Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-03-12 17:16:43 -04:00
Code Issues Packages Projects Releases Wiki Activity

Major enhancements to documentation

Browse Source 
* Closes #11467 - Describe default search fields
* Closes #11468 - Fix lock database shortcut
* Closes #8259 - Add a note about 1Password OPVault specifics
* Closes #9794 - Add section anchors for easy linking
* Closes #10316 - Show how to setup managed Edge on macOS
* Closes #7805 - Document entry url handling
* Closes #9143 - Document database merge behavior
* Closes #10876 - Correct wording in browser and passkey sections

Update outdated images of the user interface. Improve wording and flow of entire documentation. Fill in missing pieces based on user feedback.

Add mention about URL wildcards
This commit is contained in:
Jonathan White 2025-02-22 20:45:08 -05:00
parent f0c5c2ad3f
commit 941c1f5d7f
No known key found for this signature in database
GPG Key ID: 440FC65F2E0C6E01
34 changed files with 251 additions and 176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -175,7 +175,7 @@
- Browser: Revert code causing connection problems [#8665]
- Browser: Fix socket file symbolic link on Linux [#8656]
- Flatpak: Fix launching browser proxy service [#8680]
- SSH Agent: Fix paegent support on Windows [#8619]
- SSH Agent: Fix pageant support on Windows [#8619]
## 2.7.3 (2022-10-23)
@ -1058,7 +1058,7 @@
- Compare window title to entry URLs #556
- Implemented inline error messages #162
- Ignore group expansion and other minor changes when making database "dirty" #464
- Updated license and copyright information on souce files #632
- Updated license and copyright information on source files #632
- Added contributors list to about dialog #629
## 2.1.4 (2017-04-09)

5
README.md
View File

@ -22,12 +22,13 @@ KeePassXC has numerous features for novice and power users alike. Our goal is to
* Password generator
* Auto-Type passwords into applications
* Browser integration with Google Chrome, Mozilla Firefox, Microsoft Edge, Chromium, Vivaldi, Brave, and Tor-Browser
* Support for passkeys using the browser integration
* Entry icon download
* Import databases from CSV, 1Password, and KeePass1 formats
* Import databases from CSV, 1Password, Bitwarden, Proton Pass, and KeePass1 formats
### Advanced
* Database reports (password health, HIBP, and statistics)
* Database export to CSV and HTML formats
* Database export to CSV, XML, and HTML formats
* TOTP storage and generation
* Field references between entries
* File attachments and custom attributes

6
docs/GettingStarted.adoc
View File

@ -26,8 +26,8 @@ include::topics/DownloadInstall.adoc[tags=*;!advanced]
include::topics/UserInterface.adoc[tags=*;!advanced]
include::topics/PasswordGenerator.adoc[tags=*;!advanced]
include::topics/DatabaseOperations.adoc[tags=*;!advanced]
include::topics/BrowserPlugin.adoc[tags=*;!advanced]
include::topics/PasswordGenerator.adoc[tags=*;!advanced]
include::topics/BrowserIntegration.adoc[tags=*;!advanced]

11
docs/UserGuide.adoc
View File

@ -6,6 +6,7 @@ KeePassXC Team <team@keepassxc.org>
:imagesdir: images
:stylesheet: styles/dark.css
:toc: left
:sectanchors:
ifdef::backend-pdf[]
:title-page:
:title-logo-image: {imagesdir}/kpxc_logo.png
@ -23,18 +24,18 @@ include::topics/UserInterface.adoc[tags=*]
include::topics/DatabaseOperations.adoc[tags=*]
include::topics/ImportExport.adoc[tags=*]
include::topics/PasswordGenerator.adoc[tags=*]
include::topics/BrowserPlugin.adoc[tags=*]
include::topics/ImportExport.adoc[tags=*]
include::topics/KeeShare.adoc[tags=*]
include::topics/BrowserIntegration.adoc[tags=*]
include::topics/Passkeys.adoc[tags=*]
include::topics/AutoType.adoc[tags=*]
include::topics/KeeShare.adoc[tags=*]
include::topics/SSHAgent.adoc[tags=*]
include::topics/Reference.adoc[tags=*]

BIN
docs/images/database_security_encryption.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 28 KiB

After

Width:  |  Height:  |  Size: 45 KiB

BIN
docs/images/database_security_encryption_advanced.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 40 KiB

After

Width:  |  Height:  |  Size: 52 KiB

BIN
docs/images/database_settings.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 60 KiB

After

Width:  |  Height:  |  Size: 56 KiB

BIN
docs/images/database_view.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 87 KiB

After

Width:  |  Height:  |  Size: 84 KiB

BIN
docs/images/export_database.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 90 KiB

After

Width:  |  Height:  |  Size: 9.2 KiB

BIN
docs/images/main_interface.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 95 KiB

After

Width:  |  Height:  |  Size: 84 KiB

BIN
docs/images/new_db_wizard_2.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 48 KiB

After

Width:  |  Height:  |  Size: 57 KiB

BIN
docs/images/open_database.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 40 KiB

After

Width:  |  Height:  |  Size: 39 KiB

BIN
docs/images/save_database_backup.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 16 KiB

After

Width:  |  Height:  |  Size: 18 KiB

BIN
docs/images/theme_selection.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 21 KiB

After

Width:  |  Height:  |  Size: 32 KiB

BIN
docs/images/toolbar.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 18 KiB

After

Width:  |  Height:  |  Size: 19 KiB

BIN
docs/images/unlock_database.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 21 KiB

After

Width:  |  Height:  |  Size: 33 KiB

BIN
docs/images/welcome_screen.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 37 KiB

After

Width:  |  Height:  |  Size: 38 KiB

2
docs/styles/dark.css
View File

@ -180,7 +180,7 @@ body.toc2.toc-right{padding-left:0;padding-right:20em}}
.sect1{padding-bottom:1.25em}}
.sect1:last-child{padding-bottom:0}
.sect1+.sect1{border-top:1px solid #efefed}
#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:1.5ex;margin-left:-1.5ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400}
#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:2.0ex;margin-left:-1.8ex;margin-top:0.08ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400}
#content h1>a.anchor::before,h2>a.anchor::before,h3>a.anchor::before,#toctitle>a.anchor::before,.sidebarblock>.content>.title>a.anchor::before,h4>a.anchor::before,h5>a.anchor::before,h6>a.anchor::before{content:"\00A7";font-size:.85em;display:block;padding-top:.1em}
#content h1:hover>a.anchor,#content h1>a.anchor:hover,h2:hover>a.anchor,h2>a.anchor:hover,h3:hover>a.anchor,#toctitle:hover>a.anchor,.sidebarblock>.content>.title:hover>a.anchor,h3>a.anchor:hover,#toctitle>a.anchor:hover,.sidebarblock>.content>.title>a.anchor:hover,h4:hover>a.anchor,h4>a.anchor:hover,h5:hover>a.anchor,h5>a.anchor:hover,h6:hover>a.anchor,h6>a.anchor:hover{visibility:visible}
#content h1>a.link,h2>a.link,h3>a.link,#toctitle>a.link,.sidebarblock>.content>.title>a.link,h4>a.link,h5>a.link,h6>a.link{color:#ba3925;text-decoration:none}

23
docs/topics/BrowserPlugin.adoc → docs/topics/BrowserIntegration.adoc
View File

