[iOS14+] KeePassium needs to be opened first to fill in passwords in Safari

[akuropka]

Description After starting the device I cannot use passwords in Safari immediately, I need to open the database in KeePassium first to be able to select data.

How to reproduce Steps to reproduce the behavior:

1. Restart device
2. Open a login page in Safari
3. Try to fill in username/password
4. No database found

Expected behavior Data will be filled in.

Workaround Opening KeePassium first.

Environment:

• Device: iPhone 15 Pro Max
• OS: iOS 18.0 (22A5316k)
• App Version: 1.53.153 beta

Screenshots https://github.com/user-attachments/assets/77a96dc5-08d8-4c59-bcd5-a1cd7eb0097f

[keepassium]

Thank you, Andreas. This is a known limitation since iOS 14.

The reason is that for the system, the main KeePassium app and its AutoFill module look like two related, but separate apps. Because of system-wide boundaries between apps, AutoFill does not have access to main app's file folder (the one shown in iOS Files app as On My iPhone / KeePassium) — this requires a special permission from the main app. The main app does grant that permission to AutoFill on every launch, but such permissions last only until device restart (again, a system security measure).

So yes, KeePassium has to be launched first after device restart, and we cannot do much about it.

That said, AutoFill can probably show a message suggesting to launch the app first… I'll look into this.

[akuropka]

I guess a mesage would be of help. Yet, StrongBox does not have this limitation...

[keepassium]

Yet, StrongBox does not have this limitation...

It has a wider limitation, which masks this one. Strongbox AutoFill opens only cached internal copies of databases. So it looks like all files are always present — but they are not the actual databases, only copies (possibly outdated).

Here's an experiment for you:

• Create a database in "On My iPhone / Strongbox". SB will list its location as "Local (Documents)".
• Still in Strongbox, create some test entry there. Enable SB AutoFill, if necessary.
• Open some test form to check how SB AutoFill shows your test entry.
• Open that database in KeePassium, edit your test entry, save changes.
• Go back to the test form and see if SB AutoFill noticed your edits.

Surprise, it did not. Not until you open that database in the main SB app, so that it updates the copy for AutoFill.

[keepassium]

You can achieve the same behavior in KeePassium:

• Open the main KPM app → Databases → Long-press your database → Database Settings
• In "AutoFill Passwords" section, set "Consider File Unreachable" to "Immediately".
• Done, now KPM AutoFill will also use an internal copy.

Another option is to keep your databases outside of "On My iPhone / KeePassium". For example, directly in "On My iPhone" or in some custom-made folder there. This way, KPM AutoFill won't need access to main app's directory, and will be able to load those databases, too.

[akuropka]

Thanks for your detailed explanation… in my case the database is anyway read-only so it would not matter.

However, if I set the unreachable timeout to immediately I cannot access the database anymore. The error happens for both settings, depending I cannot open the database in the app or in Safari respectively.

[keepassium]

Why "Show error" as fallback instead of "Use local copy" (default)?

[akuropka]

Other options are greyed out, I can’t select them.

[keepassium]

Other options are greyed out, I can’t select them.

My bad! Apparently, I thought there is no reason to use a local copy as a fallback for… local files :) I'll get this fixed.

[keepassium]

Fixed in 1.53.154 (now in beta)

• If AutoFill cannot access main app's directory, it will show a message to launch the app first (cb374ce79288bfe054071647478f31815f10ad2d).
• It is possible to select "Use local copy" also for local DBs (201845ac012871550bbdc2d5f4f2741a2d907bf5)

[akuropka]

@keepassium, thank you for your efforts. I can confirm, the message is shown and use local copy is selectable. However, this

You can achieve the same behavior in KeePassium:

• Open the main KPM app → Databases → Long-press your database → Database Settings
• In "AutoFill Passwords" section, set "Consider File Unreachable" to "Immediately".
• Done, now KPM AutoFill will also use an internal copy.

does not work.

Further with the timeout set to immediately the database cannot be opened anymore as mentioned earlier:

[keepassium]

@akuropka , it looks like there is no internal backup file that serves as a cache. Check app settings → Database Backup → Make Backup Copies; it should be on. You can reduce the backup clean-up period to 1 hour, it does not affect the .latest file.

P.S. Don't forget to delete the screencast, there is quite a bit of private info there.

[akuropka]

It does not work either with a backup file, there is as before no file shown. However after opening the app the database can be opened with an existing backup.

Frankly speaking this is everything but intuitive and user friendly.

[keepassium]

However after opening the app the database can be opened with an existing backup.

That's the idea. When you launch the app, it loads your main database and creates/updates the backup/cache file. After that, when you launch AutoFill — it skips the main database and loads the backup/cache file created by the main app.

[akuropka]

The idea should be the database is in AutoFill available independently of opening the app as it does with StrongBox. At least I understood that would be the case with using "local copy" and backup.

[keepassium]

At least I understood that would be the case with using "local copy" and backup.

Latest backup file is the "local copy".

as it does with StrongBox

Both apps have their own architecture, terminology and behavior. These are consistent within each app, respectively. However, applying Strongbox mindset to KeePassium — and vice versa — will be counter-intuitive in many ways, yes.

[akuropka]

@keepassium, thank you for your support on this issue as indicated in the headline. It seems there is and won't be any solution with KaaPassium. 😭