KeePass is an encrypted password database format. It is an alternative to online password managers and is supported on all major platforms.
There are two versions of the format: KeePass 1.x (Classic) and KeePass 2.x
There are three major implementations of KeePass, which are all available in the official repositories:
- KeePass — A cross-platform password manager that has autotype and clipboard support when respectively
xselare installed. It lets you import many formats and has many plugins.
- KeePassX — Started as a Linux port of KeePass. uses the KeePass 2.x format, but can import 1.x databases. It also lets you import PwManager and KWallet XML databases. It does not support plugins. .
- KeePassXC — Fork of KeePassX that aims to incorporate stalled pull requests, that are not being incorporated into KeePassX.
Other lesser-known alternatives can be found in the AUR:
- keepassc — A curses-based password manager compatible to KeePass v.1.x and KeePassX. It uses
xselfor clipboard functions.
- kpcli — A command line interface for KeePass database files
- keepmenu — Dmenu/Rofi frontend for Keepass database files.
- keeweb — A web app (online / Electron) compatible with KeePass 2.x. KeeWeb is the only version with default Sync support for major cloud services, Gdrive, Onedrive, Dropbox etc...
- https://keeweb.info || AUR AUR
Many plugins and extensions are available for integrating KeePass to other software.
KeePass is by default, installed at
plugin.plgx to a plugins sub-directory under the KeePass installation directory as demonstrated below:
# mkdir /usr/share/keepass/plugins # cp plugin.plgx /usr/share/keepass/plugins
- KeeFox ( AUR)
- Firefox extension that links the browser to existing or new KeePass database. KeeFox needs to be setup before it is fully functional.
- Extension allowing Firefox to form-fill passwords stored in KeePass.
- Modifies window title to assist autotype feature.
- Official browser plugin for the KeePassXC password manager (Firefox version).
- Extension allowing Google Chrome and Chromium to form-fill passwords stored in KeePass.
- Modifies window title to assist autotype feature. Similar to KeePass Helper for Firefox in function.
- Official browser plugin for the KeePassXC password manager (Chrome/Chromium version).
- Keeweb for Nextcloud ( AUR)
- Open Keepass stores inside Nextcloud
YubiKey can be integrated with KeePass thanks to contributors of KeePass plugins.
- Configure one of Yubikey slots to store static password. You can make the password as strong as 65 characters (64 characters with leading `!`). This password can then be used as master password for your KeePass database.
- one-time passwords (OATH-HOTP)
- Download plugin from KeePass website: http://keepass.info/plugins.html#otpkeyprov
- Use AUR to setup OATH-HOTP
- In advanced mode untick `OATH Token Identifier`
- In KeePass additional option will show up under `Key file / provider` called `One-Time Passwords (OATH HOTP)
- Copy secret, key length (6 or 8), and counter (in Yubikey personalization GUI this parameter is called `Moving Factor Seed`)
- You may need to setup `Look-ahead count` option to something greater than 0, please see thread for more information
- See video for more help
- Challenge-Response (HMAC-SHA1)
- Get the plugin from AUR: AUR
- In KeePass additional option will show up under `Key file / provider` called `Yubikey challenge-response`
- Plugin assumes slot 2 is used
KeepassXC provides built-in support for Yubikey Challenge-Response without plugins.
Tips and tricks
Disable your clipboard manager
If you are an avid user of clipboard managers, you can may need to disable your clipboard manager before you launch keepass and then re-start your clipboard manager afterward.