Word – Is using Git to revision KeePass database file possible

gitkeepasspassword-management

I'm wondering if it is possible, or indeed a good/bad idea to use Git (or Mercurial) to revision the KeePass database file and share it between my co-workers, for centralized (but distributed) password management. The repo would be on our internal network drive and then each employee would be able to open the file using a shared master password and add new passwords to it.

Anybody have experience with this? What is a good practice for using KeePass for centralized password management at the workplace, without the risk of "accidental" password removal yet still allowing everyone to add new passwords and access the existing passwords?

Best Answer

Using a revision control system will probably work fine, until two users try to concurrently edit the file. git will have no idea how to merge the conflicts, so you'll be reduced to picking just one which is messy.

However, keepass keeps some internal revision history in the kdbx file, and it has support for synchronising changes with another (possibly divergent) copy of the file (look under the File menu -> Synchronize -> Synchronize with File/URL). I've used this quite successfully in the past to synchronise copies of a password database between multiple machines, and it works quite well.

Perhaps the ultimate solution would be to keep the file in git, and invoke keepass's synchroniser as a git mergetool to resolve conflicts. This page mentions some scripting support for invoking synchronisation, so it may indeed be possible to do this.