Skip to content

Instantly share code, notes, and snippets.

@cmcginty

cmcginty/keypass-setup-and-sync.md

Last active April 26, 2024 17:59
Show Gist options
  • Star 16 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save cmcginty/07869f3c6c27ecb0fef84ca7900e7bb7 to your computer and use it in GitHub Desktop.
Save cmcginty/07869f3c6c27ecb0fef84ca7900e7bb7 to your computer and use it in GitHub Desktop.
Download ZIP
KeePass2 Password Manager Settings and Auto-Synchronization
Raw
keypass-setup-and-sync.md

KeePass2 Setup and Auto-Synchronization Guide

KeePass is a password management utility for Windows, Linux, and Mac.

The first section describes the steps needed to setup KeyPass2 in Linux and how to add FireFox and Chrome plugin integrations.

The (optional) second section documents a robust way to automatically synchronize the password DB across multiple devices.

Install KeyPass

$ sudo apt-get install -y keepass2
$ keepass2

  • If you do not already have a database file, create a new one in ~/ or desired location. This is your local interactive copy for reading/modifying on the local machine.

  • If you want to add Firefox integration, you can use either the PassIFox or KeeFox addons. Both addons require additional Mono libs to talk to the KeePass process.

    $ sudo sh -c 'mkdir /usr/lib/keepass2/plugins'

Mozilla/KeeFox

  • Install the required system dependencies:

      $ sudo apt-get install mono-mcs libmono-system-management4.0-cil
  $ sudo apt-get install libmono-system-numerics4.0-cil

  • Install the KeeFox plugin at: https://addons.mozilla.org/en-US/firefox/addon/keefox/

  • Copy the KeePass RPC plugin the Keepass plugin dir:

      $ sudo cp $HOME/.mozilla/firefox/*.default/extensions/keefox@chris.tomlinson/deps/KeePassRPC.plgx /usr/lib/keepass2/plugins/

  • Restart KeePass.

Mozilla/PassIFox

  • Install the required system dependencies:

      $ sudo apt-get install mono-mcs libmono-system-xml-linq4.0-cil libmono-system-data-datasetextensions4.0-cil
  $ sudo apt-get install libmono-system-runtime-serialization4.0-cil

  • Install the KeePassHttp plugin:

      $ sudo wget -P /usr/lib/keepass2/plugins https://raw.github.com/pfn/keepasshttp/master/KeePassHttp.plgx
  $ sudo chmod 644 /usr/lib/keepass2/plugins/KeePassHttp.plgx

  • Restart KeePass

  • Setup KeePassHttp using the Tools->KeePassHttp Options... menu item.

  • Install the PassIFox plugin at: https://addons.mozilla.org/en-US/firefox/addon/passifox/

  • In Firefox Preferences->Security, enable Remember logins for sites

  • In Firefox, click the pop-up Connect button that will display under the search bar.

  • Chose a name for the browser. A good name should include Host and the Browser Name, and click Save.

Chromium/ChromeIPass

  • Install the required system dependencies:

      $ sudo apt-get install mono-mcs libmono-system-xml-linq4.0-cil libmono-system-data-datasetextensions4.0-cil
  $ sudo apt-get install libmono-system-runtime-serialization4.0-cil

  • Install the KeePassHttp plugin:

      $ sudo wget -P /usr/lib/keepass2/plugins https://raw.github.com/pfn/keepasshttp/master/KeePassHttp.plgx
  $ sudo chmod 644 /usr/lib/keepass2/plugins/KeePassHttp.plgx

  • Restart KeePass

  • Setup KeePassHttp using the Tools->KeePassHttp Options... menu item.

  • Install the ChromeIPass plugin at: https://chrome.google.com/webstore/detail/chromeipass/ompiailgknfdndiefoaoiligalphfdae?hl=en

  • Click the new ChromIPass menu bar icon in the top-right corner of Chrome, then press Connect.

  • Chose a name for the browser. A good name should include Host and the Browser Name, and click Save.

Synchronize/Backup KeePass DB using Dropbox

After installing the KeePass application and at least one browser extension, the next step is to configure KeePass to synchronize your DB file for every machine you need to use KeePass on.

AutoSave Trigger

The first step is to make sure the passwords are actively saved. This prevents any syncing issues when you forget to save a DB change before leaving your workstation.

  • Open the Triggers dialog using Tools->Triggers menu.
  • Click Add...
  • Set the trigger name to AutoSave, now go to Events tab.
  • Click Add...*
  • Select user interface state updated
  • Click OK, now go to Conditions tab.
  • Click Add...*
  • Select Database has unsaved changes
  • Click OK, now go to Actions tab.
  • Click Add...*
  • Select Save active database
  • Click OK and Finish.

