DEV Community

Cover image for The best password manager on Linux?

The best password manager on Linux?

Rob OLeary on July 11, 2022

KeePass was my first choice password manager, but as time went by, I noticed that it has some persistent issues. Its time to look for a replacement...
Collapse
 
moopet profile image
Ben Sinclair

I've been happily using Bitwarden for this for a few years now. It has a decent comman-line client and is also free software, but it uses cloud sync rather than the DIY approach Keepass likes. But they're both good :)

Collapse
 
robole profile image
Rob OLeary • Edited

Thanks for sharing Ben. When do you find yourself using the CLI client?

I was aware of BitWarden from years ago and it sounds solid now. When I browsed their website recently, I doubted it was the same thing! The first impression is that it is a business cloud product. The fact that it is something you can use locally and is free for personal use gets lost.

Collapse
 
moopet profile image
Ben Sinclair

I pretty much don't use the CLI client, I'm just aware that it works because I've used it a couple of times. On a desktop I always have a browser open to copy something from and on a mobile device I don't have a CLI anyway.

Usually I'm a big fan of using the command line over GUIs, but with password management... I don't, for some reason!

Thread Thread
 
robole profile image
Rob OLeary • Edited

I guess since typically a browser is a desktop app, using a browser extension is more practical. It can be handy to have the CLI occasionally too.

You could use a CLI web browser along with a CLI password manager. I don't know if itd be practical, but Im sure there is someone out there doing it!

Collapse
 
codewithcaen profile image
CodeWithCaen

I love Bitwarden! You can self host it too

Collapse
 
neorejalist profile image
Jeroen

Checkout vaultwarden, a bitwarden remake in rust. Run it on an rpi and only sync passwords locally, or open a port to the berry. I have it running in docker behind a ssl-proxy.

Collapse
 
robole profile image
Rob OLeary • Edited

Sounds interesting! There are so many cool private infrastructure projects you can do with a raspberry pi. I would fear that I would turn my bedroom into a micro-server farm as these can be fun projects!

Collapse
 
pontusk profile image
Pontus Karlsson • Edited

I moved away from KeePassXD to Pass, the standard Unix password store. Downside is the setup is more complex and I couldn't get it to work on Windows. Upside is passwords are stored in plain text files encrypted with standard gpg and synced with git so its maximally portable and future proof. It's more hackable (in the sense that you can easily extend functionality, like using fzf to enhance search, not that it's easier to break). It's on the command line. I really like not having to keep a separate app open since I mostly work in a terminal window. It has a lot of ui programs as well including phone apps and browser extensions.

Collapse
 
alexwinder profile image
Alex Winder

I'm a big fan of Keepass and have been using it for the last 10 years. I move around my environment as well between Windows and Linux and the switching between Keepass and KeepassXC is seamless - I actually prefer KeepassXC though as it is generally much more user friendly.

Collapse
 
tiguchi profile image
Thomas Werner

KeepassXC also has been my password manager of choice for the past few years. I store my wallet on a network attached storage device and I can easily share the same passwords between all my computers without a problem (Linux, Mac OS and Windows). My most favorite feature is OTP. Super convenient to use. Just copy & paste the code from KeepassXC. No fumbling around with a mobile phone app.

My only issue is with the browser extensions. It's been a bit of a hit and miss for me over the years. Sometimes it works great, but most of the time it doesn't, so I intuitively resort to just opening the main app, search the record there and copy and paste 🤷‍♂️

Collapse
 
robole profile image
Rob OLeary • Edited

The browser extensions for password managers seem to be tricky to get right. I am set-up on Brave and Firefox with KeePassXC now, and so far, so good. Hopefully, it will continue on this way.

Collapse
 
amir2mi profile image
Amir M. Mohamadi

Firefox itself has a great password manager that will be synced with your Firefox account and I'm using it all these years.

Collapse
 
goodevilgenius profile image
Dan Jones

To go along with KeePassXC, KeePassDX on Android works really well.

Collapse
 
robole profile image
Rob OLeary

man struggling to think of password, removes brain and shakes on table, and all passwords drop out, and he passes them into the computr

Collapse
 
haydenmcp profile image
Hayden McParlane

Is there some way to secure password manager communication with plugins? The idea of sending passwords from plugin to plugin seems a bit freaky to me but I'm probably just ignorant of the solutions used.

Collapse
 
robole profile image
Rob OLeary • Edited

In the case of KeepassXC, you do not need plugins. All of the functionality is contained in the core application.

If you want to use a browser extension to autofill fields in the browser, these are made by the core team also. So they should be trustworthy and secure. In any case nothing is sent over a network. The transfer of a password from the database to the browser is done on your local machine.

If you have doubts, then you can skip using the extensions. You can research it further and inspect the code if you want to have confidence using it.

Collapse
 
haydenmcp profile image
Hayden McParlane

Thanks for the great info. I'd be more worried about using multiple third-party sources for plugins. The more you rely on different people the more likely you are to introduce malicious actors. It sounds like KeepassXC would be worth looking into.

Collapse
 
webbureaucrat profile image
webbureaucrat

Bitwarden is not proprietary. It uses GPL. Please revise.

Collapse
 
robole profile image
Rob OLeary

Sure. Done! 🙂