keepassxreboot
Use KeeShare w/ keyfile or Yubikey
We have no intention of adding this capability. We recommend using a very long password. The effect is the same.
Althouh I guess one could argue that a long password and a second (hardware) factor like a Yubikey are not the same thing in every situation, I see why this is not in scope as of now.
Thank you for your response!
"We recommend using a very long password." That you then need to write it done somewhere and put in every time.... Totally defeats the purpose of being safe. That exactly is the usecase of the Yubikey.
"We recommend using a very long password." On a technical sight this might be correct. But the most critical reason in it-security is the human factor and a "very long password" makes this factor even more attackable. Although it is not practicable beacause every staff member has to use insert this "very long password" every day without using a passwordmanger, because this passwords unlocks the passwordmanager...
You need to understand the context of the question... this password is stored inside the database in a group setting called keeshare. It is not used to unlock the database from the main window (which you can do as well if you want).
https://keepassxc.org/docs/KeePassXC_UserGuide.html#_database_sharing_with_keeshare
KeeShare is used to share a group of logins from within my database to a second (child) database. At the moment I have to manage one database in keepassxc for every employer. So I have MANY open databases, And I have to open one after the next. Every Employer uses a yubikey and a password (two factors). If i loose this second factor for all staff menbers / databases it will be less secure. giving everyone a "very long password" is not the same level of security, because the staff members will write these passwords on paper to remember.
You need to use AutoOpen then... https://keepassxc.org/docs/KeePassXC_UserGuide.html#_automatic_database_opening
This is all extremely moot anyway, if you have the credentials to unlock a database then you can remove all protection and save as a new database anyway. You can give employees all the key files and yubikeys you want, but keepass databases are local and can be duplicated without those key files and yuibkeys in seconds. If you are doing enterprise account management then KeePass is definitely not the right option.
@droidmonkey Sorry, but I cannot understand the reasoning. In case of KeeShare "Export" there should not be a problem, because I can create the shared database without keyfile. In case of "Import" there is a incompatibility from KeePassXC to hisself.
In my case I do not Import from second share database, I import from original database to keep the groups and sub-groups. This isn't possible in case that my source database is locked by keyfile.
If the feature #11593 will coming soon and groups and sub-groups are supported for KeeShare "Export", then I expect a workaround could be to create a shared database without keyfile over KeeShare "Export" in source database and import the shared database into destination database (with very long password, without keyfile).
A keeshare database is meant to be between two other databases. Keeshare was not designed to be a database aggregation tool like you are seeking to use it for to overcome the lack of global search.
With that said, I have been planning a complete rewrite of keeshare for some time and introduce the use of key files that are embedded into the share settings.