I spent about a day and a half working through all the various and mostly out of date KeePass option for Ubuntu (Kubuntu). I want to share what I've found and ask for other answers regarding the many approaches and defunct options.
First I wanted to collect the relevant question from this site, several of which are almost a decade old. These are ordered by most votes as that seems to be what Google uses and where I landed first was the top one.
- Where is KeePass2 plugins directory?
- How to integrate KeePass2 and Firefox using Kee in Ubuntu 16.04 - 18.04?
- How to integrate KeePass and Chrome/Chromium using ChromIPass?
- KeepassX vs KeepassXC
- What's the best way to handle passwords in Ubuntu (Application + Browser PlugIn)
Let me explain my path so far.. Starting in Windows, loved this simple yet powerful lightweight password manager. Never connected it to the web, but kept the DB file inside a Vercrypt container. I was using LastPass because of its good entry field recognition for saving new PWs and the mobile use for $12/yr. Then they doubled the price, and recently again, until its $40/year now.
I have been using KeePasXC on Kubuntu 18.04, because after searching around I thought I might want the browser integration, and it seems to work okay, but I kept searching for the synchronize databases or remove duplicates functions. Its just that XC doesnt have these standard KP features. I dont know why because I believe the KP source code is freely available. Anyway, recently I finally ditched LP and moved to KeePass2Android, which works remarkably well. It syncs to all kinds of cloud services, so I put all the non-important accounts I had in LP into a KP DB and onto Google Drive. (btw, to convert LP to KP, use this field sequence 6,5,2,3,1,4,7).
Now Ive been needing to setup a desktop browser integration using the same db file on Google drive. So searched through all the various forms of KP, KPx, KPxc, KPrpc, Kee, KeeVault and a number of others. Tusk seemed to have the most reviews on the Chrome Store and it does connect with a shared GDrive file. However, it doesnt ask to save any passwords. Plus I really needed a editor that would sync, to delete a few entries I dont want in the cloud anymore. So, I found a plugin for GDrive, but KPxc doesnt use plugins. Too bad because KPxc does have ask to save. The response suggested I use the gdrive-org client, however it appears to no longer connect with error "Sign in with Google temporarily disabled for this app..This app has not been verified yet by Google in order to use Google Sign In." from Google. Other sync clients I tried like grive, have the same error.
So I went back to trying to get the plugins to work again with the error "The plugin cannot be loaded a newer .NET framework is required". Trying mono-complete, wine64 (which has wine32), winetricks with dotnet 4.5, msitools for wine. I tried installing the gsync plugin, tried adding the log4net.dll, read other exhausting and possible fixes, tracked down the error, tried all those fixes. In one of those I found a solution to use Dolphin's network connection to sync the db file, but it had some caveats that are not so smooth. I still couldnt get KP on wine or mono to connect to a cloud.
Reading the official KP documentation, it seems the remote file URl was built mainly for Dropbox. And because the GDrive sync client werent working I pursued DBox. Still couldnt get KP to connect, and even Tusk was failing to connect to it. So back to KPxc, but it turns out because Im using portable Chrome installations in Veracrypt volumes which close automatically on powercut, it wasnt finding the 'proxy' to connect the browser). I very nearly gave up and paid for KeeVault, which is at a noble price point, but read some reviews first and they reminded me how much I dislike trusting a 3rd party for data storage. Granted Gdrive isnt much better, but I will fight using Dbox tooth an nail because their breach exposes several of my email addresses which have led to phishing attacks. At least GDrive is erring on the side of caution per their error message.
Finally, Ive resolved to manually syncing the db file after editing and all I want is a browser integration that asks to save. It turns out that Kee without using KeeVault but using KPrpc which finally has a plugin that works with mono-complete, and has ask-to-save.
So if I've missed any options that fulfil the requirements I've stated, or that does allow syncing to a remote db file automatically on change, please let me know. I see regular KP does have 'triggers' which would start such an action, but if there are no GDrive clients which currently connect, Im at a loss. I did find rclone, which has many cloud config options, and I believe may connect to GDrive, but would need to write a script to integrate them. After all KeePass2Android can connect to GDrive, and it even has an option to only authenticate a connection to a single folder in DBox instead of the whole drive.
Apparently, the following from the other question/answers above are currently unmaintained: Tusk, ChromeIPass, PasslFox.. KeePassHttp may still work, its still in the Chrome Store.
KeePass with KeePassRPC plugin installation is best summed up here: https://askubuntu.com/a/291309/795299 probably derived from here.
sudo apt-add-repository ppa:jtaylor/keepass
sudo apt-get update
sudo apt-get install keepass2 mono-complete
sudo mkdir /usr/lib/keepass2/plugins
sudo apt install curl
sudo apt install jq
curl -s https://api.github.com/repos/kee-org/keepassrpc/releases/latest | jq -r ".assets[] | select(.name | test(\"KeePassRPC.plgx\")) | .browser_download_url" | xargs sudo curl -s -L -o "/usr/lib/keepass2/plugins/KeePassRPC.plgx"
A couple final notes:
- KeeVault trial will interfere with KPrpc temporarily.
- KPrpc asks for a code from a window that should pop up, it took a few tries for me.
- Also, see discussions about increasing the number of iterations from default of 6,000 if you have a short password.
- And a good short summary of using KPrpc: https://www.ghacks.net/2020/01/08/kee-is-a-firefox-and-chrome-extension-that-can-auto-fill-passwords-from-keepass/