Why do you want to ditch KeePass? I use it with Syncthing between at least six different devices without an issue.
this post was submitted on 13 Dec 2025
35 points (92.7% liked)
Selfhosted
53636 readers
1258 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
I use Vaultwarden hosted on my private server. It's great, will never use another PW manager. and yes it's cached locally so you're good. on PC, at least via the bitwarden CLI, you do a one time login and that's it. you're logged in until you tell it to logout, logs you in automatically on restarts and what have you. plus it's very easy to access on whatever pc or phone you want to use. for pc you can just add the bw extension and have your passwords where ever or just simply login to your vaultwarden page remotely. this has been a life saver for me a couple times when I needed a pw for something but I wasn't on my machine and borrowing someone elses.
tl;dr: yes, credentials are cached locally. https://github.com/dani-garcia/vaultwarden/discussions/4676
The major downside to the single file storage used by Keepass is that it's easy to accidentally create a conflict between files on different devices if they're not synced immediately. Conflicting files have to be merged manually or data might be lost. I've run into this several times with Keepass + Nextcloud. In comparison, a central master database with local cache can resolve conflicts between individual records.
On the other hand, Vaultwarden can only be updated online. While I do use it, I consider it a major downside, along with the inability to sync attachments.
Technically KeePass can "merge" and has some sort of conflict resolution, but you're right that forgotten and unaddressed conflicts can lay around for unlimited time without you noticing. It's the main problem with keepass + syncthing.
That is another problem i face when i have the app open on desktop and phone at the same time. Its a nightmare.
I use keepassxc and syncthing and have never had this problem.
I think there's something in the settings to save after each change and reparse if there's a remote change.
Doesn't it only lead to problems if you change the same exact data on both copies to different values? It literally never happened to me, I never had a merge problem. It always just asks me to merge, I say yes, and that's it.
Oh wait I use KeepassXC not DX, dunno what the difference is
KeepassXC is password manager for desktop computers and KeepassDX is application for Android phones.
Ah, for Android I use Keepass2Android which also seems to handle external changes perfectly.
The problem is that syncing between devices is not implemented in KeePass itself but through an external tool (Nextcloud, Syncthing, or whatever else). The sync client will only see the ciphertext and won't be able to tell which records have been changed, only that two different binary files have a common ancestor and are in conflict.
The most obvious solution is to lock and close the database when it's not in use (which is a good practice from a security perspective too), and to sync immediately when it is changed.
Idk what to tell you, but to me the merging is definitely implemented inside keepass itself, Keepass asks me if I want to merge the external changes and does so well.
Keepass2Android can use an sftp server. If something was changed on the desktop, Keepass2Android will ask if it should merge the changes.
I too use Keepass2android offline, never had a sync issue though recently I inexplicably encountered an issue where the keyfile couldnt be found or had become corrupted on mobile. This may have been a phone thing rather than a Keypass thing as I never had such issue in many years of use. Luckily I had the forethought to keep an encrypted backup so I was back up & running quickly.
If I remember Keepass allows pdf attachments without restriction which is excellent for vehicle insurance, breakdown cover etc as its good to have these available offline anytime "just in case". I think this feature is restricted in Bitwarden (though maybe not Vaultwarden).
Do you worry about the sus new maintainer for syncthing-fork on android?
The other maintainer, nel0x (who does the Play Store releases), has started distributing a degoogled version of their own. nel0x is arguably more trustworthy.
If you do don't trust em then don't update syncthing - it'll work for quite a while I assume.
And in addition the keepass safe default encryption of AES-256 and is even secure against theoretically existing quantum computer attacks to our current knowledge. It is designed to be not trusted by the storage owner :)
Haven't used KeePass so can't give a direct comparison, but to answer your question, yes as long as you don't log out of your client bitwarden will keep a local copy until it can be synced
Important to know: the local copy is read only...so you can't modify existing or create new entries if you aren't connected to the server
I do basically the same thing, haven't found a better solution
And, i can't find clients on f-droid. Any variants recomended that dont come from the playstore.
Another key feature will be Keepass data import.