Backup KeePassXC when Opened/Saved/Closed in Linux

Hi,

I’m using latest KeePass version in Windows now. It has a trigger “Backup your database when you open KeePass”. I modified it to backup database when opened, saved, closed with timestamp suffix.

I don’t know how to make the same in Linux with KeePassXC. My friend advise me to use Git. But this solution is not good for my situation with some search.

Can anyone advise?

PS: KeePassXC has a backup file with .old extension suffix before saving.

1 Like

Isn’t that .old.kdbx file enough for you?

It’s not enough.

I have 1,000 ~ 3,000 backup files per month with KeePass in Windows now.

use gitlab for private repo or github lunched new private ones too! or even better host gittea and make it private and host your files there

I’m new in Linux.

Must run Git command after change in database to force it sync.

Does any solution for automatic as in Windows?

Thanks

try bat files ? also same on linux (not run bat but add shorted cmd) in that file called .bashrc you can write your cmd and short it as sync (Example: alias newpython=“alias python=python3.8” It switch my python version to 3.8 instead of 2.7)

I don’t thinks this creates any benefit, if the file would update is undertandable but I don’t see the point in creating thousands of new file.

Nevertheless I don’t think using Git is bad idea but you would need to understand some basic commands. Still I don’t see the point, if you are creating so many accounts per week it’s playing against you in terms of privacy. Minimalism is a rule. And if you are not creating them I don’t see the point on so many backups, the PM already asks you if you want to save if you have made some changes to the DB.

1 Like

Thanks Esmail EL BoB

try bat files ? also same on linux (not run bat but add shorted cmd) in that file called .bashrc you can write your cmd and short it as sync (Example: alias newpython=“alias python=python3.8” It switch my python version to 3.8 instead of 2.7)

Can you guide me?


Thanks a553d43c-f7fa-483a-8

if you are creating so many accounts per week it’s playing against you in terms of privacy.

1 DB for important. :moneybag:
1 DB for not important.
1 DB for TOTP
1 DB for Recovery Coces

Save all DBs every changes in any DBs. So one time save will make 4 copies.

Minimalism is a rule.

Will think about it.

There is a history inside DB but it make DB size bigger. So many copies will become DB history/version instead.

I don’t think you are gaining that much security, though. It could even backfire if you don’t take care of all the master passwords/phrases, but okay, still if you want to keep doing that your best option is Git IMO.

I don’t understand what you said there, are you talking about Git?

I don’t think you are gaining that much security, though. It could even backfire if you don’t take care of all the master passwords/phrases, but okay, still if you want to keep doing that your best option is Git IMO.

I use another password manager contain master password for 4 DBs. This is one password I must remember. Master password for 4 DBs ~ 256 or more charcters (lowercase, number, uppercase, ~!@#$%^&*()_…)

I don’t understand what you said there, are you talking about Git?

It’s not about Git.
There is a history feature in DB so you can undo. —> https://keepass.info/
https://keepass.info/help/v2/entry.html

Quote from link above:

History
Each entry has its own history. Each time you change an entry, KeePass automatically creates a backup copy of the current, non-modified entry before saving the new values. These backup copies are listed on the History tab page. You can delete backup copies if you are sure that you won’t need them anymore, or you can restore any of the backup copies.

Screenshot:
https://www.ghacks.net/wp-content/uploads/2019/05/keepass-password-history.png

I use many DB copies instead that. There is no history in my DB.

Then it is totally pointless, the only way that you could benefit from having 4 DB is if the passwords for them weren’t inside another DB. If you master DB becomes compromised what’s the point of having 4 more if they can be accessed anyway? The security of that opsec is the same as having only one DB but more inconvenient.
If you want more security get yourself a physical OTP key.

Thanks, I’ll check into this feature, seems interesting.

Thanks @a553d43c-f7fa-483a-8

Master password for 4 DBs is only a part of it. I input some characters in some places before hit enter button. :wink:

I like OpSec. Can you give me some links?

Physical OTP key is next plan if my current isn’t effective. OTP now in my phone.

Yes, I know that technique, if the password on your PM is “sweetpotato” you use a word at the end for all your passwords/phrases which is not registered on your PM, therefore the full password will be “sweetpotatohelmet”.

Still, you are not gaining any kind of security by doing what you are doing, just adding more inconvenience, but if you still want to do it I can’t stop you.

Not really, I don’t know any book or blog which talks about the topic in a way that can be understood simply, I guess the most similar to that is Youtube channel “The Hated One”, but he covers a lot of other topics, not just OpSec.

It’s good to hear that, OTP are pretty good too.

I love your idea. Thank you very much.

I have only 1 DB include OTP, recovery code before. If it is compromised, I lost all. And the file size increase very fast. I read somewhere “Don’t put all eggs into one basket”. So they become 4 DB now.

Let me make it clear.

  • DB 1 contain top priority credentials with UID2 (if any), UID3 (if any)
  • DB 2 contain forums, website, testing, pilot, … I don’t care. PTIO forum account in here :wink:
  • DB 3 contain UID2 with OTP code or secondary password
  • DB 4 contain UID3 with Recovery Code

Risk

  • If DB 1 is cracked: accounts without 2FA will gone. Accounts with 2FA still safe. Many sites have 2FA nowaday
  • If DB 3 is cracked: they get UID2 & OTP code or secondary password only
  • If DB 4 is cracked: they get UID3 & recovery code only
  • If DB 2 is cracked: they will delete my posts in this topic :))

Mmm, I didn’t understand this very well, your English is kind of bad, sorry.

I understand the idea behind this, but if you ever come to the point where your adversary has access to your computer then you have already lost, PM are not something that works against this type of attacks, they work against breaches, phising attacks that could lead to the loss of more than one account, or brute forcing a really easy password which contains guessable information within it.
The only way in which you could improve your security, and I think the improvement would be very small is by having 4 separate DBs and where the passwords for them are not stored on one master database. And still I think it doesn’t add too much of anything since, as I mentioned before, if the attacker has access to your local machine then you have already lost.

1 Like