KeePass2 KPScript Installation on Linux

I recently wrote about extending the functionality of the KeePass2 password manager to allow the creation of CSV files from KeePass2 password database files. KeePass2 has a wide variety of functionality built in, and has a straightforward GUI. GUI = Graphical User Interface It also comes with an extension, called kpscript, that adds a robust CLI. CLI = Command-Line Interface Installing KPScript in Linux was confusing to me, so I’m posting quick instructions here, hoping that they might be useful to someone coming to this site from a search engine in the future.

These instructions are derived from a working PKGBUILD for Arch Linux by Jonathan Liu in the Arch User Repository (AUR). I’ve expanded them to work for other Linux distributions, as well; I tested the instructions in openSUSE 13.1, but they should work anywhere. They might even work in Mac OSX.

Initial information-gathering

  1. Having installed KeePass through your distro. repository, run which keepass in a terminal to see where the keepass program file is stored on your system. In openSUSE 13.1, the location is /usr/bin/keepass.
  2. If you use that location and run cat with it (e.g., cat /usr/bin/keepass), you’ll likely see that, rather than being a binary file, usr/bin/keepass is actually a shell script with one line:
exec mono /usr/lib/keepass/KeePass.exe "$@"

(“$@” here represents all of the arguments that the user types in after the keepass command [e.g., keepass --help])

What we’re looking for here is the location of KeePass.exe — here, /usr/lib/keepass/KeePass.exe. In some distros, this will be in usr/share/keepass/KeePass.exe, instead.

If that method doesn’t work on your system, you can launch KeePass2, open a terminal, and run ps ax | grep keepass, which will search all running processes on your system and give you output similar to what’s above (e.g., mono /usr/lib/keepass/KeePass.exe).

The kpscript documentation states that “the KPScript.exe file needs to be copied into the directory where KeePass is installed (where the KeePass.exe file is).”

Now that you have the location of KeePass.exe, you can install kpscript

  1. Download KPScript.exe from the link above.
  2. “Install” KPScript.exe using the following commands (assuming that the directory of note above was /usr/lib/keepass):
sudo install -D -m644 KPScript.exe "/usr/lib/keepass/KPScript.exe"
echo '/usr/bin/mono /usr/lib/keepass/KPScript.exe "$@"' > /tmp/kpscript
sudo install -D -m755 /tmp/kpscript "/usr/bin/kpscript"

You should now be able to run kpscript from any new terminal. You can launch kpscript commands and have them ask for your KeePass2 password / key using the KeePass GUI password prompt using kpscript /path/to/KeePass2_file.kdbx -guikeyprompt -c:ListGroups (-c: gives kpscript a command to run — here, after entering your password, kpscript would list all password groups in your .kdbx file.

If you are planning to run kpscript over a server, where you won’t have access to a GUI prompt, you are expected to enter your password in plain text as part of your kpscript invocation (e.g., with kpscript /path/to/KeePass2_file.kdbx -guikeyprompt -c:ListGroups -pw:"your_password_goes_here"). If you are uncomfortable with that, here is a bash script that prompts for the password in a more secure way (i.e., without showing it as you type it in):


read -s -p "If your database has a password, enter it here (it will be passed to kpscript with the '-pw' flag). Otherwise, just press [Enter]: " user_password 

if [ ! -z "$user_password" ]; # If the user entered anything (if $user_password is NOT zero-length (i.e., blank)):
    kpscript -pw:$user_password "$@"
    kpscript "$@"