KeePassXC

From Gentoo Wiki
Jump to:navigation Jump to:search
This article is a stub. Please help out by expanding it - how to get started.

KeePassXC is a cross-platform password manager. It is a fork of KeePassX that aims to incorporate stalled pull requests, features, and bug fixes that have never made it into the main KeePassX repository.

Installation

USE Flags

USE flags for app-admin/keepassxc KeePassXC - KeePass Cross-platform Community Edition

X Add support for X11
autotype Add support to autotype the passwords into other applications
browser Enables browser plugin support
doc Add extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally
keeshare Enable KeeShare sharing integration
network Enable network support
test Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
yubikey Enable database unlocking via hardware keys supporting YubiKey-style HMAC-SHA1 protocol

Emerge

To install KeePassXC:

root #emerge --ask app-admin/keepassxc

Removal

Unmerge

KeePassXC can be removed with unmerging it:

root #emerge --ask --depclean --verbose app-admin/keepassxc

Optional - Enabling the Secret Service Integration

KeePassXC also supports the Secret Service API, which allows client applications to securely store secrets in a service running in the user’s login session.[1] To enable KeePassXC to handle the Secret Service API, following steps are required:

  1. A new group or database must be created, either via the command-line interface or the graphical user interface. This group or database will be used for integration and can be accessed by applications via libsecret.
  2. The newly created group or database must be exposed to other applications by selecting it in the Database Settings (Database --> Database Settings --> Secret Service Integration) and confirming the selection.
  3. Now the Secret Service Integration in the settings must be activated, to allow applications to handle their secrets in the created group or database.

If it is not possible to activate the Secret Service Integration of KeePassXC because another Secret Service API is running (e.g. the gnome-secret service) the related secret service must be stopped and removed from auto-start. The desktop environment documentation (if any, otherwise the users environment) should be referred for guidance on how to do so. A general approach could be to remove the file /etc/xdg/autostart/gnome-keyring-secrets.desktop if the blocking service is gnome-keyring. Please make sure to make a backup of the file before removing it.

It is possible that the gnome-keyring secret service or another integration is starting before KeePassXC secret service. This can occur if an application requiring the Secret Service integration, starts before KeePassXC secret service API is running, resulting in KeePassXC's integration being blocked and the other service is loaded.

To resolve this, it is possible to simply remove the blocking application. For gnome-keyring for example:

root #emerge --ask --depclean --verbose gnome-base/gnome-keyring
Important
When using the secret service integration in KeePassXC, it is crucial to ensure that KeePassXC starts before other applications that require the integration, such as web browsers. To achieve this, the autostart option for KeePassXC can be enabled. Moreover, before using applications that need to store secrets, such as browsers, the related group or database for the secret service must be unlocked. Otherwise, if the applications start before an active secret service API is running, they will not be able to store secrets, and users will not stay logged in on websites between browser sessions.

External resources