this post was submitted on 24 Mar 2026
15 points (94.1% liked)

Selfhosted

56957 readers
474 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
15
self-hosted KeePass database in the cloud, what are some good options? (lemmy.today)
submitted 5 hours ago by ThunderComplex@lemmy.today to c/selfhosted@lemmy.world
18 comments fedilink hide all child comments
 

I'm now finally switching away from Windows, bought a new SSD and just set it up, and now I've hit a bit of a snag.
I'm using KeePass for password management, but I have my database up on iCloud. The reason for this is because I also have a iPhone and MacBook from which I need to access my passwords and this has been weirdly the most trouble-free and convenient option thus far.

But in the spirit of liberation (and because I don't want to have to deal with web-based file management) I thought I'd ask around what some good options are. I am renting a VPS so that could be one option, but there I'm also a bit worried about data loss (for example if I stop paying, which is less of an issue since iCloud is free, or they go out of business. yeah I get that Apple bad but they're a lot less likely to go out of business soon (not that Hetzner is on the verge of bankruptcy but thats my thinking)).

The easiest option would be to just keep it all on my main PC and periodically sync from the other clients, the only issue here is that if my PC is shutdown and I'm not home (which rarely happens luckily) and I haven't synced recently, I'm fucked.

Option 3 would be to get the stanky raspi I have laying around running, but omg I think it would be more reliably if I just memorized all passwords myself.

Option 4 would be the same as 3 but with the Steam Machine. Which would mean deferring this issue until (or if) they release.

And I'm open to hearing more options that you would recommend.

top 18 comments
sorted by: hot top controversial new old
[–] nfreak@lemmy.ml 8 points 5 hours ago (1 children)

While it doesn't quite answer the question, I ended up switching from Keepass to Vaultwarden, with the Bitwarden client on all devices. It only syncs at home or while on my VPN, sure, but Bitwarden stores its data locally so even if I can't connect to Vaultwarden, I can still grab credentials from the local copy.

[–] yardratianSoma@lemmy.ca 3 points 4 hours ago (1 children)

ditto, switched from keepassxc to vault/bitwarden. Couldn't be happier. I have it accessible via cloudflare tunnels, so I always can sync so long as I have internet.

Once I set up S3 cloud storage, I'll have offsite backups as well.

[–] nfreak@lemmy.ml 1 points 4 hours ago

Yeah realistically I could set mine up to be accessible behind Pangolin, but it's the kind of thing I feel more comfortable leaving purely on the LAN. Mostly paranoia.

[–] helix@feddit.org 8 points 5 hours ago (3 children)

Syncthing. If you run it on your phone you can keep it always running :)

[–] hummingbird@lemmy.world 3 points 4 hours ago

If you have an old phone or a tablet at home, you can even skip the server step since you already have an always online, low energy consumption device running anyway.

[–] Lonewolfmcquade@lemmy.world 4 points 5 hours ago

Second this. In the spirit of a 3-2-1 backup scenario, I also like to keep a copy on SpiderOak or Proton Drive and that works well for me. Encrypted cloud storage is my recommendation. And store your key file someplace apart from the database.

[–] gwheel@lemmy.zip 1 points 4 hours ago

This is my setup, though my phone is set to only run syncthing while plugged in and on wifi. My server is always online and taking backups, but if it's down all of my devices still have their own copy.

[–] spaghettiwestern@sh.itjust.works 1 points 3 hours ago* (last edited 2 hours ago)

I set up KeepassKC with Syncthing temporarily years ago while looking for other options. To my surprise it's worked so well there's been no reason to change to anything else.

The database file is always backed up to multiple devices. With Syncthing file versioning turned on older backups are available if that file gets corrupted, but in 8+ years I've never had to use one of those older backups.

Initially I was using Syncthing discovery servers which allowed syncing from anywhere, but I've since moved away from that. Now everything is run locally and I use Wireguard to connect to my home network when I'm away.

