From Gentoo Wiki
Jump to:navigation Jump to:search

KeePassXC is a modern, secure, open-source, and cross-platform password manager. It is a fork of KeePassX that aims to incorporate stalled pull requests, features, and bug fixes that never made it into the main KeePassX repository.


USE Flags

USE flags for app-admin/keepassxc KeePassXC - KeePass Cross-platform Community Edition

X Add support for X11
autotype Add support to autotype the passwords into other applications
browser Enables browser plugin support
doc Add extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally
keeshare Enable KeeShare sharing integration
network Enable network support
test Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
yubikey Enable database unlocking via hardware keys supporting YubiKey-style HMAC-SHA1 protocol


To install KeePassXC:

root #emerge --ask app-admin/keepassxc



KeepassXC configuration file containing basic user settings

  • ~/.config/keepassxc/keepassxc.ini - Local (per user) configuration file.

Secret Service

KeePassXC also supports the Secret Service API, which allows client applications to securely store secrets in a service running in the user’s login session.[1] To enable KeePassXC to handle the Secret Service API, following steps are required:

  1. A new group or database must be created, either via the command-line interface or the graphical user interface. This group or database will be used for integration and can be accessed by applications via libsecret.
  2. The newly created group or database must be exposed to other applications by selecting it in the Database Settings (Database --> Database Settings --> Secret Service Integration) and confirming the selection.
  3. Now the Secret Service Integration in the settings must be activated, to allow applications to handle their secrets in the created group or database.

If it is not possible to activate the Secret Service Integration of KeePassXC because another Secret Service API is running (e.g. the gnome-secret service) the related secret service must be stopped and removed from auto-start. The desktop environment documentation (if any, otherwise the users environment) should be referred for guidance on how to do so. A general approach could be to remove the file /etc/xdg/autostart/gnome-keyring-secrets.desktop if the blocking service is gnome-keyring. Please make sure to make a backup of the file before removing it.

It is possible that the gnome-keyring secret service or another integration is starting before KeePassXC secret service. This can occur if an application requiring the Secret Service integration, starts before KeePassXC secret service API is running, resulting in KeePassXC's integration being blocked and the other service is loaded.

To resolve this, it is possible to simply remove the blocking application. For gnome-keyring for example:

root #emerge --ask --depclean --verbose gnome-base/gnome-keyring


user $keepassxc

Secret Service

When using the secret service integration in KeePassXC, it is crucial to ensure that KeePassXC starts before other applications that require the integration, such as web browsers. To achieve this, the autostart option for KeePassXC can be enabled. Moreover, before using applications that need to store secrets, such as browsers, the related group or database for the secret service must be unlocked. Otherwise, if the applications start before an active secret service API is running, they will not be able to store secrets, and users will not stay logged in on websites between browser sessions.


user $keepassxc --help
Usage: keepassxc [options] [filename(s)]
KeePassXC - cross-platform password manager

  -h, --help                   Displays help on commandline options.
  --help-all                   Displays help including Qt specific options.
  -v, --version                Displays version information.
  --config <config>            path to a custom config file
  --localconfig <localconfig>  path to a custom local config file
  --lock                       lock all open databases
  --keyfile <keyfile>          key file of the database
  --pw-stdin                   read password of the database from stdin
  --debug-info                 Displays debugging information.
  --allow-screencapture        allow screenshots and app recording

  filename(s)                  filenames of the password databases to open (*.kdbx)



KeePassXC can be removed with unmerging it:

root #emerge --ask --depclean --verbose app-admin/keepassxc

See also

  • KeePassXC/cli — a command line interface for the KeePassXC password manager.
  • Password management tools — This meta article is dedicated to secure password generation, auditing of generated passwords for security, and management of existing passwords.

External resources