in terms of backups normally is the database file, because you can migrate it to other services, including online ones.
Keepass is really the best solution as long as you can manage syncing and protect the database file. That and the UI is all you’re getting out of an online service anyway.
I can understand the idea of having two password managers synchronised. If one gets lost you have your passwords available without a traumatic restore process. Also each can hold the others master password.
I wonder if it’s possible to have both pop up asking to save any new passwords?
I don’t think this is for me btw unless I can be persuaded it’s easy to keep them in sync
Consider what I suggested before: Syncthing, set to save multiple versions (so you have every edit going back one year, or forever if you want). It can be backing up to a home server + a second optional cloud storage backup. Syncthing keeps it identical on all devices.
That shouldn’t be “traumatic”. You just download or copy the file. No harder than logging into a second account. I could be missing something, but I’m not seeing the issue unless someone doesn’t want to use keypass and manage their syncing at all. All these password managers are just a front end to the database file, so you’re doing the same thing regardless.
If it’s storing the keypass password, you can write it down, put it with your important documents, and then store another copy with a web service or your OS’s password storage if you want. No need to set up something as complicated as vaultwarden when you could use a post it note.
The way I see it is more like with bitwarden you dont have access to the file directly. With KeepassXC you do. I was looking for more having 2 different database files from different services - more of a paranoia thing if anything.
Even with syncthing, if a file is corrupted (without you knowing) it would just get synced corrupted across to other locations.
@Grapeg@trilobyte thanks for sharing in depth posts! Based on the conversation, I might make KeepassXC the main password manager, and have the Bitwarden be the cloud backup in case I can’t access the Keepass for one reason or another.
Thanks again for the back and forth on this idea of mine!
