I was looking for a way to sync my own KeePass database with all my other devices and share a second database with my partner.
Since I am not using Cloud services like Dropbox, Google Drive or iCloud, I set up an open source file-hosting software system on my server. I chose Seafile, because it is open source, provides client-side end-to-end data encryption, is easily deployed via docker and offers clients for iOS and Android, as well as macOS, Linux and Windows. Nextcloud is another popular alternative to Seafile.
Regarding security: when creating your keepass database, make sure you set a strong password and increase the number of key transformation rounds to protect your database against dictionary attacks (more information here). Also, if you are considering using KeePassHTTP or KeePassHTTP-Connector for browser integration keep in mind that this is a security risk if your system is compromised, as an attacker could intercept communictaions between the KeePass HTTP server and the browser extension!
If you want to use services like Google Drive or Dropbox you can skip the first step and use the respective clients on your devices to sync your database.
1. On the server: Setup of self-hosted file-hosting service (optional)…
… install docker
wget -qO- https://get.docker.com/ | sh… set up Seafile Pro or Nextcloud
- Use my tool dockerbunker and have
Seafile Pro orNextcloud up and running behind an nginx reverse proxy container and connected to your domain with a Let’s Encrypt certificate in a matter of minutes. (Setup of Seafile Pro via dockerbunker is currently broken. Alternatively, use seafile’s official documentation to deploy Seafile Pro with docker)
- Use my tool dockerbunker and have
After setup is complete, log into the seahub web-interface and create an encrypted Library
2. On the Desktop/Laptop…
… download the Seafile or Nextcloud client on each Operating System and log into your server
… install KeePassXC on Linux
… install either KeePassXC or MacPass and the MacPassHTTP plugin on macOS
… install KeePass and KeePassHttp on Windows
… install KeePassHTTP-Connector for Firefox or Chromium on each Operating Systems
… open KeePass, create a new database and save it in
~/Seafile/My Encrypted Library/secrets.kdbx. Using a Keyfile or ‘Challenge Response’ is recommended.… change the number of transform rounds in ‘Database Settings’ to a high value (e.g. 24390244) to protect your db agains dictionary attacks.
… run the Seafile or Nextcloud client and sync the KeePass database
3. On the iPhone…
- … install MiniKeePass
- … install the Seafile or Nextcloud mobile client from the App Store, sync your encrypted library and copy secrets.kdbx to MiniKeePass
On the Android Phone…
- … install KeePassDroid or KeePass2Android
- … install the Seafile or Nextcloud mobile client, sync your encrypted library and copy secrets.kdbx to KeePassDroid/KeePass2Android