Keepass databases 1.x/2.x management utility to synchronize them accross ssh servers and phones
This project is configured for setuptools
The script can be dissected in three parts :
- Fetching the database files
- Merging them together
- Sending them back, (and sending a backup archive of the fetched databases)
- The first step fetches required databases from ssh servers, localhost and
soon phone. Each configured server suitable for ssh should have its
keepass databases in
~/.local/share/passwords. The way the script knows which databases to merge together is by their name, databases files of the same name accross ssh servers, localhost and phone will be merged together. To illustrate that, let's imagine that you have 2 ssh servers, A, B and C :
user@A :
~/.local/share/passwords/DB1.kdbx
~/.local/share/passwords/MyDB.kdbx
user@B :
~/.local/share/passwords/DB1.kdbx
~/.local/share/passwords/FamilyDB.kdbx
user@C :
~/.local/share/passwords/MyDB.kdbx
~/.local/share/passwords/FamilyDB.kdbx
In this case the merging step described below will :
merge user@A:~/.local/share/passwords/DB1.kdbx
+
user@B:~/.local/share/passwords/DB1.kdbx
merge user@A:~/.local/share/passwords/MyDB.kdbx
+
user@C:~/.local/share/passwords/MyDB.kdbx
and merge user@B:~/.local/share/passwords/FamilyDB.kdbx
+
user@C:~/.local/share/passwords/FamilyDB.kdbx
-
The merging step uses merge-keepass to merge the databases together. This updates/adds new groups, new entries and new fields. Unfortunatly, due to a bug in pykeepass, it cannot merge attachments. To merge, a password per database will be needed : in the case study above, you will be prompted for 3 passwords. The merging process can ignore errors and continue if not all databases are corrupted. But you should probably restore those corrupted database before synching because their modifications won't be merged.
-
The last step sends back the merged databases and an archive containing all the fetched databases to ssh servers, localhost and phone. Only the databases that merged successfully will be sent back. The archive tarball is named following this format :
"backup_YY-MM-DD %H:%M:%S.<microseconds>.tar.xz"You have probably recognized the default python string format for datetime objects. This archive is copied to location~/.local/share/passwords/history_backupof all servers and localhost.
$ sync_database
Copy and edit this to ~/.config/sync-database.conf :
{
"adb_pull_command": {
"args": "-R {source} {dest}",
"command": "adb-sync"
},
"adb_push_command": {
"args": "{source} {dest}",
"command": "adb-sync"
},
"hosts": {
"213.119.171.157": {
"port": 22,
"user": "myuser"
},
"MY-LAPTOP": {
"port": 22,
"user": "mylaptopuser"
}
},
"backup_history_directory": "~/.local/share/passwords/history_backup",
"passwords_directory": "~/.local/share/passwords",
"phone_backup_history_directory": "/storage/sdcard1/passwords/history_backup",
"phone_passwords_directory": "/storage/sdcard1/passwords"
}adb_pull_command.args: argument format string to pass to adb_pull_command.command command.
{source} and {dest} corresponds respectively to the remote file that will be pulled, and the destination file/folder where it will be stored locally.
I use adb-sync, but most of you would like to configure this with the adb binary from android-platform-tools like this :
"adb_pull_command": {
"args": "pull {source} {dest}",
"command": "adb"
},
"adb_push_command": {
"args": "push {source} {dest}",
"command": "adb"
},hosts.<destination>: IP or hostname of the host. The same as for the ping or ssh commands' argument.
hosts.<destination>.port: The ssh port that will be used when connecting to this host.
hosts.<destination>.user: The ssh user that will be used when connecting to this host.
backup_history_directory: Directory where the backup files will be stored. (~ is supported)
passwords_directory: Directory where are located the Keepass database files in every host (~ is supported)
phone_backup_history_directory: Same as backup_history_directory but on your phone. (doesn't support ~)
phone_passwords_directory: Same as passwords_directory. (doesn't support ~)
The backup_history_directory directory is never cleaned up (it's a backup), and is filled up in every hosts (for redundancy) on every call to sync_database. Same goes to phone_backup_history_directory. Each backup file in this folder is a dated XZ compressed file that contains the Keepass databases of all the hosts+phone that could be fetched when sync_database was run. Normally, this shouldn't take a lot of space, mine uses about 3 Mio of space with 2 hosts and a phone after 51 calls to sync_database (4 syncs per month for 1 year). But that obviously does depend on the size of your database files, on the the number of hosts you sync and on how frequently you sync your databases.
- parallel-ssh
- merge-keepass
- click
This is just a little project, but feel free to fork, change, extend or correct the code.
sync-database is delivered as it is under the well known MIT License
References that helped