barrow blog

a chronicle of all the shenanigans we here in the barrow system get up to

KeePass Tips and Tricks

March 29, 2020 — ~barrow

KeePass is a neat password manager that's completely local. This is good for security, because you have total control over your password database.

One big issue with keepass is that, well, it's local! Unlike most major password managers, there's no cloud to sync with. This is great for security, but bad for actually using the password manager! Super complicated passwords aren't any good if you have to send them to your phone in plain-text!

Keepass actually has a solution to this. Your password database can be synchronized with other files both locally and remotely. I want my database sync'd between my (android) phone and my PC, so i have a copy of it in my google drive. One database at $HOME/Documents/Passwords.kdbx (I'm on windows, deal with it) and another file at $GOOGLEDRIVE/Passwords.kdbx.

As long as i have "google backup and sync" running on my pc, it's as simple as (in keypass) File -> Synchronize -> Synchronize With File($GOOGLEDRIVE/Passwords.kdbx).

The major problem is that this is a manual process, so what usually happens is:

  • I need a password on my phone
  • I open up keepass2android
  • The password isn't there
  • I have to go over to my pc
  • Open Keepass on pc
  • Sync with $GOOGLEDRIVE/Passwords.kdbx
  • Click synchronize in keepass2android
  • Re-authenticate with fingerprint
  • Find the password

This is, to put it bluntly, really dumb! Surely there's some way to automatically synchronize the databases, right?

Turns out, keepass has a trigger system for automating these sorts of actions. Great! I'll just set a trigger for event "database saved", with action "synchronize with file." Then i'll just save my file aaand... it's stuck in a loop.

Turns out, when keepass synchronizes with another database file, it first saves the current file. So the call stack (if you will) looks something like:

  • Save Database
  • TRIGGER EVENT DETECTED!!! Synchronize database!
    • Save current database
    • TRIGGER EVENT DETECTED!!! Synchronize database!
      • Save current database
      • TRIGGER EVENT DETECTED!!! Synchronize database!

You can see where this is going. I struggled with this for quite a while. Eventually, I did find the solution! Warning: it's dumb.

My trigger is named "GDrive Sync".
It triggers on "Saved Database file", as long as the file path contains "Documents"
(otherwise it would trigger while saving the file in drive)
It executes three actions, one after another:

  • Change trigger on/off state
    • Trigger Name: GDrive Sync
    • New State: off
  • Synchronize active database with file
    • Path: $GOOGLEDRIVE/Passwords.kdbx
  • Change trigger on/off state
    • Trigger Name: GDrive Sync
    • New State: on

It's really dumb, right? but it works!! Every time i save my password database, it's synchronized with google drive!

Idk how to end this lol, bye ^w^

tags: