Introducing Strongbox Sync

Strongbox Sync is our latest feature which just released in version 1.60.0. In short, Strongbox Sync provides easy and reliable cross device sync and sharing for all our users. What’s more, it’s completely free. It is basically our own dedicated cloud that makes it easy to store your database, and have fast, robust and convenient access across all your devices.

Previously we recommended users use iCloud for storing their databases. This was mostly for convenience, almost all users have an Apple iCloud account. Alternatively, if users had a OneDrive or Dropbox account, they might prefer to store their databases there. Over time, we have had some complaints that iCloud was unreliable, often working fine most of the time, but at other times getting out of sync, especially as database file size grew.

Similarly, while our native third-party integrations work well, they require separate sign in and account management. Many users also chose not to use our native integrations for various reasons and opted to use the “Files” method to add their databases. Unfortunately, just like iCloud, the Files method can become problematic. See our section below on what makes these methods problematic.

How do I start with a new database on Strongbox Sync?

It’s easy! Let’s start with a simple brand new database. Follow the instructions below to create your first Strongbox Sync database.

On iOS
  1. Tap the + button in the top right corner and tap New Database.
  2. Choose Strongbox Sync from the list of storage options.
  3. Enter a friendly nickname and a good strong master password and tap Add.
On macOS
  1. Click File > New in the menu bar at the top of your screen.
  2. Choose Strongbox Sync from the list of storage options.
  3. Enter a friendly nickname and a good strong master password and click OK.

How do I transfer my existing database to Strongbox Sync?

Let’s say you’re currently using iCloud. We’ve added a new feature to Strongbox in version 1.60.0 called “Copy To…”. This allows you to copy any current database to a new storage location. We’ll use that to do the transfer:

On iOS
  1. Long Tap (Tap & Hold) on your existing database
  2. Tap Copy To…
  3. Choose Strongbox Sync from the list of storage options.
On macOS
  1. Activate the Databases Manager window (View > Databases Manager or hit Cmd+D).
  2. Right/Alt Click on your existing database.
  3. Tap Copy To…
  4. Choose Strongbox Sync from the list of storage options.

How do I share a database with others using Strongbox Sync?

This is one of the best features of Strongbox Sync. Sharing is built-in and relatively straightforward. We’ve got a full guide on it here.

What’s the issue with iCloud or “Files” based databases?

The simple (but slightly technical) answer here is that we don’t have full end to end control over sync. We can ask the system to save your changes, but it only returns a promise to do so at some point in the unspecified future. Some implementations are better than others, e.g. OneDrive and Google Drive often do a very good job. They keep their promise. Others, not so much sadly.

Ultimately though, there will eventually be a failure somewhere along the way and Strongbox will not be informed about it. Users will assume they’re working with the latest copy on another device, and so divergent copies of your database will arise. Depending on whether you’re using iCloud, or another third party cloud the results can vary from complete loss of one version of your database, to multiple saved versions with different names existing. All the while Strongbox is unaware of these issues because they’re not reported back to it by iCloud or the third party.

As you can imagine this leads to a lot of frustration on the part of our users, and an enormous support load for our staff. Strongbox Sync is a more reliable way to store your database and will become our default recommendation for most non-technical users. We do have full end to end control over the sync process which means it’s solid and doesn’t get out of sync.

It’s also super easy to access. It doesn’t require a separate sign in because it is linked behind the scenes to your Apple account. Under the hood, we use Apple’s CloudKit technology to drive things. Think of Strongbox Sync as an improved version of storing your database on your iCloud Drive.

NB: We can no longer recommend using regular iCloud or a “Files” based method for storing your database. Your mileage may vary but ultimately, you’re always at the mercy of another non-Strongbox process saving/updating and reading your database before Strongbox can handle it. That said there are many good options remaining. Our native third-party integrations, SFTP, WebDAV, Wi-Fi Sync are all good choices. However, Strongbox Sync is probably the most convenient of the lot.

Who is it for?

Strongbox Sync is designed for the average non-technical user who just wants to securely store their passwords and not think too much about the underlying tech. They might want to share a database with their friends, family or colleagues. This can now be done in a very straightforward manner. We recommend Strongbox Sync as the default for users just getting started and exploring Strongbox. The upgrade path to a more advanced sync method like SFTP or WebDAV is straightforward.

Who is it probably not for?

People who need to access their KeePass databases outside of Strongbox. For example, on their Linux or Windows device, or using another app like KeePassXC or KeePass. It is also obviously not for people who do not want their database stored in the cloud. We offer local device database storage for those users, and it will remain one of our core features. Indeed, we offer Strongbox Zero for these advanced power users.

Technical Details

How does it work?

As mentioned above we use Apple’s CloudKit technology behind the scenes. This means we use the same servers that are used for iCloud and iCloud Drive. This is all managed by Apple for us. CloudKit offers a lower-level integration/API than iCloud. This lower-level API allows us to perform reliable sync because we can force the reads and writes to take place immediately. We also get a message back indicating success/failure which isn’t possible with the higher-level files based APIs that only return an indefinite and sadly unreliable promise. CloudKit also offers built in sharing, including some familiar UI components which we’ve integrated into Strongbox with this release.

Where is my database stored?

Your database is stored on Apple’s iCloud servers. The actual physical location of your database will depend on the country of your Apple account, especially if you are based in the EU, and will likely be backed up in several different geographical locations. This is an implementation detail and decision made by Apple alone and Strongbox does not have any input into the process.

How is my database stored?

Your database will be stored in its default file format. This will be KeePass KDBX4.x for most users, though we also support Password Safe and some earlier KeePass file formats too. The database is always encrypted over the network and in storage at Apple. The only place your database is decrypted is on device for use there.

Does this count towards my iCloud Storage Limit?

Yes, Strongbox databases stored using Strongbox Sync will be counted towards your Apple account iCloud storage quota. Strongbox databases are typically small, often less than the size of a single photo. So, this hopefully won’t be a limiting factor.

What are the terms of service for this storage?

The terms of service are the standard Apple iCloud TOS available here: https://www.apple.com/legal/internet-services/icloud

What about database metadata?

We store some simple metadata (nickname, modification timestamp) and this is also encrypted. This encryption is managed by Apple CloudKit and connected with your Apple account. From Apple’s documentation:

CloudKit encrypts the fields’ values on-device before saving them to iCloud, and decrypts the values only after fetching them from the server. When you enable Advanced Data Protection, the encryption keys are available exclusively to the record’s owner and, if the user shares the record, that share’s participants.

https://developer.apple.com/documentation/cloudkit/ckrecord/3746821-encryptedvalues

Is this covered or protected by Apple’s Advanced Data Protection program?

Yes. Because we use CloudKit’s encryptedValues feature and store your database as an asset, it has the same protection as that offered by Apple’s Advanced Data Protection program. You can read more about this below:

What domain do these network servers does this use?

This may vary and is an Apple CloudKit implementation detail. However, in our testing the domains used are:

  • icloud-content.com
  • icloud.com

Apple are believed to be using Google Cloud to run some parts of their iCloud subsystem, though again this is only an implementation detail and is subject to change. It is rumoured that Apple have themselves engineered this subsystem so that it can easily be moved to another cloud storage provider.