How I Created My Own Synced Password Manager from Scratch

If you use a password manager, it’s likely because you depend on an online service that monitors and saves all your passwords for you. This convenience comes at a cost, yet you can maintain your passwords offline while ensuring they stay synchronized between different gadgets.

The key point is that I utilize a personal network to synchronize my passwords—it’s accessible solely within my household. No one external can access this network, including me when I am out of the house. This setup suits me well since I operate remotely and seldom go on trips; thus, I hardly ever have to update or input new login details when I’m off my home network.

Why Go Through The Trouble Of Synchronizing Your Passwords Manually?

To be clear, the primary reason I do this is because I enjoy being in control of my digital existence. By keeping my passwords off the cloud, I avoid depending on any external organizations to manage my passwords for me. Just consider the consequences of the 2022 LastPass data leak to understand what kind of disasters I'm trying to avoid.

That's not to say other cloud-based password managers aren't worth your time. In fact, if you aren't tech-savvy, I'd recommend using one of those. I enjoy building my own systems, though. So if I can take full control of my passwords—a linchpin of cybersecurity—I will do that.

It also just made sense if you go through the process of setting up your own cloud storage. I'll explain that more later, but if you're able to roll your own private cloud storage, you might as well take full advantage of it.

I Start With an Offline Password Manager

The password manager that I utilize is the freely available and open-source KeePassXC , setting itself apart from competitors by functioning completely offline. It boasts a fairly basic range of features, with most not requiring an internet connection to operate.

In contrast, most of the popular password managers you know are cloud-based. Your stored passwords are kept and synced via a remote server you connect to when you log in.

KeePassXC stores everything in a vault, a KDBX file, that you keep on your local device. If you want to access the same vault of passwords on another computer, tablet, or phone, you need to manually move that file to that device.

You can utilize alternatives such as the original KeePass , however, I specifically utilize KeePassXC to access my vault since it works across different platforms. I operate with both Windows and Linux systems, and KeePass does not have support for Linux. For Android, I use KeePassDX , and there are also applications compatible with KeePass available for iPhones should you require them.

The issue arises due to the lack of an integrated synchronization feature, which often leads to having several vaults containing varying or contradictory password sets. Whenever modifications are made to one instance of the vault, they must be manually copied across to ensure accessibility elsewhere as well. This is precisely where Nextcloud becomes useful.

I Run My Own Cloud Storage Service

I have a Raspberry Pi that I established to run an instance of Nextcloud "at home." If you're unfamiliar with it, Nextcloud is a self-hostable cloud storage solution akin to Google Drive.

To help you out, I suggest opting for the standard Raspberry Pi OS or perhaps something else. An alternative operating system for Raspberry Pi such as DietPi and setting up Nextcloud via Docker. I decided to obtain my instance this way. NextcloudPi , and I wish I hadn’t. Throughout the years, I’ve encountered numerous technical problems with my Nextcloud setup. These issues would likely have been simpler to resolve or even prevented entirely if I had opted for installing Nextcloud via Docker instead. Take heed of my errors.

I haven’t made my Nextcloud publicly accessible on the wider internet, despite knowing more about cybersecurity and privacy concerns over time. The potential dangers aren’t worth it for me when keeping it within my local network meets my requirements perfectly. To me, the ease of having an externally connected Nextcloud isn’t worth the associated risks.

Hardware You'll Need

If you plan to undertake this, you will require some specialized equipment. It's a project perfectly suited for a Raspberry Pi kit Or a comparable SBC (single board computer). This approach is also an excellent choice. repurpose an old laptop Or utilize a mini PC for your needs. Although a laptop may occupy more space compared to alternative choices, it offers the advantage of an integrated monitor and keyboard.

No matter what you decide, I suggest connecting through it. an Ethernet cable Relying on Wi-Fi to maintain your cloud services leads to significant delays, which can hinder performance and cause slowdowns.

I Sync Across Devices

On every device I set up for myself, the first thing I install is the Nextcloud client app. I log in to my Nextcloud account, sync my KDBX file, and with KeePassXC or KeePassDX I immediately have access to all my passwords. If I make any changes to the KDBX file, it's immediately synced across all devices connected to my Nextcloud server.

Since Nextcloud is a full file hosting service, I can keep a ton of other important files in sync this way. If I have a file I know I'll be using a lot no matter what device I'm on, I'll drop it in the "Universal" folder in Nextcloud, and I'll have it wherever I need my password vault too.

Occasionally, I'll have a device where I need just a few passwords, but I don't want my entire collection on it. An example would be a laptop for work. In that case, I can just make copy of my vault, delete all but the accounts I need for that device, and sync only that vault to it.

The System Is Far from Perfect

Certainly, my system isn't without its constraints. Not having my Nextcloud accessible externally sometimes restricts me. When I have to update or modify passwords and these adjustments aren’t instantly reflected in my KDBX file via sync, it becomes somewhat inconvenient. However, since these files serve solely my personal use, this issue seldom arises. Configuring a personal VPN at home This might resolve the issue, but I haven't reached that stage in my home lab adventures yet.

Frustratingly, the KeePassDX app on my mobile device occasionally takes about a minute to load the vault when I am off my home network. I haven’t figured out the reason yet, but I plan to make some adjustments to my configuration to address this problem.

There Are Alternative Methods for Achieving This

On that note, this isn't the only way to self-host a synced password manager. Bitwarden is open source and has a how-to for setting up your personal Bitwarden server I've been testing DietPi on one of my Pis lately, and I observed that it provides a pre-configured option. Vaultwarden server , so I may decide to experiment with that instead. Both of these configurations would remove the necessity for using Nextcloud.

Of course, you could keep a KDBX vault synced using Google Drive or OneDrive as well. At that point, though, you're again relying on a third-party to keep your vault from falling into the wrong hands.

Another option that I've seen folks using alongside KeePassXC is Syncthing It is not cloud storage; instead, it serves as a basic file-syncing tool designed to operate across your various devices. Due to its straightforward nature, this could be a more suitable choice if comprehensive self-hosted cloud storage doesn’t seem necessary to you.

No matter what you decide to do, ensure you select a powerful main password Don’t forget to adhere to the guidelines. sound cybersecurity practices and verify that you’re refraining from easily cracked passwords .

Share this post