- What’s your ENow AppGov Score? Free Microsoft Entra ID app security assessment - Thu, Nov 30 2023
- Docker logs tail: Troubleshoot Docker containers with real-time logging - Wed, Sep 13 2023
- dsregcmd: Troubleshoot and manage Azure Active Directory (Microsoft Entra ID) joined devices - Thu, Aug 31 2023
KeePass' local database is secured from access using a master key. It is encrypted using the master key with AES-256, ChaCha20, and Twofish, the most secure algorithms to date.
Because it is open source, KeePass is also extensible and modular. It enables the integration of community developer plugins that extend its functionality and, in many cases, enables easier integration with modern cloud storage platforms. You can browse the long list of KeePass plugins here.
A traditional tool combined with cloud storage
KeePass follows a more traditional approach to password management, since it is an executable that relies on a local database file to work. However, given its simple architecture and portable, secure design, KeePass can be combined with cloud storage, such as Google Drive, Microsoft OneDrive, Dropbox, and others, to access your passwords anywhere, combining the best of both worlds.
In addition, when combined with the hundreds of KeePass plugins available, users can make cloud integration feel more like a native experience.
Sync KeePass passwords between different platforms
Various KeePass plugins allow you to sync your KeePass database information between a local copy of your KeePass database and one in the cloud. In addition, these plugins help make KeePass cloud storage integration seamless. For example, the following plugins are available for cloud integration and database synchronization:
- KeeAnywhere—Provides access to cloud storage providers (cloud drives). It offers a simplified UI and natively integrates cloud storage drives into the KeePass application. Visit the website here.
- KPSync for Google Drive—Allows synchronizing the KeePass database with Google Drive using the Google API. You can manually sync or enable automatic synchronization if the local database is newer than the remote database in Google Drive. Visit the website here.
- KeePassOneDriveSync—Allows synchronizing multiple local databases with multiple databases stored in OneDrive. Visit the website here.
Store the database in the cloud directly
Do you have to use a plugin to use KeePass with cloud storage solutions, such as Google Drive, Microsoft OneDrive, Dropbox, or others? No, you do not. Instead, you can store it in your cloud storage and directly open the database from there using KeePass. Doing this allows centrally storing the database in the cloud and having the remote endpoints access the database from synchronized cloud storage.
Below, a KeePass database is stored directly inside the OneDrive cloud storage. The KeePass clients are used on end devices that also have the OneDrive client installed and synchronize changes with the cloud. Each client that updates the KeePass database triggers an update on all the other OneDrive clients so that all recent KeePass database entries are available to all clients.
When you use this method, you rely on cloud service providers' apps to synchronize the changes between your clients accessing the KeePass database
Securely storing a KeePass database in the cloud
Some may be concerned about storing their KeePass database in the cloud instead of locally. Does this place your secret password information at greater risk? KeePass's strong encryption algorithms help ensure the passwords remain safe, even if the file location is compromised.
Using multifactor authentication is also crucial when using cloud storage such as Google Drive, Microsoft OneDrive, Amazon S3, Dropbox, etc. This makes compromising the data they contain exponentially more difficult for an attacker.
Cloud security checklist
- Use a well-known, secure service - Google Drive, Microsoft OneDrive, Amazon S3, Dropbox
- Turn on two-factor authentication for cloud service providers
- Use a strong master password
- Use a key file
- Store the key file on a YubiKey or other security device
While it is a more traditional solution compared to cloud SaaS password managers, KeePass offers excellent features that work well with modern cloud storage technologies. When combined with cloud storage and current security mechanisms, KeePass provides a very secure and capable solution.
Subscribe to 4sysops newsletter!
Additionally, there are many plugins available that allow syncing passwords with KeePass across different platforms and extending the flexibility and capabilities of the solution.