AutoSync on Open Trigger

This trigger updates your local KeePass database anytime you open KeePass to access a password.

  • Open the Triggers dialog using Tools->Triggers menu.
  • Click Add...
  • Set the trigger name to AutoSync on Open
  • Now go to Events tab.
  • Click Add...*
  • Select Opened datbase file
  • If you only want to sync a specific database, set the file to /home/user/passwords.kdbx (i.e. your local password DB). Leave the input blank to sync all databases.
  • Click OK, now go to Conditions tab.
  • Click Add...*
  • Select File exists, enter /home/user/Dropbox/passwords-sync.kdbx in the input box.
  • Click OK, now go to Actions tab.
  • Click Add...*
  • Select Synchronize active database with file/URL*, enter /home/user/Dropbox/passwords-sync.kbx in the input box.
  • Click OK and Finish.

AutoSync on Close Trigger

The next trigger will ensure that when KeyPass becomes idle, the DB will synchronize any changes back to Dropbox. However, the trigger is disabled by default so synchronization only happens when the DB has changed.

Even if you only use KeePass on one system you can follow these steps to have a backup of your password database.

  • First, login and install the Dropbox client software. The following steps assumes your Dropbox share is available at /home/user/Dropbox
  • Open the Triggers dialog using Tools->Triggers menu.
  • Click Add...
  • Set the trigger name to AutoSync on Close
  • Uncheck the Initially on box to prevent running until triggered.
  • Check Turn off after executing actions (run once) to only run one time after the DB is saved.
  • Now go to Events tab.
  • Click Add...*
  • Select Closing datbase file (after saving)
  • If you only want to sync a specific database, set the file to /home/user/passwords.kdbx (i.e. your local password DB). Leave the input blank to sync all databases.
  • Click OK, now go to Conditions tab.
  • Click Add...*
  • Select File exists, enter /home/user/Dropbox/passwords-sync.kdbx in the input box.
  • Click OK, now go to Actions tab.
  • Click Add...*
  • Select Change trigger on/off state, and set the state to Off.
  • Click OK, click Add...*
  • Select Synchronize active database with file/URL*, enter /home/user/Dropbox/passwords-sync.kbx in the input box.
  • Click OK and Add...*
  • Select Change trigger on/off state, and set the state to On.
  • Click OK and Finish.

Enable AutoSync on Save Trigger

This is a third trigger that will enable the previous synchronization trigger whenever your local DB is saved (i.e. modified).

  • Open the Triggers dialog using Tools->Triggers menu.
  • Click Add...
  • Set the trigger name to Enable AutoSync on Save, now go to Events tab.
  • Click Add...*
  • Select Saved database file
  • Click OK, now go to Actions tab.
  • Click Add...*
  • Select Changed trigger on/off state, enter AutoSync on Close in the input box.
  • Click OK and Finish.

Enable Inactive Lock Option

Finally, make sure your database is set to lock after inactivity.

  • Open the options menu, Tools->Options.
  • Click the check box Lock workspace after KeePass inactivity
  • Set the default value to 10 seconds as a good default for testing. Increase later after you verify the sync is working. Note: Restart KeePass if Lock feature does not work.
  • Click OK

TIP: Hide Sync Progress Dialog

There is a hidden feature in the KeePass config file that can be set to hide the database syncing progress dialog box. It improves the UI making the synching operations less obvious.

  • Close KeePass.

  • Open ~/.config/KeePass/KeePass.config.xml

  • Go to the end of the<UI> tag block

  • Add the line:

      <ShowImportStatusDialog>false</ShowImportStatusDialog>

  • Save the file.

