KeepassXC

Honestly we will need more information or an example. We don't know where to start.

Regards

https://github.com/keepassxreboot/keepassxc-browser and https://github.com/keepassxreboot/keepassxc-browser/blob/develop/keepassxc-protocol.md has some details, not sure if that's enough.

Hello,
Thank you. This is helpful. I will add this to our todo list.

Regards

Hi everyone,

is there any update to this topic? Unfortunately I can't find anything under plugins nor in the docs regarding keepassxc
thanks in advance.
Reagards

Sascha

Hello,
We don't have anything for now. I just revisited the documentation and I can't find a way to do the integration. The link unfortunately is not helpful for us.

Regards

Hello again,

I've looked into the man page of KeePassXC and there ist a way to get Entries through PowerShell/CMD.

'C:\Program Files\KeePassXC\keepassxc-cli.exe' show C:\path\to\my\keepass.kdbx -k C:\path\to\my\key.key "Titel_of_Entry" -s

This asks for the password of the database and gives the following output:

Title: Titel_of_Entry
UserName: myUser
Password: myPassword
URL:
Notes:

For more you can look into the man page -> https://www.mankier.com/1/keepassxc-cli

Hope this helps
Regards
Sascha

Thank you for the tip. We try to use the Cli for a futur integration.

Regards

Hi David

Any updates on this one?

Its a request Im really hoping is in the pipeline for soon to be added to RDM.

Br.
MIel

Hello,

While we don't support KeePassXC the same way we support the regular version of KeePass, there is a mode available called "Direct" that's been added to the KeePass entry. This allows you to bypass having KeePass installed on your machine altogether, simply requiring you to have access to the KDBX file. Maybe you could give this mode a shot. It's possible that it won't work with your KDBX file depending on the encryption methods used on it, RDM doesn't support them all.

Regards,

Hello,

I wanted to ask if Devolutions has made any progress in the development of KeepassXC integration?
Since PassKeys is becoming more and more of an important factor and KeepassXC offers support here, which is probably not the case with Keepass at the moment (and it doesn't look like it's on the future list either).

many thanks
Andreas

Andreas,
We use KeepassXC already.
No need for an integration, just use the direct method above and it works without issue.
Need any further help let us know and I'll share our setup.

Hello Iain,

thank´s for your quick response, somewhat complicated in our environment for security reasons. with our enterprise license we have a shared keepass file password-protected with key file. the same key file is stored locally on every (bitlocker-protected) user drives. so the configured direct method is difficult here in the team. would have to create the same entries several times as authentication data when using the direct-method....
A KeepassXC plugin in RDM like keepassclassic would be perfect - so access is only possible if KeepassXC is unlocked - another security benefit.

but thanks for the information. i'll keep trying for possibilities
if somebody has an idea - i would be very appreciated.

many greetings
Andreas

Hello,

Looking at KeepassXC's documentation, it doesn't support Plugins: https://keepassxc.org/docs/ (Under FAQ)

Best regards,

Hi,

It would be nice to have it, because it can work on MacOS as well, lot of ppl use keepass and this is a big blocker.

The message based API is here:
https://github.com/keepassxreboot/keepassxc-browser/blob/develop/keepassxc-protocol.md
Protocol V2 draft · keepassxreboot/keepassxc-browser Wiki · GitHub

GitHub - keepassxreboot/keepassxc-browser: KeePassXC Browser Extension
https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide

You can connect to keepassxc via keepassxc-proxy or socket IO.

How it can work
"KeePassXC-Browser communicates with KeePassXC through keepassxc-proxy. The proxy handles listening to STDIN/STDOUT and transfers these messages through Unix domain sockets / named pipes to KeePassXC. This means KeePassXC can be used and started normally without inteference from Native Messaging API. KeePassXC-Browser starts only the proxy application and there's no risk of shutting down KeePassXC or losing any unsaved changes. You don't need to install keepassxc-proxy separately. "

Tips
Prototype the handshake; verify you can echo "action":"get-database-statuses" and parse the reply.
Tehen build higher-level helpers (search, TOTP retrieval, auto-lock listeners).

The database must already be unlocked. Your app can set "triggerUnlock": true, but KeePassXC will still pop up its master-key dialog.
Users can revoke a client at any time in Tools ▸ Settings ▸ Browser Integration ▸ Connected Browsers. Your app must handle errorCode: 201 (client ID not found).

Minimum viable implementation (illustrative)

1. Generate a key pair (Curve25519).
2. change-public-keys (unencrypted) → receive KeePassXC’s pub-key.
3. associate (encrypted) → KeePassXC displays a pairing prompt; on approval you get id + hash.
4. Store that id/keys so you don’t have to pair again.
5. get-database-entries or get-credentials with the [Current Connection Key] array to pull data. NB: get-database-entries returns titles/URLs/UUIDs only unless the user has ticked “Allow accessing password data” in Settings GitHub.
6. Optionally subscribe to the database-locked / database-unlocked signals so your UI greys out when the vault locks.

A tiny proof-of-concept in any language is ~100 lines once you have libsodium/TweetNaCl bindings for the crypto routines.

The protocol is stable, documented, and already used by third-party tools,

Hello @zomboryzoltan,

From Iain's answer made previously in this thread, you should already be able to use files generated with KeepassXC by using our Keepass entry in the "direct" mode. This is also available on RDM Mac. Could you try this out and see if it works for you? If it doesn't work, any error messages RDM prompts as well as the application logs (Help>Application logs) might be useful.

Regards,