To add a key file, enable additional protection on creating the database:Īnd here’s how it will look like when you will be unlocking the database using both the password and the key file: Obviously, it must never be stored together with the database file. To open the database, in addition to entering the password, you also need to provide path to the key file. As it’s the master password, it must be a long and a complex one, so it unlikely will be memorable, and so you’ll need to store it somewhere, but where - that’s an interesting question, because the first answer is yet another database/manager, the password for which you also need to store somewhere, and then the password for this “somewhere” also needs to be stored… yeah, interesting question The database file ( let’s call it passwords.kdbx) can be protected by two security/access factors ( and/or with a YubiKey): Users ( team members) clone the repository to their machines and get a local copy of the database.Yes, it is a binary file, but still it’s not a terrible idea to version control it with Git The database file lives in a Git repository, and that’s how changes are tracked.The original / source of truth database is stored on a dedicated server in the internal network, not exposed to the internet.There are, however, solutions like Pleasant Password Server, which can help with that.Īs a workaround, we came up with the following plan: DatabaseĪs I mentioned, KeePass isn’t really meant to be used in a multi-user environment, as there are certain challenges in keeping the original database in order and tracking changes. Mobile clients I haven’t tried yet, but looks like on iOS the choice comes down to these two:īoth are paid applications and are not cheap, but they do have a one-time purchase lifetime license option.Īndroid clients I haven’t looked at, as I don’t have Android devices. ![]() One thing I was worried about is whether KeePass has the functionality of storing 2FA/ TOTP codes, but it certainly does have that: It also seems to have better performance / more responsive ( and nicer) GUI. Unlike the reference client, which is written in C# and is for Windows only, KeePassXC is based on C++/Qt and works on Windows, Mac OS and Linux. Out of the desktop clients I liked the KeePassXC ( sources) the most. The full(?) list of clients on all platforms can be found here, under the “ Other downloads and links” section. Many of those are available free of charge. Most of the compatible client application are proper native ( without Electron garbage) applications.
0 Comments
Leave a Reply. |