Can anyone advise on the most secure way to do this?
There is no need to export the data for backup and I wouldn't recommend it. If a database file is good it can be opened by KeePass using the correct Master Key.
Backup copies are known to be good because the they are a series of copies of previous versions of an actively used database file. Only the very last backup, created from a file that was just closed and had not been verified by use could be corrupt. Making a backup copy is based on a very reliable copy operation. Backup copies can also be independently verified as good if needed. One advantage of purpose built backup programs is that they usually include an automatic file verification option.
Backup copies should be kept secure and separate from working copies of the database so that they won't be subject to damage from the same events as the working copies, e.g. disk drive failure, tampering or theft, flood or fire.
The backup cycle only needs to extend long enough to maintain a reasonable set of good copies and to allow for recovery of obsolete information that is still valuable. The backup cycle should also be restarted whenever the Master Key changes. Obsolete backups should be deleted, or they should be stored securely and a copy of the old Master Key stored separately and securely. They should be destroyed once they have no value.
Making copies of the database on a regular basis is a big step forward. It will protect against simple file corruption if kept on separate reliable media, even if it is not practical to implement all aspects of a complete backup scheme.
If you wish to export the data you may using the export feature File>Export. However you would need to provide additional security for the exported data that is not protected by encryption.
I use KeePass 2.x - and this is what I do:
(1) I created a Trigger to backup my database to a server each time I open KP. The Trigger is configured to keep the last 10 copies. If I inadvertently corrupt the database or I can't login, I can easily restore one of 10 older databases that worked.
(2) A few times each year, I export the database to a CSV file (spreadsheet) and store it inside an encrypted TrueCrypt container on another offsite server. This is insurance that I can manually reconstruct my password database in case I ever needed an alternative to KeePass .... hopefully never!
Surely other folks have other ideas about this.
I have a copy of my database in the cloud and access it from my tablet. If there is a major problem with the copy on my computer I can just use the tablet. I also backup my files daily and to a USB disk monthly.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.