Skip to content

Instantly share code, notes, and snippets.

@Adhjie

Adhjie/KeePass-and-Syncthing_Guide_Gist-Draft.md

Last active December 12, 2025 11:34
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Adhjie/73a143f2115d8d34ebc6c626f570f7f5 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Adhjie/73a143f2115d8d34ebc6c626f570f7f5 to your computer and use it in GitHub Desktop.
Download ZIP
KeePass-and-Syncthing_Guide_Gist-Draft.md
Raw
KeePass-and-Syncthing_Guide_Gist-Draft.md

Draft source: Adhjie/Adhjie-Discussion#20

Main branch: This gist

File name: KeePass-and-Syncthing_Guide_Gist-Draft.md

Draft: draft: https://bitwarden.com/help/kdf-algorithms/

Yes, that is the fork (derivative of the original app) that I was talking about. Syncthing-fork by catfriend1 in GitHub and playstore. The play store version has some limitation but it is passable for common user.


I gotta make a gist about this later.


Edit:
You could follow my gist guide later since you already have a GitHub account for Obtainium App-Installer in GitHub, it's an alternative of play store, f-droid, etc. Since it catches the app .apk straight from developer repository.


I'll make the guide on early September later. For now you could use syncthing fork by catfriend1.

@dlpgraphics 
if you search my issues in github page: github/issues or any talk of me.
there are my comment on self hosted synchronization guide for keepass, not really self hosted since syncthing is shipped as user-end binary.

the main source is from TroubleChute video about KeePass desktop; mobile + syncthing.
WARNING: this is to be used when you know you always have it updated using syncthing.
syncthing conflict handling is not very good for this usecase which is why I really praise keeepass2android unintentional cache feature that, in essence act as local backup in case the global copy is not the up-to-date one.

basically if you don't have time to watch troublechute, and i'll add my tips here too:
install syncthing for your devices, samsung phone and pc (i have these), i think tablet will be fine, iirc only iOS got no syncthing but instead premium alt called moebius.

so syncthing/syncthing and catfriend1/syncthing-android manually or automatically using Obtainium (mind the config for Obtainium to get the latest stable release, don't pick beta if youre not a tester and dont like more bugs)

set up syncthing folder for keepass as send and receive, while make backup of this folder regularly manually or with robocopy for windows (other alts exist in linux etc), setup syncthing in your usecase settings.

set up your keepass2android settings for your usecase, remember the cache option here is unique, I have tried some keepass fork in desktop and mobile, and the cache feature here is really nice, tho not really straightforward or pinned as best feature. it's basically git merge, idk for git since this is from another commenter here. but merge in k2pa here means overwrite the kp2a local backup with global copy while overwrite means overwrite the global copy with local copy of kp2a (global vs local as winner).

I havent discuss the memory, maybe cpu, and other problems in KeePassDX but the troublechute video has keepassDX as example. i will later ask the devs, keepassvault feature request is not possible because its a personal little project.

(basically i set my keepass database transform rounds/iteration as high as possible (increase database opening load time) because keepass memory setting is capped with iOS limit of 64MiB just in case anyone use iOS, this is precaution to make it universal guide, while parallelism is for cpu limit, so its ios settings with my pc memory, to compensate for the low memory settings, i increase the transform round until it reach 3 seconds to open in desktop, while parallelism is sadly cap with your device that has the lowest cpu logical cores than your powerful device)


the syncthing + keepass setup is from troubleChute, the keepass database settings is from a user on reddit that discuss bitwarden to keepass migration, (ping me if you need this settings/guide) basically there needs to be manual edit of bitwarden category to keepass category (bitwarden csv export) since the category names dont match.
After this, i search the keepass database settings myself, experiment and came up with this (might make this as a gist in the future), keepassXC and keepass original desktop app has a benchmark 1.0s delay for database load time.
I experiment and use 3 seconds as load time, this is mainly based on parallelism for cpu logical cores in windows this is not cores but "logical processors numbers in task manager", next is keepass iOS limitation of 64MiB memory usage based on iOS autofill feature of keepass, so the only thing that needs your tweak is transform rounds for load time.

