It depends on your threat model and goals.  You could have KeePass original with other info.  Another possibility is VeraCrypt for both.  Or 2nd device.  Or virtual machine w keepass outside it.