KeePass is an encrypted password database format. It is an alternative to online password managers and is supported on all major platforms.
There are two versions of the format: KeePass 1.x (Classic) and KeePass 2.x
There are three major implementations of KeePass, which are all available in the official repositories:
- KeePass — A cross-platform password manager that has autotype and clipboard support when respectively
xselare installed. It lets you import many formats and has many plugins.
- KeePassX — Started as a Linux port of KeePass. uses the KeePass 2.x format, but can import 1.x databases. It also lets you import PwManager and KWallet XML databases. It does not support plugins. .
- KeePassXC — Fork of KeePassX that aims to incorporate stalled pull requests, that are not being incorporated into KeePassX.
Other lesser-known alternatives can be found in the AUR:
- keepassc — A curses-based password manager compatible to KeePass v.1.x and KeePassX. It uses
xselfor clipboard functions.
- kpcli — A command line interface for KeePassX database files
- keeweb — A web app (online / Electron) compatible with KeePass 2.x.
- https://keeweb.info || AUR AUR
Many plugins and extensions are available for integrating KeePass to other software.
KeePass is by default, installed at
plugin.plgx to a plugins sub-directory under the KeePass installation directory as demonstrated below:
# mkdir /usr/share/keepass/plugins # cp plugin.plgx /usr/share/keepass/plugins
- KeeFox ( AUR)
Firefox extension that links the browser to existing or new KeePass database. KeeFox needs to be setup before it is fully functional.
Extension allowing Firefox to form-fill passwords stored in KeePass.
Modifies window title to assist autotype feature.
Extension allowing Google Chrome and Chromium to form-fill passwords stored in KeePass.
Modifies window title to assist autotype feature. Similar to KeePass Helper for Firefox in function.
- Keeweb for Nextcloud ( AUR)
Open Keepass stores inside Nextcloud
Yubikey can be integrated with KeePass thanks to contributors of KeePass plugins.
- Configure one of Yubikey slots to store static password. You can make the password as strong as 65 characters (64 characters with leading `!`). This password can then be used as master password for your KeePass database.
- one-time passwords (OATH-HOTP)
- Download plugin from KeePass website: http://keepass.info/plugins.html#otpkeyprov
- Use AUR to setup OATH-HOTP
- In advanced mode untick `OATH Token Identifier`
- In KeePass additional option will show up under `Key file / provider` called `One-Time Passwords (OATH HOTP)
- Copy secret, key length (6 or 8), and counter (in Yubikey personalization GUI this parameter is called `Moving Factor Seed`)
- You may need to setup `Look-ahead count` option to something greater than 0, please see thread for more information
- See video for more help
- Challenge-Response (HMAC-SHA1)
- Get the plugin from AUR: AUR
- In KeePass additional option will show up under `Key file / provider` called `Yubikey challenge-response`
- Plugin assumes slot 2 is used