(this settings differs from bitwarden since its server side and has diff requirement for database/vault settings from various other factors)

argon2d is recommended for keepass since its offline but for failsafe i still use argon2id from bitwarden threat model because server side failsafe is nice to have. - key derivation function
encryption is aes 256-bit, because its the most tested and common encryption.
database format is kdbx 4, the latest.

this is non sensitive since its just a guide, no number here just a guide from iOS limitation of memory usage in mobile, and keepass syncing method.

if you plan on using cloud storage still, please research more into syncthing and cryptomator conflict bugs or issues, if you ever plan on using cyptomator to make it double protection, cryptomator also encrypt a folder that got synced with your cloud storage, just like picocrypt backuped files but with cryptomator, it could be opened just like keepass without manual encrypt and decrypt like picocrypt, 7zip, etc.

thats it from me, keepass is said to be the golden standard for offline password manager going by awesome-privacy list repo in github, there are problem of syncing since its offline first just like obsidian vs other online first notes app.
but im happy with this setup, I just use bitwarden for my other loved ones that is not very tech savvy, or use keepass + syncthing combo with syncthing folders on their devices being receive-only mode, in case of any mistake made on the local folder, it wont overwrite my global syncthing file.

oh yeah about syncthing guide by TroubleChute, make sure you only have master/global device referred to as other devices as introducer, since this master device essentially act as your global syncthing device, you gotta make sure it is online with another for easy folder setup, and even better if its homelab device like raspberry pie etc. dont forget of backup tho like robocopy method in windows for example.

it is self hosted in the sense that it is offline first, but since syncthing is released as binary for these major devices/OSes, it is more simple than stuffs in r/selfhosted still this is not really easy for layman, so i never actually force loved ones to do this but i instead set it up for them.

I hope this is clear, if you cant find the bitwarden to keepass export/migration comment in reddit post, ping me. its unrelated but really great for side knowledge.

the database settings knowledge is a must tho.

this is gist worthy i just realized, gonna make it as one when I got the time.


edit:
syncthing is very advance in my opinion, and using it with the wrong syncing option is fatal if you do it in mission critical folders, so always make backup.
basically dont forget of sync conflict, syncthing dual syncing (send & receive) vs receive only vs send only. this is really important, also dont use to be deprecated ignore critical feature. this is syncthing trying to be a backup app, not good. always use separate backup method.

Kunzisoft/KeePassDX#1948 (comment) https://keepass.info/help/v2/dbsettings.html https://keepass.info/help/base/security.html#secdictprotect

https://old.reddit.com/r/Bitwarden/comments/1187k0k/import_to_keepass/j9h3o5q/

[[–]](javascript:void(0))[VonVeeGee](https://old.reddit.com/user/VonVeeGee)
 
2 years ago 

Hi! Each month I export my Bitwarden Vault (all 3 file types) for backups. I also use the exported CSV to create a new KeepassXC database (remove the previous month, replace with a new one).

For the import in KeepassXC, in the "Import CSV fields" dialog, I use the following mappings to get all of my data over (including TOTP information) :

[x] First line has field names

Group - folder

Title - name

Username - login_username

Password - login_password

URL - login_uri

Notes - notes

TOTP - login_totp

Icon, Last Modified and Created - Not Present

All the rest of the options I leave as the defaults. After the import, I can access all of my Bitwarden information in the event of a lockout or service outage.

Draft 2 confirmation:

KeePassDX

Save in wayback machine periodically

PhilippC/keepass2android#2974 (comment)

Adhjie/Adhjie-Discussion#20

https://gist.github.com/Adhjie/73a143f2115d8d34ebc6c626f570f7f5

https://www.reddit.com/r/privacy/comments/989mpd/comment/e4flm7w/

Edits:

Footnotes:

Bibiliography:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment