The only thing I don’t get is if Kee Vault offers sharing blacklists / whitelist syncing yet.
Yeah that should work such that when you save your Vault on one machine and then sign in to Kee Vault on another machine, the configuration will be overwritten on the subsequent machines using whatever config got put into your Kee Vault on the first machine.
integration with Android seems clumsy unless there’s also a browser integration with AutoFill
Thanks for the feedback. I’ve heard this from a few other people too - essentially Android (and web apps in general) does not support this feature yet. If it’s not introduced soon then I can create an entirely native app that duplicates much of the main web app’s functionality and adds AutoFill (obviously only for Android 9+ which is when they finished development of the feature for native apps) but it could take a year or more to complete such a large amount of development… and then there’s iOS which has introduced a similar feature last year…
I’ve started experimenting with a native Android app but it’s definitely not going to be ready for public testing this year.
Do you offer also ‘export’ of entries or of the kdbx file?
Of course. There’s an Export button right next to the Import one
I would have preferred that you invest time in in the extension and KeePassRPC and charge for that work.
I really think that KeePass and KeePassRPC are not the perfect solution for a lot of people and while Kee Vault can still be improved, it’s a step in the right direction for a lot of people. Of course it would be great to be able to charge money for work on the desktop browser extension and KeePassRPC but who do I send the bill to?!
In 10 years of working for free on these products, no feasible solution was found; perhaps a huge shift in human behaviour is just around the corner… but I suspect not. Until then, I figured that Kee Vault is priced so cheaply that if someone wants to pay part of the charge for my work on the browser extension they can pay for a subscription to Kee Vault, potentially taking advantage of the browser extension configuration sync feature while still using KeePass on desktop for some or all password storage if that’s their preference for any reason.
And there’s another downside. If someone want’s to hack passwords he probably targets more Vault…
Part of the reason for choosing kdbx as the storage format for Kee Vault is because it is well established and proven to hold up to offline decryption attacks. Since kdbx is designed to be safe to share publicly, Kee Vault is secure even if a synced kdbx file were to be released to the public. Of course, good security is about layers of defences and you can see from other information about Kee Vault and its source code that other layers of defence are also in place to further increase security.
If you really are able to keep your locally stored passwords hidden from the rest of the world forever then you are exceptional (some might also say an optimist). For a lot of people though, what matters more than keeping the encrypted data in a secret location is the security of the data itself, such that if (pessimists may say when) the data is exposed, there is no way to decrypt that data into a form that reveals the secrets (passwords) protected within. kdbx has inherent protection against this risk.
The one thing you can never see for any cloud service, even an Open Source one, is what really happens in that service with regards to enabling access to the encrypted data. However, since you can see that only the complete kdbx file is transferred from your device to our cloud, the potential risk in the worst-case is no greater than the risk posed by an offline attack (i.e. the protection from technologies such as Argon2 limit the rate at which an attacker can attempt to break into the encrypted data). As a matter of fact, we don’t provide any mechanism for an attacker to perform mass attempts to guess the password to your encrypted data but even if we were lying or mistaken about this claim, the inherent protection from the kdbx format would kick in at this point, making an attack futile.
Maybe an export/import function through files would be something for the extensions which allows you to configure Kee the same way as on other machines if you switch machines.
Yeah that sort of manual file management procedure is probably feasible, although still far from trivial and I’d definitely want to see what Google’s new extension restrictions bring to the table first just in case all local file system access is prohibited in the next year or so.