Best way to share certain passwords stored in Keepass?

What's the best way to share certain passwords that are stored in a Keepass database?

For example, I want to share certain Banking Passwords with a family member, but I don't want to share my work passwords (or my personal Keepass database password)


Solution 1:

I usually just create different database files and share them with a Dropbox link, having two different files with two different random keys. I'm using version 2.09.

I have a "personal.kdbx" database that has all my personal stuff and a "company-name.kdbx". I usually use the "key file" option to open the databases since it's easier to the people I share with to copy it to an old USB drive and say "this drive is needed to open the passwords in the file, DO NOT lose this flash drive".

I don't know if this approach is a good one to your scenario, I think you're looking for some kind of "groups permissions" in a single *.kdbx file. I don't think this is possible. I haven't seen this option on the KeePass website or in the documentation.

Solution 2:

I work voluntarily on various IT related projects, where we are groups of people that share passwords, and the different groups all share their own KeePass databases via Dropbox. All users are then required to have a personal KeePass database wherein the key to the shared databases are stored. This allows us to have a very secure password on our shared databases, but also requires that the different users also use secure passwords for their private databases.

This process is then simplified further by this neat "trick" I found on the KeePass forum (slightly modified/improved):

  1. Create an entry in your personal database with the Password for the shared database
  2. On the advanced tab create a field named DbPath and with the value of where the shared database is located.
  3. Set the Url value to: cmd://"{APPDIR}\KeePass.exe" "{s:DbPath}" -pw-enc:{PASSWORD_ENC}
  4. Now, when you want to open the shared database, mark the entry and press CTRL + U.

Hope you find this approach as useful as I did. :)

UPDATE

I do not know your reasoning behind choosing KeePass (I personally prefer it), but it sounds like your needs could be better met using LastPass that has sharing features built in.