Following up from keepass-rs#355.
Currently, this project works by unlocking the underlying KDBX database to list entries and TOTP secrets, then discards the unlocked database, keeping only the parsed-out data. This means that for every modified, added or deleted entry, the database needs to be loaded, modified, and then saved again, leading to unnecessary rounds of key derivation and database parsing. Modifying the data directly on the database objects and then just triggering another save would be faster.
Keeping the unlocked database around should be just as secure as keeping decrypted entries around.
Following up from keepass-rs#355.
Currently, this project works by unlocking the underlying KDBX database to list entries and TOTP secrets, then discards the unlocked database, keeping only the parsed-out data. This means that for every modified, added or deleted entry, the database needs to be loaded, modified, and then saved again, leading to unnecessary rounds of key derivation and database parsing. Modifying the data directly on the database objects and then just triggering another save would be faster.
Keeping the unlocked database around should be just as secure as keeping decrypted entries around.