@ -3,7 +3,7 @@ include::.sharedheader[]
:imagesdir: ../images
// tag::content[]
== Setup Browser Integration
== Browser Integration
The KeePassXC-Browser extension is installed within your web browser so that you can automatically pull usernames and passwords from KeePassXC and populate them directly into website fields. It is a very useful and secure extension that enhances your productivity while using KeePassXC. With this extension, you do not need to manually copy the data from your KeePassXC database and paste it into the website fields.
The KeePassXC-Browser extension is available on the following web browsers:
@ -13,6 +13,8 @@ The KeePassXC-Browser extension is available on the following web browsers:
* Microsoft Edge
* Chromium
NOTE: On Linux, Flatpak and Snap based browsers are generally not supported. Ubuntu's Firefox Snap is currently the only known exception.
=== Install the Browser Extension
You can download the KeePassXC-Browser extension from your web browser. To download the KeePassXC-Browser extension, perform the following steps:
@ -92,7 +94,6 @@ image::browser_confirm_access_dialog.png[,80%]
image::browser_fill_credentials.png[,80%]
=== Generate Passwords
The KeePassXC-Browser Extension also lets you generate passwords directly in your browser.
This feature can be used for websites with existing credentials as well as for new websites.
You can then choose to update/add the credentials to your KeePassXC database directly from the Browser.
@ -117,6 +118,13 @@ You can configure unique browser integration behavior for each entry. This allow
After opening the settings you can add any number of additional URLs by clicking the _Add_ button *(2)* and typing the URL in the list to the left *(3)*.
Additional URLs also supports wildcards (with KeePassXC 2.7.10 and later). You can use URLs like:
----
https://*.example.com
https://example.com/*/path
https://sub.*.example.com/path/*
----
.Entry browser settings
image::browser_entry_settings.png[]
@ -138,9 +146,7 @@ WARNING: We do not recommend changing any of these settings as they may break th
image::browser_advanced_settings.png[]
=== Advanced Setup
==== Custom Browser option
It is possible to enable support for a custom browser (e.g. LibreWolf, WaterFox, Arc, beta and nightly browsers, etc.) using this feature.
This feature is only available for Linux and macOS.
@ -156,7 +162,7 @@ When a Custom Browser has been successfully set, KeePassXC will automatically wr
If you wish to support multiple custom browsers, you can copy the native messaging script files manually to the _native-messaging-hosts_ folder from other browsers.
==== Managed Microsoft Edge on Windows
1. Deploy *org.keepassxc.keepassxc_browser_edge.json* to, for example, `C:\ProgramData\KeepassXC` on all managed platforms.
1. Deploy *org.keepassxc.keepassxc_browser_edge.json* to, for example, `C:\ProgramData\KeePassXC\` on all managed platforms.
+
----
{
@ -170,7 +176,7 @@ If you wish to support multiple custom browsers, you can copy the native messagi
}
----
2. Configure GPO options (registry result):
2. Configure GPO options (see https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#native-messaging[Microsoft Edge Native Messaging Policies] for more information.):
+
----
Windows Registry Editor Version 5.00
@ -186,5 +192,10 @@ Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NativeMessagingAllowlist]
"1"="org.keepassxc.keepassxc_browser"
----
==== Managed Microsoft Edge on macOS
1. Deploy *org.keepassxc.keepassxc_browser_edge.json* to `/Library/Microsoft/Edge/NativeMessagingHosts`.
2. You may need to configure Edge to allowlist the extension and native messaging host. See https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#native-messaging[Microsoft Edge Native Messaging Policies] for more information.
// end::advanced[]
// end::content[]

