KeePassXC is a modern, secure, open-source, and cross-platform password manager. It is a fork of KeePassX that aims to incorporate stalled pull requests, features, and bug fixes that never made it into the main KeePassX repository.
USE flags for app-admin/keepassxc KeePassXC - KeePass Cross-platform Community Edition
|Add support for X11
|Add support to autotype the passwords into other applications
|Enables browser plugin support
|Add extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally
|Enable KeeShare sharing integration
|Enable network support
|Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
|Enable database unlocking via hardware keys supporting YubiKey-style HMAC-SHA1 protocol
To install KeePassXC:
emerge --ask app-admin/keepassxc
KeepassXC configuration file containing basic user settings
- ~/.config/keepassxc/keepassxc.ini - Local (per user) configuration file.
KeePassXC also supports the Secret Service API, which allows client applications to securely store secrets in a service running in the user’s login session. To enable KeePassXC to handle the Secret Service API, following steps are required:
- A new group or database must be created, either via the command-line interface or the graphical user interface. This group or database will be used for integration and can be accessed by applications via libsecret.
- The newly created group or database must be exposed to other applications by selecting it in the Database Settings (Database --> Database Settings --> Secret Service Integration) and confirming the selection.
- Now the Secret Service Integration in the settings must be activated, to allow applications to handle their secrets in the created group or database.
If it is not possible to activate the Secret Service Integration of KeePassXC because another Secret Service API is running (e.g. the gnome-secret service) the related secret service must be stopped and removed from auto-start. The desktop environment documentation (if any, otherwise the users environment) should be referred for guidance on how to do so. A general approach could be to remove the file /etc/xdg/autostart/gnome-keyring-secrets.desktop if the blocking service is gnome-keyring. Please make sure to make a backup of the file before removing it.
It is possible that the gnome-keyring secret service or another integration is starting before KeePassXC secret service. This can occur if an application requiring the Secret Service integration, starts before KeePassXC secret service API is running, resulting in KeePassXC's integration being blocked and the other service is loaded.
To resolve this, it is possible to simply remove the blocking application. For gnome-keyring for example:
emerge --ask --depclean --verbose gnome-base/gnome-keyring
When using the secret service integration in KeePassXC, it is crucial to ensure that KeePassXC starts before other applications that require the integration, such as web browsers. To achieve this, the autostart option for KeePassXC can be enabled. Moreover, before using applications that need to store secrets, such as browsers, the related group or database for the secret service must be unlocked. Otherwise, if the applications start before an active secret service API is running, they will not be able to store secrets, and users will not stay logged in on websites between browser sessions.
Usage: keepassxc [options] [filename(s)] KeePassXC - cross-platform password manager Options: -h, --help Displays help on commandline options. --help-all Displays help including Qt specific options. -v, --version Displays version information. --config <config> path to a custom config file --localconfig <localconfig> path to a custom local config file --lock lock all open databases --keyfile <keyfile> key file of the database --pw-stdin read password of the database from stdin --debug-info Displays debugging information. --allow-screencapture allow screenshots and app recording (Windows/macOS) Arguments: filename(s) filenames of the password databases to open (*.kdbx)
KeePassXC can be removed with unmerging it:
emerge --ask --depclean --verbose app-admin/keepassxc
- KeePassXC/cli — a command line interface for the KeePassXC password manager.
- Password management tools — This meta article is dedicated to secure password generation, auditing of generated passwords for security, and management of existing passwords.
- Documenting KeePass KDBX4 file format
- Discussion on CVE-2023–35866
- What's the difference between KeePass / KeePassX / KeePassXC?