-
-
Notifications
You must be signed in to change notification settings - Fork 308
File Manager and Sync
The KeePassDX app uses your device's external file managers and the storage access framework connection capabilities of these third-party app to edit database files.
You should see KeePassDX as a file editor and not a file manager. Links in the list of recent databases are only quick references to access historic links provides by the external file manager used to open your database file.
KeePassDX communicates with a separate file manager, or cloud clients that can be online or offline, the goal is to encapsulate the components, in the philosophy of Open Source software with the best security possible.
Important note: in many cloud applications, you have to select your database files from the desired cloud application and not from KeePassDX because intent actions are not managed by these third-party applications.
In order to have the most complete visibility of the file services that work with KeePass, you can leave comments to indicate whether your file manager or your cloud client is fully working or not.
| File manager / cloud client app | Works | Intent action | Pros | Cons | Officially tested |
|---|---|---|---|---|---|
| File (default app) | Fully | Open - Create | Integrated by default with multiple Android systems (Lineage OS, AOSP, ...) | - | Yes |
| Material Files | Partially (only open action) | Open | Open source, connection to an FTP server | Does not integrate other cloud applications | Yes |
| RCX | Partially. Works from the application itself | No | Easy to use, connections to a large amount of remote services (Clouds, HTTP, FTP, SFTP, WebDAV). Opened source code | Contains proprietary APIs | No |
| Mixplorer | May lose the URI connection to the database file, in which case it must be reselected from MixPlorer app. | Open - Create | Easy to use, connections to a large amount of protocols and almost all cloud storage (Clouds, SAMBA, FTP, SFTP, WebDAV) | Closed source code, may prevent save depending on source | No |
| NextCloud | Yes if integrated with de default File app | ? | Open source | More difficult to set up for a private server | No |
| OwnCloud | - | ? | Open source | More difficult to set up for a private server | No |
| Google Drive | Partially if integrated with default File app. Data loss can happen when file is updated from somewhere else. In the case of a persistent or non-updating database, it is necessary to clear the Google Drive app. | No | Easy to use | Closed source code, proprietary license | No |
| Dropbox | Succinctly, read and write with Android 10, only read with Android 8 (stops the file stream). Not integrated. Breaks the file link systematically (issue). Can prevent file writing with read only mode. | No | - | Closed source code, proprietary license | Yes 194.2.4 |
| OneDrive | URIs appear to be reassigned to other files once revoked. This results in an attempt to open files that are not databases. Seems to delete data if the state of OneDrive is not correct. | ? | - | Closed source code, proprietary license | No |
| PCloud | Does not allow save of the database file, integrated with default File app | No | - | Closed source code, proprietary license | Yes (2.13.1) |
| Samsung "My Files" | Breaks the file link after a file modification | ? | - | Closed source code, proprietary license | No |
| CX Explorer | Does not automatically recognize mime type ("Other" must be selected) | No | Allows connection to common clouds and protocols (FTP, SFTP, WebDAV) | Closed source code, proprietary license | Yes (1.4.6) |
The creation of a file manager fully compatible with open protocols and cloud clients is under study. Feel free to mention tools that would facilitate its construction, or file managers that keep KeePass links.
In addition to file managers, there are applications that synchronize files on a continuous basis. This allows you to retrieve and send files transparently in the background when a file is updated. Very useful if your file manager does not have this feature.
| Sync app | Pros | Cons | Officially tested |
|---|---|---|---|
| Syncthing | Widely used open source application that allows decentralized synchronization. Tutorial : https://peterbabic.dev/blog/sync-keepass-passwords-between-computer-phone/ | - | No |
It is not planned to integrate the cloud APIs directly in KeePassDX, because it would be necessary to integrate each client one-by-one (incidentally this could cause security breaches and is not necessarily compatible with the libre licensed code-base).
KeePassDX uses the storage access framework of your file manager and its content provider provides a URI that is represented by the displayed Path. The direct file tree will not be accessible to KeePassDX for security reasons. This mode of operation allows interoperability with all properly designed file managers, without using write permissions.
To compare: it's like looking at a website, you have a URL that displays a page and you can only access the files on the page through that URL, you don't see the file tree on the server. Here it is the same with URIs, and the advantage is that the file manager can be a gateway to retrieve the database file with any protocol (WebDav, FTP, direct path, whatever..)
Unfortunately, several file managers offer links with a limited duration or with break conditions. In this case, the link can be broken and KeePassDX shows the error Access to the file revoked by the file manager or Could not find file. Try reopening it from you file browser. You must therefore reselect the database file from your file manager. (You can ask the developers of your file manager app to modify this behavior.)
If the link is broken, re-open the file manager first, then select the .kdbx file from it. KeePassDX will then launch automatically with the right configuration.
File managers content providers must be compatible with the standard intents ACTION_OPEN_DOCUMENT, ACTION_CREATE_DOCUMENT and keep the links active with the flag FLAG_GRANT_PERSISTABLE_URI_PERMISSION to be fully functional. These methods are standardized and provided in the official documentation of Android, so it is not the fault of KeePassDX if your preferred file manager does not use these methods.
When using Storage Access Framework, write permissions are no longer required. But beware of the links provided, if you select your file from the list of recent files, the file may be read-only because several file managers ignore the file write request implicitly defined in the intent (flag FLAG_GRANT_WRITE_URI_PERMISSION) or the link is simply break. Note that opening a .kdb or .kdbx file from the KeePassDX "Open" button offers a better chance of keeping an active link (because it adds appropriate flags)
Write permissions are only used for file managers that use the ACTION_GET_CONTENT intent in order to maintain compatibility with managers who cannot use the standard method. Write permissions in KeePass are therefore not normally necessary if the manager has been created correctly.
By making a simple click on the OPEN EXISTING DATABASE button, you make a request for an ACTION_OPEN_DOCUMENT intent.
By making a long click on the OPEN EXISTING DATABASE button, you are requesting an ACTION_GET_CONTENT intent.
Native synchronization of KeePass files makes it possible to update the data of the same file opened and modified from two places at the same time. Unfortunately, this functionality is not yet implemented because it requires an in-depth study on the recording of concurrent data (but is planned). It is therefore recommended, at the moment, to reload the database with the specified button if an external modification to the file has been made.