222
docs/topics/DatabaseOperations.adoc
View File

@ -36,6 +36,13 @@ NOTE: Keep this password for your database safe. Either memorize it or note it d
5. Click Done. You will be prompted to select a location to save your database file. The database file is saved on to your computer with the default `.kdbx` extension. You can store your database wherever you wish, it is fully encrypted at all times preventing unauthorized access.
=== Storing Your Database
The database file that you create might contain highly sensitive data and must be stored in a very secure way. You must make sure that the database is always protected with a strong and long password. The database file that is protected with a strong and long password is secure and encrypted while stored on your computer or cloud storage service.
Make sure that you or someone else does not accidentally delete the database file. Deletion of the database file will result in the total loss of all your information (including all your passwords!) and a lot of inconvenience to manually retrieve your logins for various web applications. Do not share the credentials to access your database file with anyone unless you absolutely trust them (spouse, child, etc.).
TIP: You can safely store your database file in the cloud (OneDrive, Dropbox, Google Drive, Nextcloud, Syncthing, etc.). The database file is always fully encrypted; unencrypted data is never written to disk and is never accessible to your cloud storage provider. We recommend using a storage service that keeps automatic backups (version history) of your database file in the event of corruption or accidental deletion.
=== Opening an Existing Database
To open an existing database, perform the following steps:
@ -51,9 +58,11 @@ image::unlock_database.png[]
3. Enter the password for your database.
4. _(Optional)_ Browse for the Key File if you have chosen it as an additional authentication factor while creating the database. Refer to the KeePassXC User Guide for more information on setting a Key File as an additional authentication factor.
4. _(Optional)_ Click *I have a key file (A)* if you have one as an additional authentication factor for your database.
5. Click *OK*. The database opens and the following screen is displayed:
5. _(Optional)_ Plug in your configured YubiKey or OnlyKey to use it as an additional authentication factor. If you don't see it listed, press the refresh button *(B)*.
6. Click *OK*. The database opens and the following screen is displayed:
+
.Unlocked database
image::database_view.png[]
@ -72,24 +81,13 @@ When your database is locked, you will see the following unlock dialog. Simply p
image::quick_unlock.png[]
// tag::advanced[]
=== Expired Entries
By default, KeePassXC will show entries that are expired or will be expiring within 3 days after unlocking the database. This feature allows you to change your passwords before they expire and be aware of passwords that are no longer valid. You can disable or change this feature in the Application Settings.
NOTE: By default, KeePassXC will show entries that are expired or will be expiring within 3 days after unlocking the database. This feature allows you to change your passwords before they expire and be aware of passwords that are no longer valid. You can disable or change this feature in the Application Settings.
=== Advanced Save Options
There are three ways that KeePassXC can handle database files. This behavior is set in the Application Settings under _File Operations_.
1. _(Default)_ *Safe saves* create a temporary database file alongside the existing one and atomically move it into place when all writing is complete. This prevents database corruption in the case of application crashes, loss of power, or other interruptions.
2. *Temporary file saves* create a database in the temporary files folder. This database is then moved into place overtop of the existing file. Although rare, interruptions in this move process could leave your database in an unknown state. This option is useful for overcoming poorly behaved cloud sync tools.
3. *Direct-write saves* write directly to the existing database file. This is an unsafe operation since any interruption can leave your entire database inaccessible. We only recommend using this option when interfacing with Linux GVFS services (e.g. Google Cloud on Gnome) and other types of storage services that host a virtual drive system.
In addition to these save options, KeePassXC can create a backup of your existing database file just prior to saving. This backup will be saved at the path specified in the *Backup destination* field. This path can be absolute or relative. The latter will be resolved according to the databases path. It is possible to specify a custom naming scheme with placeholders. See <<Backup Path Placeholders, Backup Path Placeholders>> for available placeholders and examples.
image::save_options.png[]
// end::advanced[]
=== Entry Handling
Entries in KeePassXC are the fundamental units where all your sensitive information is stored. Each entry can contain various fields such as usernames, passwords, URLs, attachments, and notes. You can create, edit, clone, and delete entries as needed. Additionally, KeePassXC supports advanced features like TOTP for two-factor authentication, custom attributes, and entry history to track changes over time. Proper management of entries ensures that your data is organized, secure, and easily accessible when needed.
=== Adding an Entry
==== Adding an Entry
All the details such as usernames, passwords, URLs, attachments, notes, and so on are stored in database entries. You can create as many entries as you want in the database.
To add an entry, perform the following step:
@ -112,7 +110,7 @@ image::edit_entry.png[]
5. Click *OK* to add the entry to your database.
=== Editing an Entry
==== Editing an Entry
To edit the details in an entry, perform the following steps:
1. Select the entry you want to edit.
@ -123,7 +121,7 @@ To edit the details in an entry, perform the following steps:
4. Click *OK*.
=== Adding TOTP to an Entry
==== Adding TOTP to an Entry
Timed One-Time Passwords (TOTP) are a popular choice for two-factor authentication methods. These codes are typically six digits long and change every 30 seconds. They are derived from a shared secret value and the current time. Once set up, KeePassXC can calculate TOTP codes like any authenticator app, such as Google Authenticator. The codes can be used with copy/paste, browser extension, and Auto-Type.
TIP: Your computer time must be synchronized with an internet time source to generate valid TOTP codes, https://www.nist.gov/pml/time-and-frequency-division/time-distribution/internet-time-service-its[read more here].
@ -145,7 +143,17 @@ After an entry is configured with TOTP, you will see a clock icon in that entry'
.TOTP Usage
image::totp_usage_examples.png[]
=== Deleting an Entry
==== Entry Icons
You can select an icon to be displayed with each entry for easy identification. KeePassXC comes with a set of default icons that you can use or you can use your own custom icons. If you defined a URL with an entry, you can also download the favorite icon for that particular website.
NOTE: To delete a custom icon, go to <<Database Maintenance>> where you can purge unused icons and delete one or more icons at a time.
.Entry icon selection
image::edit_entry_icons.png[]
TIP: Each KeePass application has different default icons. If you use a mobile app or KeePass2, be aware that the default icons may not be exactly correspond to the KeePassXC icons.
==== Deleting an Entry
To delete an entry, perform the following steps:
1. Select the entry you want to delete and press the `Delete` button on your keyboard.
@ -157,7 +165,7 @@ NOTE: You can disable the recycle bin within the Database Settings. If the recyc
3. To permanently delete the entry, navigate to the Recycle Bin, select the entry you want to delete and press the `Delete` button on your keyboard.
// tag::advanced[]
=== Clone an Entry
==== Clone an Entry
Creating a clone of an entry provides you a ready-to-use template for creating new entries with similar details of a master entry.
To create a clone of an existing entry, perform the following steps:
@ -182,10 +190,71 @@ image::clone_entry_references.png[]
4. You can create your own references using the <<Entry Cross-Reference, Entry Reference Syntax>>
== Searching the Database
KeePassXC provides an enhanced and granular search features the enables you to search for specific entries in the databases using the different modifiers, wild card characters, and logical operators.
==== Entry URL Handling
KeePassXC can handle URLs in various ways. Standard URLs will be opened in your default browser. URLs that start with schemas handled by your Operating System will launch the associated application, for example `ftp://` or `ssh://`. You can also use the following URL schemas to perform specific actions:
=== Modifiers and Fields
|===
|Schema | Example | Description
|cmd://
|`cmd://ssh {USERNAME}@example.com -p 2222`
|Launches the specified command line executable with the specified arguments. The executable must be present on your PATH or an absolute path must be specified.
|kdbx://
|`kdbx://~/dbs/passwords.kdbx`
|Opens the specified database file. Set the entry's username to the keyfile path (if required) and password to the database password. The database will open in a new tab.
|===
=== Advanced Entry Handling
KeePassXC offers several advanced options for managing your database entries. Additional Attributes allow you to store extra information required by some applications and websites. Attachments enable you to attach files to entries, stored as encrypted binaries, which can be previewed directly in the application (text and images). Icons can be selected or downloaded for easy identification of entries. The Properties section lets you view basic properties such as creation, modification, and last accessed times, and retrieve an entry's UUID for references. KeePassXC also maintains a history of changes to entries, allowing you to view, restore, or delete previous versions of an entry.
==== Additional Attributes
A lot of applications and web sites now require providing additional information when you create accounts. The additional information is used to block hackers if any suspicious activity is detected. In addition, the additional information you provide can be used to reset passwords if you forget them. You can also store arbitrary information here that can be copied to the clipboard or Auto-Typed using the `{S:<ATTR_NAME>}` action code.
To protect an attribute from being displayed by default, activate the _Protect_ checkbox *(A)*. To show the contents of the attribute while keeping it protected, press the _Reveal_ button *(B)*.
.Additional attributes example
image::edit_entry_attributes.png[]
==== Attachments
You can attach files to any entry in your database by pressing the _Add_ button *(A)*. These files are added to the database and stored as encrypted binaries. You can open, save, or delete attachments from this interface *(B)*.
NOTE: When you try to open the attached file, KeePassXC extracts the attachment to a temporary file and opens it using the default application associated with the file type. After finishing viewing or editing the file, you can choose between importing or discarding the changes that you made to the temporary file. KeePassXC securely deletes the temporary file by overwriting it.
.Attachments interface
image::edit_entry_attachments.png[]
==== Foreground and Background Color
You can change the foreground *(A)* and/or background *(B)* color that this entry will use in the entry lists. Click the corresponding box to open the color picker dialog.
.Color picker dialog
image::edit_entry_colors.png[]
==== Properties
KeePassXC lets you view the basic properties such as date and time of creation, modification, and when last accessed. This is also where you can retrieve an entry's UUID for use in references.
.Entry properties view
image::edit_entry_properties.png[]
==== History
KeePassXC maintains a history of changes you make to your entries. Each time you change an entry, KeePassXC automatically creates a backup copy of the current, non-modified entry before saving the new values. You can view the changes you made previously, restore, and delete the history of changes you made. The age of the history item, the changes that were made, and the entry's size are shown in the table view.
* Show: Display this history item for review, a read-only copy of the entry will be shown.
* Restore: Reinstate the selected history item as the active entry details.
* Delete: Delete the selected history item.
* Delete All: Delete the entire history for this entry.
.Entry history view
image::edit_entry_history.png[]
NOTE: Restoring an old history item will store the current entry settings as a new history item.
// end::advanced[]
=== Search
KeePassXC provides a robust search that enables you to find specific entries in the databases using different modifiers, wild card characters, and logical operators. By default, search considers the following fields when matching your query: Title, Username, URL, Tags, and Notes. To include other fields and/or narrow your search to specific fields, you can use the search syntax described below.
==== Modifiers and Fields
[grid=rows, frame=none, width=70%]
|===
|Modifier |Description
@ -201,14 +270,15 @@ The following fields can be searched along with their abbreviated name in parent
* Title (t)
* Username (u)
