K
- Category
- Passwords · Self-host
- Cost
- Free
- Country
- community
- Licensing
- FOSS
- Platforms
- Linux · macOS · Windows
# PROS AND CONS
+ what works
- +Fully local, no cloud account, no telemetry
- +GPLv3, source open and reviewed; ANSSI first-level security certification
- +Strong crypto (AES-256 or Twofish, Argon2 KDF) with optional YubiKey HMAC-SHA1 challenge-response and key files
- +Browser extension, CLI, TOTP generator, and passkey support all built in
- +Standard .kdbx format works with KeePass2Android, KeePassDX, Strongbox, KeePassium
− watch out for
- −No native mobile app; mobile access requires third-party apps with their own trust model
- −Sync is the user's problem and a common source of conflicts or data loss if mishandled
- −No built-in shared vaults for teams; collaboration means sharing a file
- −Desktop-only UI assumes a user comfortable managing a file and its backups
- −No password recovery: lose the master password or key file and the vault is gone
# PRIVACY NOTES
KeePassXC is local-first software with no server, no account, and no telemetry. The vault is a single encrypted .kdbx file on disk, protected by a master password and optionally a key file or hardware token. Sync between devices is the user's responsibility: drop the file in Syncthing, Nextcloud, Dropbox, or copy it manually. Because the project is community-run with no central company, there is no vendor that can be subpoenaed or breached on your behalf.
# REPLACES
icloud-keychain
# TAGS
#foss · #local-first · #gplv3 · #kdbx · #yubikey
# DOES THIS WORK FOR YOU
# NOTES FROM PEOPLE WHO TRIED IT
Comments (0)
No comments yet. Be the first.