Concerns about storing KeePass database on corporate OneDrive with AuthPass

Dear AuthPass Community,

I am contemplating the integration of AuthPass for managing passwords within my organization, specifically using a KeePass database stored on our corporate OneDrive as the centralized repository. While AuthPass seems to offer the functionalities we require, I have some privacy and security concerns that I would like to address before proceeding with this setup.

  1. Database Access and Isolation: When AuthPass accesses the KeePass database stored on OneDrive, does it only interact with the specific database file, or does it have broader access to other files and folders within the same OneDrive account? My primary concern is to ensure that AuthPass strictly accesses only the KeePass database file and does not have the capability to interact with or modify other files within our corporate OneDrive.

  2. Authorization and Authentication: How does AuthPass handle authentication with OneDrive? I am interested in understanding the scope of permissions granted to AuthPass when it connects to OneDrive. Specifically, are the permissions limited solely to the KeePass database file, or are broader file access permissions required?

  3. Data Encryption and Security: While I am aware that the KeePass database itself is encrypted, I am curious about the security measures AuthPass employs when interacting with the database file on OneDrive. How does AuthPass ensure that the database’s integrity and confidentiality are maintained during synchronization and access?

  4. Potential Risks: If a security breach were to occur, what potential risks should we be aware of regarding the KeePass database and other files within the OneDrive account? Additionally, how does AuthPass mitigate such risks?

  5. Best Practices: Are there recommended best practices for configuring AuthPass with OneDrive to enhance security and privacy, particularly in a corporate setting?

I appreciate any insights or experiences you can share regarding these concerns. Our objective is to utilize AuthPass effectively while ensuring our data remains secure and private.

Thank you for your assistance.

Best regards,
Marcus Karlsson