* Password (p, pw)
* URL
* URL (url)
* Notes (n)
* Attribute names and values (attr)
* Attachment (attach)
* Group (g)
* Tags (tag)
* Entry State (is:expired, is:weak)
=== Wild Card Characters and Logical Operators
==== Wild Card Characters and Logical Operators
[grid=rows, frame=none, width=70%]
|===
|Wild Card Character |Description
@ -218,7 +288,7 @@ The following fields can be searched along with their abbreviated name in parent
|\| |Logical OR
|===
=== Sample Search Queries
==== Sample Search Queries
The following tables lists a few samples search queries for your reference:
|===
@ -236,63 +306,39 @@ The following tables lists a few samples search queries for your reference:
|`+attr:mystring123`
|Searches all additional attributes for any name OR value equal to mystring123.
|`+tag:personal`
| Search exactly for the 'personal' tag and do not include tags such as 'my personal'.
|`is:expired is:weak`
|Searches for all expired entries with weak passwords.
|===
== Advanced Entry Options
=== Additional Attributes
A lot of applications and web sites now require providing additional information when you create accounts. The additional information is used to block hackers if any suspicious activity is detected. In addition, the additional information you provide can be used to reset passwords if you forget them. You can also store arbitrary information here that can be copied to the clipboard or Auto-Typed using the `{S:<ATTR_NAME>}` action code.
// tag::advanced[]
=== Merging Databases
KeePassXC allows you to merge entries from one database into another through the _Database_ -> _Merge From Database_ menu item. When merging, entries from the specified database will be imported into your currently open database. The merge process compares entries based on their unique identifiers (UUIDs) and modified timestamp. When an entry UUID matches, no matter which group it is in, the most recently modified version will be made the current and the previous version will be placed into the entry's history. Any new entries and/or groups will be added to the open database. This feature is useful for consolidating multiple databases or synchronizing databases from conflict files in a cloud storage system.
To protect an attribute from being displayed by default, activate the _Protect_ checkbox *(A)*. To show the contents of the attribute while keeping it protected, press the _Reveal_ button *(B)*.
NOTE: When you delete entries, a record of that deletion (the entry UUID) is stored to prevent that entry from reappearing from a merge operation. An existing entry that has the same UUID as a deleted item will be removed from the database without prompt.
.Additional attributes example
image::edit_entry_attributes.png[]
=== Advanced Save Options
There are three ways that KeePassXC can handle database files. This behavior is set in the Application Settings under _File Operations_.
=== Attachments
You can attach files to any entry in your database by pressing the _Add_ button *(A)*. These files are added to the database and stored as encrypted binaries. You can open, save, or delete attachments from this interface *(B)*.
1. _(Default)_ *Safe saves* create a temporary database file alongside the existing one and atomically move it into place when all writing is complete. This prevents database corruption in the case of application crashes, loss of power, or other interruptions.
NOTE: When you try to open the attached file, KeePassXC extracts the attachment to a temporary file and opens it using the default application associated with the file type. After finishing viewing or editing the file, you can choose between importing or discarding the changes that you made to the temporary file. KeePassXC securely deletes the temporary file by overwriting it.
2. *Temporary file saves* create a database in the temporary files folder. This database is then moved into place overtop of the existing file. Although rare, interruptions in this move process could leave your database in an unknown state. This option is useful for overcoming poorly behaved cloud sync tools.
.Attachments interface
image::edit_entry_attachments.png[]
3. *Direct-write saves* write directly to the existing database file. This is an unsafe operation since any interruption can leave your entire database inaccessible. We only recommend using this option when interfacing with Linux GVFS services (e.g. Google Cloud on Gnome) and other types of storage services that host a virtual drive system.
=== Foreground and Background Color
You can change the foreground *(A)* and/or background *(B)* color that this entry will use in the entry lists. Click the corresponding box to open the color picker dialog.
=== Database Backup Options
In addition to these save options, KeePassXC can create a backup of your existing database file just prior to saving. This backup will be saved at the path specified in the *Backup destination* field. This path can be absolute or relative. The latter will be resolved according to the databases path. It is possible to specify a custom naming scheme with placeholders. See <<Backup Path Placeholders, Backup Path Placeholders>> for available placeholders and examples.
.Color picker dialog
image::edit_entry_colors.png[]
image::save_options.png[]
=== Icons
You can select an icon to be displayed with each entry for easy identification. KeePassXC comes with a set of default icons that you can use or you can use your own custom icons. If you defined a URL with an entry, you can also download the favorite icon for that particular website.
Alternatively, backups can be created on-demand using the _Database_ -> _Save Database Backup..._ menu feature.
NOTE: To delete a custom icon, go to <<Database Maintenance>> where you can purge unused icons and delete one or more icons at a time.
.Saving a database backup
image::save_database_backup.png[,40%]
.Entry icon selection
image::edit_entry_icons.png[]
TIP: Each KeePass application has different default icons. If you use a mobile app or KeePass2, be aware that the default icons may not be exactly correspond to the KeePassXC icons.
=== Properties
KeePassXC lets you view the basic properties such as date and time of creation, modification, and when last accessed. This is also where you can retrieve an entry's UUID for use in references.
.Entry properties view
image::edit_entry_properties.png[]
=== History
KeePassXC maintains a history of changes you make to your entries. Each time you change an entry, KeePassXC automatically creates a backup copy of the current, non-modified entry before saving the new values. You can view the changes you made previously, restore, and delete the history of changes you made. The age of the history item, the changes that were made, and the entry's size are shown in the table view.
* Show: Display this history item for review, a read-only copy of the entry will be shown.
* Restore: Reinstate the selected history item as the active entry details.
* Delete: Delete the selected history item.
* Delete All: Delete the entire history for this entry.
.Entry history view
image::edit_entry_history.png[]
NOTE: Restoring an old history item will store the current entry settings as a new history item.
== Automatic Database Opening
=== Automatic Database Opening
You can setup one or more databases to open automatically when you unlock a single database. This is done by *(1)* defining a special group named `AutoOpen` with *(2)* entries that contain the file path and credentials for each database that should be opened. There is no limit to the number of databases that can be opened.
TIP: Case matters with auto open, the group name must be exactly `AutoOpen` and it must be a child of the root group.
@ -329,6 +375,7 @@ image::database_settings.png[]
* *Database name:* This is the default identifier for your database and is shown in the tab bar and title bar (when active). You can change this name as desired.
* *Database description:* Provide some meaningful description for your database.
* *Default username:* Provide a default username for all new entries that you create in this database.
* *Public Databse Metadata:* Here you can set a public (unencrypted) name, icon, and color for your database. This is used on the database unlock screen to help distinguish multiple databases from each other.
* *Max history items:* This is the maximum number of history items that are stored for each entry. When you set this to 0, no history will be saved. Set this value to a low value to prevent the database from getting too large (we recommend no more than 10).
* *Max. history size:* When the history of an entry gets above this size, it is truncated. For example, this happens when entries have large attachments. Set this value small to prevent the database from getting too large (we recommend 6 MiB).
* *Use recycle bin:* Select this check-box if you want deleted entries to move to the recycle bin instead of being permanently removed. The recycle bin will be created if it does not already exist after your first deletion. To delete entries permanently, you must empty the recycle bin manually.
@ -365,42 +412,9 @@ The following key derivation functions are supported:
* Argon2 (KDBX 4 recommended): KDBX 4, the Argon2 key derivation function can be used for transforming the composite master key (as protection against dictionary attacks). The main advantage of Argon2 over AES-KDF is that it provides a better resistance against GPU/ASIC attacks (due to being a memory-hard function). The number of iterations scales linearly with the required time. By increasing the memory parameter, GPU/ASIC attacks become harder and the required time increases. The parallelism parameter can be used to specify how many threads should be used. We recommend using Argon2id to prevent against timing-based attacks. Argon2d offers maximum compatibility with other KeePass-based apps, the default settings provide sufficient protection against any known attacks.
== Database Maintenance
=== Database Maintenance
KeePassXC offers some maintenance features that can be applied to clean up your database. Navigate to _Database_ -> _Database settings_ then click on _Maintenance_ on the left hand panel. The following screen appears. On this screen you can delete multiple icons at once and purge any unused icons in your database.
image::database_maintenance.png[]
=== Creating a YubiKey backup
It is advisable to have a backup replica YubiKey In case your main YubiKey gets damaged, lost, or stolen. The same HMAC key will need to be written to both keys. To do this you can either use the YubiKey Personalization Tool GUI or the ykpersonalize CLI tool. The steps for the CLI tool are shown:
1. Create a 20 byte HMAC key:
+
```
dd status=none if=/dev/random bs=20 count=1 | xxd -p -c 40
```
2. Write the HMAC key to slot 2 _(Set through the first switch. Out of the box the YubiKey OTP resides in slot 1)_:
+
```
ykpersonalize -2 -a -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible -oallow-update
```
You will be asked to enter the HMAC key you created earlier, copy/paste they key output in the first step. Repeat step 2 for your second YubiKey using the same HMAC key from before. We recommend storing your HMAC key in a safe place (e.g., printed on paper) in case you need to recreate another key.
== Command Line Tool
KeePassXC comes with the command line tool *keepassxc-cli* to access, view, and manipulate your database directly from a terminal window. The tool is documented through a separate man page, which can be shown using `man keepassxc-cli`, or through the on-demand help using `keepassxc-cli [command] -h`. An online version of the man page is https://github.com/keepassxreboot/keepassxc/blob/master/docs/man/keepassxc-cli.1.adoc[available on GitHub].
// end::advanced[]
== Storing a Database File
The database file that you create might contain highly sensitive data and must be stored in a very secure way. You must make sure that the database is always protected with a strong and long password. The database file that is protected with a strong and long password is secure and encrypted while stored on your computer or cloud storage service.
Make sure that you or someone else does not accidentally delete the database file. Deletion of the database file will result in the total loss of all your information (including all your passwords!) and a lot of inconvenience to manually retrieve your logins for various web applications. Do not share the credentials to access your database file with anyone unless you absolutely trust them (spouse, child, etc.).
TIP: You can safely store your database file in the cloud (OneDrive, Dropbox, Google Drive, Nextcloud, Syncthing, etc.). The database file is always fully encrypted; unencrypted data is never written to disk and is never accessible to your cloud storage provider. We recommend using a storage service that keeps automatic backups (version history) of your database file in the event of corruption or accidental deletion.
== Backing up a Database File
It is a good practice to create copies of your database file and store the copies of your database on a different computer, smart phone, or cloud storage space such a Google Drive or Microsoft OneDrive. Backups can be created automatically by selecting the _Backup database file before saving_ option in the application settings. Additionally, you can create a backup on-demand using the _Database_ -> _Save Database Backup..._ menu feature.
.Saving a database backup
image::save_database_backup.png[,40%]
// end::content[]

