>Important to note is that every time a KDBX file is updated, no matter how small the edit was, the entire file gets rewritten.
This seems like an implementation issue rather than a format/spec issue.
wps•1h ago
Because KDBX is a gzipped and encrypted stream, this is actually fundamentally an issue with the spec itself. A client must re-encrypt and compress the file prior to writing because a mere append operation is not possible. SQLite solves this issue by allowing you to write with page level granularity rather than being forced to dump the whole file for a single tiny change!
ycombinatrix•1h ago
I see, thanks. Have you considered moving to Bitwarden?
wps•1h ago
Yes actually, I have personally onboarded several people to BitWarden! (Including manually migrating their accounts, setting passwords and passkeys, etc) However, I dislike the centralization and lack of control. There was a paper discussed within the past couple days on HN about what a malicious BitWarden server was capable of, despite BitWarden's marketing. I believe BitWarden's team responded promptly and appropriately to the research.
VaultWarden is a good compromise (offers the choice of SQLite or Postgres under the hood), putting you in charge of the primary server, but it is honestly overkill for a single personal user compared to a kdbx file on a webdav share.
ycombinatrix•1h ago
This seems like an implementation issue rather than a format/spec issue.
wps•1h ago
ycombinatrix•1h ago
wps•1h ago
VaultWarden is a good compromise (offers the choice of SQLite or Postgres under the hood), putting you in charge of the primary server, but it is honestly overkill for a single personal user compared to a kdbx file on a webdav share.