My setup on GrapheneOS with all the exploit protections on except some off for apps with compatibility issues. Thoughts?

  • ZinQ@lemmy.mlOP
    link
    fedilink
    arrow-up
    2
    ·
    30 days ago

    Wait isn’t that defeating the purpose of KeePass? I strictly use it as a local password manager (no cloud backups and such), since I thought that was the main spelling point

    • ZinQ@lemmy.mlOP
      link
      fedilink
      arrow-up
      2
      ·
      30 days ago

      Or is the database file encrypted with a password? If not you might want to use something like VeraCrypt to encrypt and password protect the database files on the cloud

      • Lazycog@sopuli.xyz
        link
        fedilink
        arrow-up
        1
        ·
        30 days ago

        Didn’t see this comment but: I trust enough my cloud provider + the database file is encrypted with the masterpassword you set for your keepass.

        I also use this cloud to host my Joplin notes, which are also E2EE (joplin supports it) so even if my cloud provider would take a peek it’s all encrypted.

        • ZinQ@lemmy.mlOP
          link
          fedilink
          arrow-up
          1
          ·
          30 days ago

          Ah ok, I was wondering if the database file is encrypted, ignore my comment since it was intended for if the file is unencrypted by default

    • Lazycog@sopuli.xyz
      link
      fedilink
      arrow-up
      2
      ·
      30 days ago

      You can of course. I think the selling point is that you control it and it’s a single file that you can decide where you’ll keep it, how you access it, and what app you use to interact with it.

      I can copy, delete, move it all without needing a service for it. Can modify it offline and everything!

      I don’t host the file on a password manager dedicated cloud, it’s my own cloud space with other files I have there as well. So the file is just in my cloud space, with other files, and i have a synced folder on my phone + pc and just access that cloud folder with the file from keepassXC on my PC and keepassDX on my phone :)

      For me keepass offered a single databae file that I can decide where and how I keep it. Also works offline because the cloud syncs folders and even without internet a version exists on my phones cloud folder (until it gets synced again with internet).

      • ZinQ@lemmy.mlOP
        link
        fedilink
        arrow-up
        2
        ·
        30 days ago

        Can you give me a quick rundown of how you run your cloud space? Can I just Ubicloud + Coolify + Nextcloud?

        • Lazycog@sopuli.xyz
          link
          fedilink
          arrow-up
          2
          ·
          29 days ago

          I had not heard of ubicloud, that’s pretty cool! Thanks for the tip!

          And sure:

          I don’t self host it, I got managed owncloud space from a domain and web host provider.

          I manage my own VPS that I got from them but the cloudspace came extra with buying the domain + email services (I’ve managed email server at my job and no way in hell will I do that for myself, too much headache).

          So basically, in short, I have a managed email + owncloud space (just 5gb, don’t honestly need more) from a commercial provider and just use owncloud app on my phone and PC to sync folders on both. I keep my encrypted joplin notes and (encrypted by default) keepass database on this cloud. Owncloud takes care of syncing and I just use Joplin and KeePass on both devices and set them to use the files in owncloud folder. Never had an issue in 2 years with anything.

          Technically my provider could scan my stuff, but they won’t get anything out of joplin notes or keepass.

          Your idea for a setup sounds way more private, but i think for my usecase I’ve been happy since it’s so low effort and still does what I want it to do.

          I have seen on lemmy people recommend syncthing (https://syncthing.net/) for keepass, which directly synchronizes a folder between devices without a middleman if you wanr. But everytime you want to sync you need to have both devices on for that as there is no automatic middleman that is always available. Maybe that could be done with a raspberry pi?

          Anyway: you can easily set this up with proton if you already have proton cloud no?

          • ZinQ@lemmy.mlOP
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            29 days ago

            I’m moving away from Proton, and self hosting is cooler anyway. Instead of Proton I’m trying out Tuta, Mailbox, Addy.io and Bitwarden

            • Lazycog@sopuli.xyz
              link
              fedilink
              arrow-up
              1
              ·
              29 days ago

              That sounds like a nice stack! And true, self hosting is really nice. Just wanted to give options if you don’t feel like getting into self hosting.

              Nevertheless, good luck on your privacy journey! I’m working on it too!