21
docs/topics/ImportExport.adoc
View File

@ -3,13 +3,14 @@ include::.sharedheader[]
:imagesdir: ../images
// tag::content[]
== Importing External Databases
== Importing Databases
KeePassXC allows you to import external databases from the following options:
* Comma Separated Values (.csv)
* 1Password Export (.1pux)
* 1Password Vault (.opvault)
* Bitwarden (.json)
* Proton Pass (.json)
* KeePass 1 Database (.kdb)
To import any of these files, start KeePassXC and either click the `Import File` button on the welcome screen or use the menu Database > Import... to launch the Import Wizard.
@ -31,14 +32,17 @@ image::csv_import.png[]
3. Click `Done` to complete the import. If you chose to create a new database, the New Database dialog will appear. Otherwise your entries will be nested under the group you chose for the existing database.
=== Importing 1Password Export
=== Importing from Other Applications
KeePassXC allows you to import databases from various applications including 1Password (1PUX and OPVault), Bitwarden, and Proton Pass. Each import option involves selecting the file, providing necessary credentials (if required), and choosing to import into a new or existing database. Note that CSV, 1Password Export, Bitwarden, and Proton Pass files are unencrypted and should be securely deleted after import.
==== 1Password Export
WARNING: A 1Password Export file is unencrypted and you should securely delete this file after successfully importing it into KeePassXC.
1. Open the Import Wizard as shown above. Select the 1Password Export option.
2. Click `Continue` to unlock and preview the import. Click `Done` to complete the import.
=== Importing 1Password OPVault
==== 1Password OPVault
NOTE: You must have 1Password version 7 or 8 to export your data to an OPVault. If you are using a newer version of 1Password, you should use the 1Password Export (1PUX) format instead.
Save your 1Password Vault locally to create an OPVault directory. Please see 1Password instructions on how to do this. Once an OPVault is created, perform the following steps:
@ -47,7 +51,7 @@ Save your 1Password Vault locally to create an OPVault directory. Please see 1Pa
2. Enter the password for your vault and click `Continue` to unlock and preview the import. Click `Done` to complete the import.
=== Importing Bitwarden
==== Bitwarden
WARNING: A Bitwarden Export file may be unencrypted and you should securely delete this file after successfully importing it into KeePassXC.
1. Open the Import Wizard as shown above. Select the Bitwarden option.
@ -56,6 +60,13 @@ WARNING: A Bitwarden Export file may be unencrypted and you should securely dele
3. Click `Continue` to unlock and preview the import. Click `Done` to complete the import.
==== Proton Pass
WARNING: A Proton Pass Export file is unencrypted and you should securely delete this file after successfully importing it into KeePassXC.
1. Open the Import Wizard as shown above. Select the Proton Pass option.
2. Click `Continue` to preview the import. Click `Done` to complete the import.
=== Importing KeePass 1 Database
KeePass 1 database is an older format of the database created using a legacy version of KeePass. KeePassXC lets your import this older format of the database and you can seamlessly start using this database in your new KeePassXC application.
@ -70,6 +81,8 @@ To import a KeePass 1 database file in KeePassXC, perform the following steps:
== Exporting Databases
KeePassXC supports multiple ways to export your database for transfer to another program or to print out and archive.
WARNING: These exports do not contain all the information in your database due to various limitations in the export format. For example, the CSV export does not support attachments, advanced attributes, Auto-Type settings, or custom icons. The XML export does not support attachments. The HTML export is mainly for printing and does not support attachments and some custom data fields.
WARNING: Exporting your database will result in all of your passwords and sensitive information being stored in an unencrypted format. We do not recommend saving your exported database for long periods of time as that can cause a compromise of sensitive information.
.Database export menu

2
docs/topics/KeeShare.adoc
View File

@ -16,7 +16,7 @@ To use sharing, you need to enable it for the application.
.KeeShare Application Settings
image::keeshare_application_settings.png[]
=== Sharing Credentials
=== Setup a Shared Group
If you checked _Allow export_ in the Sharing settings you can now share a group of passwords. Sharing is always defined on a particular group. If you enable sharing on a group, every entry under this group, and its children, are shared. If you enable sharing on the root node, **every password** inside your database gets shared!
NOTE: KeeShare does not synchronize group structure after the initial share is created. At this time, KeeShare operates at the entry level; shared entries moved outside of a shared group are still synchronized.