I'd get that old Pi running with a cheap SSD, set up Wireguard (or just use the Syncthing discovery servers), put it on a shelf and forget about it. It'll probably run for years with minimal attention.

[–] captcha_incorrect@lemmy.world 3 points 4 hours ago (1 children)

I have used KeePass for 10+ years and used Android and Windows when I first set it up. Now I need it to work on iOS, Android, Window and Linux and moving away from KeePass was not an option I wanted to consider.

My solution is to use KeePassXC on Windows/Linux^1^, KeePassDX on Android and Strongbox on iOS. To sync the file between all units, I use Syncthing (MöbiusSync on iOS). I have a server always online running syncthing to make sure that at least on node has the latest version.

The only problem I have with this setup is that Strongbox does not auto update, I have to select open existing file and select the same kdbx file (and Strongbox will update the vault etc). Saving changes does not seem to be a problem but I usually do a manual scan in MöbiusSync to make sure updates are pushed.

[1] The reason I use KeePassXC over vanilla KeePass is because the devs from KeePassXC and Strongbox communicate to make sure their applications are compatible. A file created with one works with the other seamlessly.

[–] Onomatopoeia@lemmy.cafe 2 points 4 hours ago

An alternative to Syncthing is Resilio.

I use both on Windows and iOS - Resilio does a better job syncing in the background.

Either one is a good answer though (and I generally prefer ST anyway).

[–] wabasso@lemmy.ca 3 points 5 hours ago

I put my database within the path that’s mounted to my nextcloud container. KeePassium on iOS lets you connect to WebDAV which is one way to have Nextcloud host it. It’s good about letting you access the database offline if you lost connectivity.

3:2:1 backup can still happen via whatever method you use for all the rest of your files. So far this is working fine (albeit a bit slow at times) on an RPI. Remote access via Wireguard VPN.

[–] ThunderComplex@lemmy.today 1 points 3 hours ago (1 children)

Thanks everyone. Syncthing does seem like the ideal option for me and what I'll be going with.

I'd just like to hear opinions if I should also run syncthing on my VPS as well or just on my home PC?

[–] frongt@lemmy.zip 2 points 3 hours ago (1 children)

Depends on how many copies you want, how willing you are to maintain it, and how much you want to risk your database being copied.

[–] ThunderComplex@lemmy.today 1 points 2 hours ago (1 children)

Well ideally having it on a VPS would give me on-the-go access to the most recent copy, which might not be as important if continuous background sync between my home PC and iOS really works with syncthing.
Having someone steal my keepass database file would be suboptimal, but not the end of the world. I don't think (or at least I really hope) that current tech can't brute-force keepass databases.

[–] Luminous5481@anarchist.nexus 1 points 29 minutes ago

Sure they can, but as long as you picked a secure password it ought to take them long enough to make it impossible, in practical terms. Nobody is gonna spend years trying to break the encrypted database of some random Internet user, especially when it might be five or five hundred years till you pop it, and you don't know which until it's done.

[–] Decronym@lemmy.decronym.xyz 2 points 4 hours ago* (last edited 19 minutes ago) (1 children)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
RP-1 Rocket Propellant 1 (enhanced kerosene)
RPi Raspberry Pi brand of SBC
SBC Single-Board Computer
SRB Solid Rocket Booster
SSD Solid State Drive mass storage
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)
Jargon Definition
Starlink SpaceX's world-wide satellite broadband constellation

[Thread #188 for this comm, first seen 24th Mar 2026, 16:30] [FAQ] [Full list] [Contact] [Source code]

[–] Natanox@discuss.tchncs.de 1 points 4 hours ago

Not quite

[–] hamsda@feddit.org 2 points 5 hours ago

Before I got more into selfhosting, I was running nothing but syncthing in a Raspberry Pi.

The pi was the "Server" and all the other Clients were only connected to the pi (in syncthing).

Worked flawlessly :)