I recently wrote about extending the functionality of the KeePass2 password manager to allow the creation of CSV files from KeePass2 password database files. KeePass2 has a wide variety of functionality built in, and has a straightforward GUI.
These instructions are derived from a working PKGBUILD for Arch Linux by Jonathan Liu in the Arch User Repository (AUR). I’ve expanded them to work for other Linux distributions, as well; I tested the instructions in openSUSE 13.1, but they should work anywhere. They might even work in Mac OSX.
- Having installed KeePass through your distro. repository, run
which keepassin a terminal to see where the
keepassprogram file is stored on your system. In openSUSE 13.1, the location is
- If you use that location and run
catwith it (e.g.,
cat /usr/bin/keepass), you’ll likely see that, rather than being a binary file,
usr/bin/keepassis actually a shell script with one line:
exec mono /usr/lib/keepass/KeePass.exe "$@"
(“$@” here represents all of the arguments that the user types in after the
keepass command [e.g.,
What we’re looking for here is the location of KeePass.exe — here,
/usr/lib/keepass/KeePass.exe. In some distros, this will be in
If that method doesn’t work on your system, you can launch KeePass2, open a terminal, and run
ps ax | grep keepass, which will search all running processes on your system and give you output similar to what’s above (e.g.,
The kpscript documentation states that “the KPScript.exe file needs to be copied into the directory where KeePass is installed (where the KeePass.exe file is).”
Now that you have the location of KeePass.exe, you can install kpscript
- Download KPScript.exe from the link above.
- “Install” KPScript.exe using the following commands (assuming that the directory of note above was
sudo install -D -m644 KPScript.exe "/usr/lib/keepass/KPScript.exe" echo '/usr/bin/mono /usr/lib/keepass/KPScript.exe "$@"' > /tmp/kpscript sudo install -D -m755 /tmp/kpscript "/usr/bin/kpscript"
You should now be able to run
kpscript from any new terminal. You can launch
kpscript commands and have them ask for your KeePass2 password / key using the KeePass GUI password prompt using
kpscript /path/to/KeePass2_file.kdbx -guikeyprompt -c:ListGroups (
kpscript a command to run — here, after entering your password, kpscript would list all password groups in your .kdbx file.
If you are planning to run
kpscript over a server, where you won’t have access to a GUI prompt, you are expected to enter your password in plain text as part of your
kpscript invocation (e.g., with
kpscript /path/to/KeePass2_file.kdbx -guikeyprompt -c:ListGroups -pw:"your_password_goes_here"). If you are uncomfortable with that, here is a bash script that prompts for the password in a more secure way (i.e., without showing it as you type it in):
#/bin/bash read -s -p "If your database has a password, enter it here (it will be passed to kpscript with the '-pw' flag). Otherwise, just press [Enter]: " user_password if [ ! -z "$user_password" ]; # If the user entered anything (if $user_password is NOT zero-length (i.e., blank)): then kpscript -pw:$user_password "$@" else kpscript "$@" fi