3
docs/topics/KeyboardShortcuts.adoc
View File

@ -15,7 +15,8 @@ NOTE: On macOS please substitute `Ctrl` with `Cmd` (aka `⌘`).
|Save Database As | Ctrl + Shift + S
|New Database | Ctrl + Shift + N
|Close Database | Ctrl + W ; Ctrl + F4
|Lock All Databases | Ctrl + L
|Lock Current Database | Ctrl + L
|Lock All Databases | Ctrl + Shift + L
|Database Settings | Ctrl + Shift + ,
|Database Reports | Ctrl + Shift + R
|Quit | Ctrl + Q

42
docs/topics/Passkeys.adoc
View File

@ -5,56 +5,56 @@ include::.sharedheader[]
// tag::content[]
== Passkeys
Passkeys are a secure way for replacing passwords that is supported by all major browser vendors and an increasing number of websites. For more information on what Passkeys are and how they work, please go to the FIDO Alliance's documentation: https://fidoalliance.org/passkeys/
Passkeys are a secure way for replacing passwords that is supported by all major browser vendors and an increasing number of websites. For more information on what passkeys are and how they work, please go to the FIDO Alliance's documentation: https://fidoalliance.org/passkeys/
=== Enabling Passkey Support
=== Browser Passkey Support
KeePassXC supports Passkeys directly through the Browser Integration service. Passkeys are only supported with the use of the KeePassXC Browser Extension and a properly connected database. To enable Passkey support on the extension, you must check the _Enable Passkeys_ option in the extension settings page.
KeePassXC supports passkeys directly through the Browser Integration service. Passkeys are only supported with the use of the KeePassXC Browser Extension and a properly connected database. To enable passkey support on the extension, you must check the _Enable Passkeys_ option in the extension settings page.
.Enable Passkey Support in the KeePassXC Browser Extension
image::passkeys_enable_from_extension.png[,75%]
Optionally, you can disable falling back to the built-in Passkey support from your browser and operating system. If left enabled, the extension will show the default Passkey dialogs if KeePassXC cannot handle the request or the request is canceled.
Optionally, you can disable falling back to the built-in passkey support from your browser and operating system. If left enabled, the extension will show the default passkey dialogs if KeePassXC cannot handle the request or the request is canceled.
=== Create a New Passkey
Creating a new Passkey and authenticating with it is a simple process. This workflow will be demonstrated using GitHub as an example site. Please note that GitHub allows two use cases for Passkeys, one for 2FA only and the other for replacement of username and password entirely. We will be configuring the latter use case in this example.
Creating a new passkey and authenticating with it is a simple process. This workflow will be demonstrated using GitHub as an example site. Please note that GitHub allows two use cases for passkeys, one for 2FA only and the other for replacement of username and password entirely. We will be configuring the latter use case in this example.
After navigating to GitHub's _Settings_ -> _Password and authentication_, there is a separate section shown for Passkeys.
After navigating to GitHub's _Settings_ -> _Password and authentication_, there is a separate section shown for passkeys.
.GitHub's Passkey Registration
image::passkeys_github_1.png[]
After clicking the _Add a Passkey_ button, the user is redirected to another page showing the actual configuration option.
After clicking the _Add a passkey_ button, the user is redirected to another page showing the actual configuration option.
.Configure Passwordless Authentication
image::passkeys_github_2.png[,50%]
Clicking the _Add Passkey_ button now shows the following popup dialog for the user, asking confirmation for creating a new Passkey.
Clicking the _Add passkey_ button now shows the following popup dialog for the user, asking confirmation for creating a new passkey.
.Passkey Registration Confirmation Dialog
image::passkeys_register_dialog.png[,30%]
After the Passkey has been registered, a new entry is created to the database under _KeePassXC-Browser Passwords_ with _(Passkey)_ added to the entry title. The entry holds additional attributes that are used for authenticating the Passkey.
After the passkey has been registered, a new entry is created to the database under _KeePassXC-Browser Passwords_ with _(passkey)_ added to the entry title. The entry holds additional attributes that are used for authenticating the passkey.
After registration, GitHub will ask a name for the Passkey. This is only relevant for the server.
After registration, GitHub will ask a name for the passkey. This is only relevant for the server.
.GitHub's Passkey Nickname
image::passkeys_github_3.png[,50%]
Now the Passkey should be shown on the GitHub's Passkey section.
Now the passkey should be shown on the GitHub's passkey section.
.Registered Passkeys on GitHub
image::passkeys_github_4.png[]
=== Login With a Passkey
The Passkey created in the previous section can now be used to login to GitHub. Instead of logging in with normal credentials, choose _Sign in with a passkey_ at the bottom of GitHub's login page.
The passkey created in the previous section can now be used to login to GitHub. Instead of logging in with normal credentials, choose _Sign in with a passkey_ at the bottom of GitHub's login page.
.GitHub's login page with a Passkey option
image::passkeys_github_5.png[,50%]
After clicking the button, KeePassXC-Browser detects the Passkeys authentication and KeePassXC shows the following dialog for confirmation.
After clicking the button, KeePassXC-Browser detects the passkeys authentication and KeePassXC shows the following dialog for confirmation.
.Passkey authentication confirmation dialog
image::passkeys_authentication_dialog.png[,50%]
@ -66,36 +66,36 @@ After confirmation user is now authenticated and logged into GitHub.
==== Multiple Passkeys for a Site
Multiple Passkeys can be created for a single site. When registering a new Passkey with a different username, KeePassXC shows an option to register a new Passkey or update the previous one. Updating a Passkey will override the existing entry, so this option should be only used when actually needed.
Multiple passkeys can be created for a single site. When registering a new passkey with a different username, KeePassXC shows an option to register a new passkey or update the previous one. Updating a passkey will override the existing entry, so this option should be only used when actually needed.
.Passkey authentication confirmation dialog
image::passkeys_update_dialog.png[,50%]
==== Exporting Passkeys
All Passkeys in a database can be viewed and accessed from the _Database_ -> _Passkeys..._ menu item. The page shows both _Import_ and _Export_ buttons for Passkeys.
All passkeys in a database can be viewed and accessed from the _Database_ -> _Passkeys..._ menu item. The page shows both _Import_ and _Export_ buttons for passkeys.
.Passkeys Overview
image::passkeys_all_passkeys.png[]
After selecting one or more entries, the following dialog is shown. One or multiple Passkeys can be selected for export from the previously selected list of entries.
After selecting one or more entries, the following dialog is shown. One or multiple passkeys can be selected for export from the previously selected list of entries.
.Passkeys Export Dialog
image::passkeys_export_dialog.png[,65%]
Exported Passkeys are stored in JSON format using the `.passkey` file extension. The file includes all relevant information for importing a Passkey to another database or saving a backup.
Exported passkeys are stored in JSON format using the `.passkey` file extension. The file includes all relevant information for importing a passkey to another database or saving a backup.
WARNING: The exported Passkey file is unencrypted and should be securely stored.
WARNING: The exported passkey file is unencrypted and should be securely stored.
==== Importing Passkeys
An exported Passkey can be imported directly to a database or to an entry. To import directly, use the _Database_ -> _Import Passkey_ menu item.
When right-clicking an entry, a separate menu item for _Import Passkey_ is shown. This is useful if user wants to import a previously created Passkey to an existing entry.
An exported passkey can be imported directly to a database or to an entry. To import directly, use the _Database_ -> _Import Passkey_ menu item.
When right-clicking an entry, a separate menu item for _Import Passkey_ is shown. This is useful if user wants to import a previously created passkey to an existing entry.
.Import Passkey to an Entry
image::passkeys_import_passkey_to_entry.png[,50%]
After selecting a Passkey file to import, a separate dialog is shown where you can select which database, group, and entry to target. By default, the group is set to _Imported Passkeys_. The default action is to create a new entry that contains the imported Passkey.
After selecting a passkey file to import, a separate dialog is shown where you can select which database, group, and entry to target. By default, the group is set to _Imported Passkeys_. The default action is to create a new entry that contains the imported passkey.
.Passkey import dialog
image::passkeys_import_dialog.png[,65%]

