Thanks for all the comments. Currently I use KeepassXD/DX + Syncthing.
I hash my password with fingerprint on Android, keep a seperate database containing that one in another place for backup. Maybe thats stupid, but I cant type on a phone.
On Linux I use KWallet, store the Keepass password there, and have a shortcut fetching that password and inserting it into the Keepass wallet using KeepassXC. Works with one click too.
Problems
- all entries are either locked or unlocked
- to have autofill working, the app cant be killed (Android)
- also, all passwords need to be decrypted for it to work
I dont see that this is the best solution. Decrypted, maybe hashed metadata possible to detect autofill fields, and then selectively unlock the needed credentials, would be better.
On Android, I’d recommend looking into Keepass2Android. I don’t necessarily guarantee that it’ll solve your issues, but it has lots of options and is fully compatible. At the very least, it always offer autofill for me, even when locked and there’s various methods of Quick-Unlock.
As for your general problem of having all entries unlocked, that’s just a necessary trait of local password managers. I don’t really see it as a problem though, since I don’t really see a situation where an attacker would only have access to my unlocked passwords, but not also my master password, rendering selective unlocking of entries pointless anyway.
I’d also consider getting a hardware key (YubiKey) and use that in combination with a short password for your password. Both KeePassXC and Keepass2Android support them. More secure and much more comfortable than your current solution.