Recently, I let my sister host her rambling guides here on my site. In the last guide, she explained a little bit about the setup we’ve devised for password management, that I deemed a bit too involved for a normal user. I’m going to go ahead and explain here the bare minimum setup for a working and functional KeePass Secrets Database with synchronization via Syncthing.

The Setup

First, you’ll need a few applications. For desktop users, you’ll need to grab KeePassXC. It is already packaged for several linux distributions, but if you happen to be on a distribution that doesn’t have it packaged, you can grab the FlatPak. You’ll also need Syncthing, which is again, packaged by most distros.

For Android users, you can get KeePassDX on the Play Store or F-Droid. All KeePassDX does is mirror functionality with KeePassXC on Android. You’ll also need Syncthing-Fork from the Play Store or F-Droid.

For iOS users, you’ll need KeePassium and Synctrain, though I will not be able to provide instructions on how to set these up here, as I have no experience doing so, and no devices to attempt a setup on (feel free to get into contact if you have a spare iOS device you’re okay with throwing at me, I guess).

Desktop Setup

Once installed, these apps act exactly the same whether you’re on Windows, Linux, or macOS. The differences will be in how you start Syncthing automatically. Luckily, Syncthing has you covered, with their exceptional documentation. Keep in mind that most Linux distros are using systemd, and for you, its as easy as running systemctl --user enable --now syncthing in a terminal, which will start Syncthing any time you are logged in.

Next, you’ll need to start KeePassXC, and create a new database. Give it a nice name, and make sure to put it in its own folder1 (something like keepass in your home directory). The default settings are all fine, so don’t touch anything unless you know what you are doing.

After that, you’ll open up your web browser and navigate to http://localhost:8384 (yes, you can just click this link) to access the Syncthing User Interface. You should be greeted with a quick setup dialog. Everything being default is fine here, too. From there, click on “Add Folder”. Make sure to give it a descriptive name (something like “keepass” or “password-db”) then give it the folder path, wherever you put your database.

You’ll also want to follow the KeePassXC Browser Integration guide to setup secure password access between your KeePass Database and your Web Browser.

Android Setup

Fire up Syncthing-Fork, make sure its running its service (a persistent notification will appear), then navigate to the “Devices” tab. On your desktop, go to the Syncthing User Interface (you kept that open, right?) and find the “Identification” field under “This Device”. Click on the value – it should be a hyperlink colored 7 character random string. This will bring up a QR code (and other sharing options).

Back on your Android device, tap the “Add Device” button in the upper right hand corner, then on the right side, tap the QR code button and scan the QR code on your desktop. Once that is done, tap the check mark in the upper right corner to finish adding the device.

You will need to go back to your desktop again and approve the device, making sure to share the keepass folder with it. You should get a notification on your Android device at this point asking you to accept a shared folder. Make sure to do that, and put it somewhere that KeePassDX can access – Usually somewhere like /storage/emulated/0/keepass or in the file explorer you tap your phone’s name and then make a new folder for it (You will need to grant file permissions to Syncthing-Fork for this).

Once that’s done, your devices should automatically start synchronizing the database without any further intervention from you. Congrats!

Now you can open KeePassDX, tap “Open Database” and navigate to your keepass folder to select the database (a .kdbx file).

From here, you can add passwords as you normally would. Both KeePassXC and KeePassDX will save changes to the database as you add, remove, or modify entries, and Syncthing will pick them up automatically so long as both devices are online and have an internet connection, no matter where you are in the world (firewall rules permitting, of course).

  1. This is important! Syncthing works on a Folder basis, not a per-file basis, so you really really only want the database in this folder. ↩︎