2
docs/topics/PasswordGenerator.adoc
View File

@ -21,7 +21,6 @@ image::password_generator.png[]
4. Select the character-sets that you want to include in your password.
5. Use the regenerate button (Ctrl + R) to make a new password using the chosen options.
6. Use the clipboard button (Ctrl + C) to copy the generated password to the clipboard.
// tag::advanced[]
7. Click the Advanced button to specify additional conditions for your desired password.
+
.Advanced Password Generator Options
@ -42,5 +41,4 @@ Word Count slider.
5. _(Optional)_ You can also load your own custom word lists. Click the plus sign button to the right of the wordlist selection dialog to choose a custom word list. You can download alternative lists from the https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases[EFF's Website] or from https://github.com/redacted/XKCD-password-generator#additional-languages[GitHub].
6. Click the Regenerate button (Ctrl + R) to generate a new random passphrase.
7. Click the Clipboard button (Ctrl + C) to copy the passphrase to the clipboard.
// end::advanced[]
// end::content[]

16
docs/topics/Reference.adoc
View File

@ -126,5 +126,21 @@ Use regular expressions to find and replace data from a resolved placeholder. Re
`C:\Backups\MyDatabase\01-05-2022.kdbx`
|===
=== Creating a YubiKey backup
It is advisable to have a backup replica YubiKey In case your main YubiKey gets damaged, lost, or stolen. The same HMAC key will need to be written to both keys. To do this you can either use the YubiKey Personalization Tool GUI or the ykpersonalize CLI tool. The steps for the CLI tool are shown:
1. Create a 20 byte HMAC key:
+
```
dd status=none if=/dev/random bs=20 count=1 | xxd -p -c 40
```
2. Write the HMAC key to slot 2 _(Set through the first switch. Out of the box the YubiKey OTP resides in slot 1)_:
+
```
ykpersonalize -2 -a -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible -oallow-update
```
You will be asked to enter the HMAC key you created earlier, copy/paste they key output in the first step. Repeat step 2 for your second YubiKey using the same HMAC key from before. We recommend storing your HMAC key in a safe place (e.g., printed on paper) in case you need to recreate another key.
// end::content[]

20
docs/topics/SSHAgent.adoc
View File

@ -3,12 +3,12 @@ include::.sharedheader[]
:imagesdir: ../images
// tag::content[]
== SSH Agent integration
== SSH Agent Integration
SSH (Secure Shell) is a widely used remote secure shell protocol and is considered an industry standard for secure remote access to UNIX-like systems including Linux, BSDs, macOS and more recently even Windows received native support. SSH supports multiple types of authentication and the most widely used ones are either interactive keyboard input with a password or a public-key cryptography pair of keys.
KeePassXC SSH Agent integration is built to manage SSH keys in a secure manner by either storing them completely within your KeePassXC database or by having only the decryption key of a key file that is stored elsewhere. SSH Agent integration _does not_ provide an agent itself but works as a client for any agent implementation that is OpenSSH compatible.
=== OpenSSH agent on Linux
=== OpenSSH Agent on Linux
If you are using a modern desktop Linux distribution it is very likely the OpenSSH agent is already configured and running when you have logged in to a graphical desktop session.
This should be true for distributions like Debian, Ubuntu (including Kubuntu, Xubuntu and Lubuntu), Linux Mint, Fedora, ElementaryOS and Manjaro.
@ -32,10 +32,10 @@ WARNING: _GNOME Keyring_ prior to release 3.27.92 had its own custom implementat
It does not support any constraints you may want to configure for an added key.
If you are running a modern distribution the custom agent has been removed and replaced with the stock OpenSSH agent which is feature complete.
=== OpenSSH agent on macOS
=== OpenSSH Agent on macOS
Apple has made OpenSSH an integrated part of macOS with automatic agent startup when it is first used. No further configuration is needed.
=== OpenSSH agent and Pageant on Windows
=== OpenSSH Agent and Pageant on Windows
The SSH Agent integration on Windows supports both _PuTTY Pageant_ and _OpenSSH for Windows 10_.
Since Pageant is currently still the most widely used implementation and is easily installable on any version of Windows, it is the default on KeePassXC.
However, Microsoft includes a native OpenSSH client implementation with Windows 10 since autumn 2018 that can be used instead. If you would like to self-manage your OpenSSH version you can use the builds offered via their official https://github.com/powershell/Win32-OpenSSH[GitHub repository].
@ -61,7 +61,7 @@ Alternatively, you can use a _Windows PowerShell_ running as _Administrator_ to
KeePassXC and other compatible tools can now use the Windows OpenSSH agent. To use it with KeePassXC, update the settings explained in <<Setting up SSH Agent integration>>.
=== Setting up SSH Agent integration
=== Setup SSH Agent Integration
By default the SSH Agent integration plugin is disabled.
To enable integration, follow the steps below to access the settings:
@ -78,10 +78,10 @@ On Windows, you have the option to select _Pageant_ and/or _OpenSSH for Windows_
If the value of _SSH_AUTH_SOCK_ is empty it means the agent is not properly configured and KeePassXC will be unable to connect to it unless you provide a static override path to the socket.
=== Generating a key to use with KeePassXC
=== Generating an SSH Key
KeePassXC only supports keys in the _OpenSSH_ format. On Windows, _PuTTYgen_ saves keys in its own format by default and you will need to convert them to OpenSSH format before being used. In this guide we are going to generate a standard RSA key in the default size.
==== Generating a key on Linux or macOS with _ssh-keygen_
==== Generating a key on Linux or macOS
Open a terminal window and type the following command to generate a key:
$ ssh-keygen -o -f keepassxc -C johndoe@example
@ -116,13 +116,13 @@ With KeePassXC you only need the first file listed.
==== Generating a key on Windows
On Windows you can generate key pairs with _PuTTYgen_ and with _ssh-keygen_, depending on whether you installed PuTTY and your Windows version.
===== Using _PuTTYgen_
===== Using PuTTYgen
Please read the manual on how to use _PuTTYgen_ for details on generate a key: https://the.earth.li/~sgtatham/putty/0.74/htmldoc/Chapter8.html#pubkey-puttygen. Once generated, you must save the key in the new OpenSSH format, see image below.
.Generating a key with _PuTTYgen_
image::sshagent_puttygen.png[,70%]
===== Using _ssh-keygen_
===== Using ssh-keygen
Open _Command Prompt_ or _Windows PowerShell_ and type the following command to generate a key:
PS C:\Users\user> ssh-keygen.exe -o -f keepassxc -C johndoe@example
@ -159,7 +159,7 @@ Now we can see two files were generated:
With KeePassXC you only need the first file listed.
=== Configuring an entry to use SSH Agent
=== Adding SSH Key to an Entry
The last step is to setup an entry to contain the SSH Agent settings and key file you generated.
1. Create a new entry, or open an existing entry in edit mode.

