Open craigarno opened 1 year ago
droidmonkey
commented
1 year ago There is a lot to unpack here, but you would greatly benefit from a file sync service like syncthing or onedrive or whatever your corporation uses.
There is another open issue requesting bidirectional sync which would immediately resolve your situation.
craigarno
commented
1 year ago What isn't shown is there are actually 2 corporations here, mine and a larger startup.
Something which may not be obvious is most of the time, all the KeePassXC instances are working off the local network shared database.kdbx file. This with the hope that other seats will reload file Password.kdbx contents when the network share file date/time is touched. Some experimenting with Windows KeePassXC 2.7.4 shows KeePassXC already does this the way I'd like, I just hope it's a robust implementation. I have noticed problems when one older machine seems to lose network share access and the local KeePassXC running on this local older machine keeps working with what's in memory. This older machine running KeePassXC 2.7.4 is challenged when trying to save modified memory contents before the required reboot to get MS networking back online. This is probably a failure condition not yet considered with KeePassXC design, or as a "new feature" isn't yet supported.
What I'd like is a way to manually Sync the local database with the network shared one after I've verified new/modified entries in the network share DB actually work. This makes it easier when I need to disconnect a laptop for a trip to the other company and will then be operating off the Local Passwords.kdbx while working there. i.e. I don't save the Passwords.kdbx at the other location. However, as alluded, there is a Merge-Sync'ed copy on a Flash memory device (USB stick or SD-Card) in my pocket as backup for the trip.
BTW, the Passwords.kdbx file has 367 entries with ID, Password, login notes where needed, like UBI-Key login when I've forgotten my cell phone and can't login using 2FA. It's great that all this information for each entry is Merged/Sync'ed. If I lost this information, everything would stop. For those who aren't writing paychecks for other people's income, this would be a problem.
droidmonkey
commented
1 year ago I really really strongly suggest you consider using a formal file sync service that also includes version control / backups automatically.
Summary
I use a network share based Passwords.kdbx for use on multiple machines and OS's.
This method of operation works well for up-to-date login information as I change seats; Work from home, then go into the office, or move from a development machine to a machine setup for business. This method of operation runs into a problem when I've added a new vendor website login/password/URL and forget to save it before I move to another machine, and start stop KeePassXC instances in the correct order.
When I return to the machine that I forgot to "save", I'm locked out of saving the changes and end up doing some push-ups to get around this condition to merge and sync the two database instances without losing data. This is safe, which is great, but I believe there is a better way for an operation which happens frequently enough.
Have the local database in memory keep track of the file date/time stamp. If the file on network share is newer than the file loaded into memory, then perform a "merge" (git pull/merge type operation), then a KeePassXC save/merge type operation to sync the two database instances; memory, and network share.
For safety, I keep a copy of the network database on the local machine using a different database name; mydomain.com, USB-Backup, MachineName, etc. The database names need to stay different so I can identify by tab name which is open in KeePassXC, but the data should be sync'd-the_same until the two databases are identical.
This database is critical enough that I keep a separate copy on each machine, which in theory should be a 1:1 data match to the Network share.
Examples
I usually open just the "me.com" database on all machines for normal operations. Then occasionally, as a separate operation, perform a merge to keep local database content up to date. This helps when updates are done hastily and modifications need to be backed-out/modified using older unmodified database contents.
Context
I use 7 different machines regularly, combinations of Windows/Linux, Laptop/Desktop. This diagram is simplified to 3 machines for explanation. Without a "merge/sync" type operation on a common database, keeping all operations in proper order, manually syncing to prevent a deadlock situation is at best tedious and otherwise fraught with error.