Por que você não lê o manual Keepass e se decide?
Proteção da memória de processo
While KeePass is running, sensitive data (like the hash of the master key and entry passwords) is stored encrypted in process memory.
This means that even if you would dump the KeePass process memory to disk, you couldn't find the passwords.
For example, when you are copying a password to the clipboard, KeePass first decrypts the password field, copies it to the clipboard and immediately re-encrypts it using the random key.
Additionally, KeePass erases all security-critical memory when it's not needed anymore, i.e. it overwrites these memory areas before releasing them (this applies to all security-critical memory, not only the password fields).
KeePass ≥ 1.15 and 2.x use the Windows DPAPI for in-memory encrypting the sensitive data. With DPAPI, the key for in-memory encryption is stored in a secure, non-swappable memory area managed by Windows. If DPAPI is not available or disabled (advanced KeePass options, by default using DPAPI is enabled), KeePass uses the ARC4 encryption algorithm with a random key. Note that this is less secure than DPAPI, mainly not because ARC4 cryptographically isn't that strong, but because the key for in-memory encryption is also stored in swappable process memory.