search

keepassxreboot / keepassxc

KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
https://keepassxc.org/
Other
21.43k stars 1.48k forks source link

Lock databases on removable storage when it is removed #11361

Open DanEble opened 1 month ago

DanEble commented 1 month ago

Summary

For an open database that was loaded from a removable storage device, removing the storage device signals intent to make the secret information unavailable.

Examples

If the application can accurately determine when to apply this, it should be an application setting.

☑︎ Enable database quick unlock (Touch ID / Windows Hello)
☑︎ Lock databases when session is locked or lid is closed
☑︎ Lock databases after minimizing the window
☑︎ Lock databases on removable storage when it is removed   <---
☑︎ ...

If there are look-alike scenarios in which this might be inconvenient, making it a database setting would probably be better.

Context

I keep a password database on a thumb drive.

droidmonkey commented 1 month ago

I'm conflicted on this request. I don't think there is a good "cross-platform" way to know a file is on a removable storage device (as opposed to the network share for example). We would also need some form of a trigger for the lock event, which would likely mean you would have to periodically observe read/write access to the file. I could definitely see this as a potential cause for bugs (if enabled) due to unforeseen locks happening, we already have a hard enough time with lid close / session lock.

This could be a decent per-database setting that locks the database if the underlying file is no longer accessible. It could also be implemented as a prompt/warning to the user.