35
docs/topics/UserInterface.adoc
View File

@ -12,11 +12,11 @@ image::main_interface.png[]
*(A) Groups* Organize your entries into discrete groups to bring order to all of your sensitive information. Groups can be nested under each other to create a hierarchy. Settings from parent groups get applied to their children. You can hide this panel on the View menu.
*(B) Tags* Dynamic groups of entries that can be quickly displayed with one click. Any number of custom tags can be added when editing an entry. This panel also includes useful pre-defined searches, such as finding expired and weak passwords.
*(B) Searches and Tags* Dynamic groups of entries that can be quickly displayed with one click. Any number of custom tags can be added when editing an entry. This panel also includes useful pre-defined and custom saved searches, such as finding expired and weak passwords.
*\(C) Entries* Entries contain all the information you want to store for a website or application you are storing in KeePassXC. This view shows all the entries in the selected group. Each column can be resized, reordered, and shown or hidden based on your preference. Right-click the header row to see all available options.
*\(C) Entries* Entries contain all the information for a website or application you are storing in KeePassXC. This view shows all the entries in the selected group. Each column can be resized, reordered, and shown or hidden based on your preference. Right-click the header row to see all available options.
*(D) Preview* Shows a preview of the selected group or entry. You can temporarily hide this preview using the close button on the right hand side or completely disabled in the application settings.
*(D) Preview* Shows a preview of the selected group or entry. You can interact with most information stored in an entry from here without opening the entry for editing. You can temporarily hide this preview using the down-arrow button on the right hand side or completely disable it from the View menu.
TIP: You can enable double-click copying of entry username and password in the Application Security Settings. This is turned off by default starting with version 2.7.0.
@ -29,13 +29,17 @@ image::toolbar.png[]
*(A) Database* Open Database, Save Database, Lock Database +
*(B) Entries* Create Entry, Edit Entry, Delete Selected Entries +
*\(C) Entry Data* Copy Username, Copy Password, Copy URL, Perform Auto-Type +
*(D) Tools* Password Generator, Application Settings +
*(D) Tools* Database Settings, Reports, Password Generator, Application Settings +
*(E) Search*
=== Application Settings
Users can configure KeePassXC to their personal tastes with a wide variety of general and security settings that apply to the whole application. These settings are accessible from _Tools_ -> _Settings_ or the cog wheel icon from the toolbar. Settings include: startup options, file management, entry management, user interface, language, security timeouts, and convenience.
=== Screenshot Security
By default, KeePassXC prevents recordings and screenshots of the application window on Windows and macOS. This prevents inadvertent spillage of information during meetings and disallows other applications to capture the window contents. If you would like to enable screen capture temporarily, navigate to _View_ menu and select _Allow Screen Capture_. Alternatively, you can start the application with the `--allow-screencapture` command line flag.
==== Setting the Theme
=== View Options
You can customize the appearance of KeePassXC to your liking. The following options are available in the _View_ menu:
==== Themes
KeePassXC ships with light and dark themes specifically designed to meet accessibility standards. In most cases, the appropriate theme for your system will be determined automatically, but you can always set a specific theme by using the _View_ menu. When a new theme is selected you will be prompted to restart KeePassXC to apply the theme immediately.
.Setting the theme
@ -47,8 +51,8 @@ For users with smaller screens or those who desire seeing more entries at once,
.Compact mode comparison
image::compact_mode_comparison.png[]
=== Screenshot Security
By default, KeePassXC prevents recordings and screenshots of the application window on Windows and macOS. This prevents inadvertent spillage of information during meetings and disallows other applications to capture the window contents. If you would like to enable screen capture, you must start the application with the `--allow-screencapture` command line flag.
=== Application Settings
Users can configure KeePassXC to their personal tastes with a wide variety of general and security settings that apply to the whole application. These settings are accessible from _Tools_ -> _Settings_ or the cog wheel icon from the toolbar. Settings include: startup options, file management, entry management, user interface, language, security controls, and integration settings (Auto-Type, Browser, etc).
=== Keyboard Shortcuts
include::KeyboardShortcuts.adoc[tag=content, leveloffset=+1]
@ -77,6 +81,7 @@ Arguments:
filename(s) filenames of the password databases to open (*.kdbx)
----
=== Environment Variables
Additionally, the following environment variables may be useful when running the application:
[grid=rows, frame=none, width=75%]
@ -91,5 +96,17 @@ Additionally, the following environment variables may be useful when running the
|QT_SCREEN_SCALE_FACTORS [list] | Specifies scale factors for each screen. See https://doc.qt.io/qt-5/highdpi.html#high-dpi-support-in-qt
|QT_SCALE_FACTOR_ROUNDING_POLICY | Control device pixel ratio rounding to the nearest integer. See https://doc.qt.io/qt-5/highdpi.html#high-dpi-support-in-qt
|===
=== Installer Options
The following options can be set when running the Windows Installer MSI in an unattended installation:
* *LAUNCHAPPONEXIT* Launch KeePassXC after install (default ON)
* *AUTOSTARTPROGRAM* KeePassXC will auto-start on login (default ON)
* *INSTALLDESKTOPSHORTCUT* A desktop icon will be installed (default OFF)
Example: `msiexec.exe /q /i KeePassXC-Y.Y.Y-WinZZ.msi AUTOSTARTPROGRAM=0`
== Command Line Tool
KeePassXC comes with the command line tool *keepassxc-cli* to access, view, and manipulate your database directly from a terminal window. The tool is documented through a separate man page, which can be shown using `man keepassxc-cli`, or through the on-demand help using `keepassxc-cli [command] -h`. An online version of the man page is https://github.com/keepassxreboot/keepassxc/blob/latest/docs/man/keepassxc-cli.1.adoc[available on GitHub].
// end::advanced[]
// end::content[]

5
docs/topics/Welcome.adoc
View File

@ -26,12 +26,13 @@ KeePassXC has numerous features for novice and power users alike. This guide wil
** Password generator
** Auto-Type passwords into applications
** Browser integration with Google Chrome, Mozilla Firefox, Microsoft Edge, Chromium, Vivaldi, Brave, and Tor-Browser
** Support for passkeys using the browser integration
** Entry icon download
** Import databases from CSV, 1Password, and KeePass1 formats
** Import databases from CSV, 1Password, Bitwarden, Proton Pass, and KeePass1 formats
* Advanced Features
** Database reports (password health, HIBP, and statistics)
** Database export to CSV and HTML formats
** Database export to CSV, XML, and HTML formats
** TOTP storage and generation
** Field references between entries
** File attachments and custom attributes

BIN
share/demo.kdbx
View File

Binary file not shown.

1
share/demo.key
View File

@ -1 +0,0 @@
secret

BIN
share/demo.old.kdbx
View File

Binary file not shown.

3
share/demo_readme.md Normal file
View File

@ -0,0 +1,3 @@
This is a demo database to showcase some of the features of KeePassXC
The password to unlock demo.kdbx is: secret

4
share/linux/org.keepassxc.KeePassXC.appdata.xml
View File

@ -222,7 +222,7 @@
<li>Browser: Revert code causing connection problems [#8665]</li>
<li>Browser: Fix socket file symbolic link on Linux [#8656]</li>
<li>Flatpak: Fix launching browser proxy service [#8680]</li>
<li>SSH Agent: Fix paegent support on Windows [#8619]</li>
<li>SSH Agent: Fix pageant support on Windows [#8619]</li>
</ul>
</description>
</release>
@ -1092,7 +1092,7 @@
<li>Compare window title to entry URLs [#556]</li>
<li>Implemented inline error messages [#162]</li>
<li>Ignore group expansion and other minor changes when making database "dirty" [#464]</li>
<li>Updated license and copyright information on souce files [#632]</li>
<li>Updated license and copyright information on source files [#632]</li>
<li>Added contributors list to about dialog [#629]</li>
</ul>
</description>