Shared DB and Key for keepass

  • charizan

    charizan - 2013-11-28

    Hello everyone,
    i have currently installed the binaries of keepass on a shared folder of system A. The DB and key are on a different drive, C, but on the same system A. I would like to create shortcuts of the shared binary file of keepass to different computers. Then with a shared password everyone will be able to open the DB and acquire the passwords. Unfortunately the whole scenario above is not working as expected. When i open the shortcut is not able to find the key or the db. Can someone help or suggest a better solution for using keepass as a centralized password management?
    Thank you

  • wellread1

    wellread1 - 2013-11-28

    The password database (.kdbx) needs to be in a shared location, not the KeePass executable (i.e. binaries). The recommended way to share a database is to run KeePass locally and provide each user with a local copy of the database. Use KeePass sync and the recommended synchronization trigger to distribute changes by updating a shared, network copy of the database on a regular basis (determined by the trigger). The trigger example shown for Dropbox is easily adapted to a basic network based sharing scheme by adjusting the PATH in step 16 to point to the central, shared copy of the database.

    The DB and key are on ... drive ... C

    If you are storing key files on the same physical device as the database then you are NOT improving security but you are creating an additional point of failure (i.e. loss of access to your database as a result of a lost or damaged key file). A key file has value as a security measure only when it is truly inaccessible until it is needed to open/unlock a database.

    Last edit: wellread1 2013-11-28
  • charizan

    charizan - 2013-11-29

    Thank you for your reply. I didn't want to put the DB and the key locally since this will allow someone to copy the files and use the DB on his own!

  • Paul

    Paul - 2013-11-29

    You can't stop a user copying the database and use it locally / elsewhere / changing the password etc, because KeePass is essentially a single user program. More restriction requires a different product.

    You can somewhat limit what non-knowledgeable users can do via UI flags.

    cheers, Paul


Log in to post a comment.