# KDBX Security Compatibility KeePassGO supports the following KDBX security workflows today: - open and save password-only vaults - open and save key-file-only vaults - open and save composite password-plus-key-file vaults - select the active master-key mode in the product UI for create, open, and unlock flows - change an existing session to a new master-key mode before saving - preserve the original opened vault's KDBX format version during save - preserve the original opened vault's cipher selection during save - preserve the original opened vault's KDF selection during save What "preserve" means: - if a vault is opened through a managed session and then saved, KeePassGO reuses the opened vault's KDBX header configuration instead of replacing it with default header settings - this applies to local and WebDAV-backed vault sessions Current explicit limitations: - KeePassGO does not yet provide a UI for editing cipher or KDF parameters directly - new vault creation still uses the library default KDBX header settings for freshly created databases - unsupported or unknown header fields outside the preserved header structures are not guaranteed to round-trip if they are not represented by the underlying library Practical expectation: - existing KeePass/KeePass2Android-compatible vaults keep their major format, cipher, and KDF family when edited and saved through KeePassGO - KeePassGO does not yet try to be a full advanced database-settings editor