Self hosted syncthing relay with keepass, how secure is it?
I already have my keepassxc and syncthing setup on my phone and computers and it's great, I'd like to go a step further and have my password database sync when I'm not on my home network. From my understanding I can use relays set up by other users and they are encrypted, but if I do not trust syncing personal (encrypted) data to someone else's server how easy is it to set up a relay that only I use? I won't be using Bitwarden because in theory if I can pull this off I can also use syncthing to sync other files as well. Is setting up a personal relay a lot of work or a potential security risk for my home network?
So you do not trust the syncthing encryption when it goes through someones server but when it goes through someones (your ISP and the ISP of the end device) router/server?
I am not really understanding the thread model here.
Syncthing is p2p. The servers only see your devices IP addresses and let them connect to share data themselves. That's why it's a relay. But AFAIK files only goes from, and to, your syncthing clients; without passing through the relays. At most, the relay may see some metadata as filenames. I have been syncing passwords like this since long ago. Never jumped to Bitwarden because I didn't had the need... May do so anyway because of OTP and Passkeys..
Oh, and the syncthing encryption that you may enable for the folders is for these devices/ clients. This may be useful is you were to use a third part machine, like a VPS, as a 24/ 7 node for your files. That's different from a relay, may be desirable if you want to sync ASAP and avoid conflicts. In any case, conflicts are rare.. you would need to open the DB and add entries at the same time, or some quirky scenario...