Raw
triggers.xml
<?xml version="1.0" encoding="utf-8"?>
<TriggerCollection xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Triggers>
<Trigger>
<Guid>dzatldc/jkOKLpkWmxGtCg==</Guid>
<Name>AutoSave</Name>
<Events>
<Event>
<TypeGuid>jRLUmvLLT/eo78/arGJomQ==</TypeGuid>
<Parameters />
</Event>
</Events>
<Conditions>
<Condition>
<TypeGuid>08r67ygqRkqZkNhl/OAW7Q==</TypeGuid>
<Parameters />
<Negate>false</Negate>
</Condition>
</Conditions>
<Actions>
<Action>
<TypeGuid>9VdhS/hMQV2pE3o5zRDwvQ==</TypeGuid>
<Parameters />
</Action>
</Actions>
</Trigger>
<Trigger>
<Guid>/H4DXhLeqUOWaLMaYf5aGg==</Guid>
<Name>AutoSync on Open</Name>
<Events>
<Event>
<TypeGuid>5f8TBoW4QYm5BvaeKztApw==</TypeGuid>
<Parameters>
<Parameter>0</Parameter>
<Parameter />
</Parameters>
</Event>
</Events>
<Conditions>
<Condition>
<TypeGuid>y0qeNFaMTJWtZ00coQQZvA==</TypeGuid>
<Parameters>
<Parameter>/home/pcm/Dropbox/passwords-sync.kdbx</Parameter>
</Parameters>
<Negate>false</Negate>
</Condition>
</Conditions>
<Actions>
<Action>
<TypeGuid>Iq135Bd4Tu2ZtFcdArOtTQ==</TypeGuid>
<Parameters>
<Parameter>/home/pcm/Dropbox/passwords-sync.kdbx</Parameter>
<Parameter />
<Parameter />
</Parameters>
</Action>
</Actions>
</Trigger>
<Trigger>
<Guid>vQI5NtT3W0uS81qgnadm7Q==</Guid>
<Name>AutoSync on Close</Name>
<InitiallyOn>false</InitiallyOn>
<TurnOffAfterAction>true</TurnOffAfterAction>
<Events>
<Event>
<TypeGuid>lPpw5bE/QSamTgZP2MNslQ==</TypeGuid>
<Parameters>
<Parameter>0</Parameter>
<Parameter />
</Parameters>
</Event>
</Events>
<Conditions>
<Condition>
<TypeGuid>y0qeNFaMTJWtZ00coQQZvA==</TypeGuid>
<Parameters>
<Parameter>/home/pcm/Dropbox/passwords-sync.kdbx</Parameter>
</Parameters>
<Negate>false</Negate>
</Condition>
</Conditions>
<Actions>
<Action>
<TypeGuid>tkamn96US7mbrjykfswQ6g==</TypeGuid>
<Parameters>
<Parameter />
<Parameter>0</Parameter>
</Parameters>
</Action>
<Action>
<TypeGuid>Iq135Bd4Tu2ZtFcdArOtTQ==</TypeGuid>
<Parameters>
<Parameter>/home/pcm/Dropbox/passwords-sync.kdbx</Parameter>
<Parameter />
<Parameter />
</Parameters>
</Action>
<Action>
<TypeGuid>tkamn96US7mbrjykfswQ6g==</TypeGuid>
<Parameters>
<Parameter />
<Parameter>1</Parameter>
</Parameters>
</Action>
</Actions>
</Trigger>
<Trigger>
<Guid>VMmOC6IEeE+vw+hIqW7azg==</Guid>
<Name>Enable AutoSync on Save</Name>
<Events>
<Event>
<TypeGuid>s6j9/ngTSmqcXdW6hDqbjg==</TypeGuid>
<Parameters>
<Parameter>0</Parameter>
<Parameter />
</Parameters>
</Event>
</Events>
<Conditions />
<Actions>
<Action>
<TypeGuid>tkamn96US7mbrjykfswQ6g==</TypeGuid>
<Parameters>
<Parameter>AutoSync on Close</Parameter>
<Parameter>1</Parameter>
</Parameters>
</Action>
</Actions>
</Trigger>
</Triggers>
</TriggerCollection>
@derkkaa
Copy link

derkkaa commented Sep 20, 2018
edited

These are great directions. Thank you for posting them.

I have everything syncing fine, except for if I open the database without making a change it still syncs up, and I cannot figure out why. I have double and triple checked the settings on "AutoSave on Close" and "Enable AutoSave on Close". I even turned off the Advanced option "Automatically save when closing database" to make sure that wasn't triggering the "Enable AutoSave on Close" every time I close it.

(Edited to add trigger code, but formatting was unreadable so I removed it again.)

@lukkolodziejczyk
Copy link

Thanks for the manual - I've been using this script for last months but recently I've noticed I'm missing autosave feature. The reason turned out to be very simple - since 2.39 the event user interface state updated is no longer available. After an update the trigger is still there, but missing this element. Fortunately, Keepass developers added built-in autosave under Tools -> Options -> Avanced -> Start and Exist section.

Sharing to save some time for other folks stumbling on this repo.

@RogerFx
Copy link

RogerFx commented Feb 9, 2021

Please I need some help with the "Enable AutoSync on Save Trigger"

I get an error that says:
Trigger execution failed
The object with the specified name could not be found.
Trigger name: Automatic Sync on close.

What could be the problem?

@RogerFx
Copy link

RogerFx commented Feb 9, 2021

Never mind, just noticed why.

The name on the trigger action has to match the name of the Trigger close and I had modified to a different name.

Tks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment