You could have the database on your person and plug it in as and when needed. So while its not really a security feature, it's more secure than a database stored on the computer. so if you do run the script manually, say from a keyboard shortcut then you don't get the unnecessary output in the terminal. I have also sent the outputs to /dev/null. change that to the label of your usbstick.
a loop run until it finds the usb device (lsblk line) I named it securityKey to make it easy to identify. it will run every 5 seconds, you can adjust as you see fit, maybe 60 seconds suits you. So what this does briefly, at login keepasslogin is set running. Secret-tool lookup keepass Passwords | keepassxc -pw-stdin $mnt/KeePassXC.kdbx > /dev/null 2>&1 &Īdd a startup application to run the file (browse to the file in the startup application gui). Mnt=$(lsblk -output MOUNTPOINT | grep securityKey) # File: KeepassLogin check if specific security key is mounted. I moved the keepassxc database onto a USB drive. I got to thinking about this, the security implications mainly, and with Yubikey coming to mind I chose to implement a little "security minded" addition. You could now add a new startup application with "/path/to/keePassLogin" as the command. Once you are back at the terminal prompt. You can try a smaller sleep time if three seconds is too long for you.
Keepassx ubuntu password#
If you are not familiar with nano, ctrl + x and then enter will save the file after you have made the changes.Īdded a delay because it appears that the password prompt doesn't always appear in time for the echo. The echo functions as the enter key would. Secret-tool lookup keepass Passwords | keepassxc -pw-stdin ~/Secured/Passwords.kdbx & sleep 3 echo '' touch KeePassLogin & chmod +x KeePassLogin & nano KeePassLogin The following is a little bash script.Ĭrack open your terminal. With that said, I have a solution to the issue in the comments about the terminal hanging. I have no experience of them, though I have looked into them and they are used for authentication, which is what you want to do. Otherwise, you may prefer to look into getting a yubikey. Heed the security implications, if you simply prefer to have locally stored passwords and have no other persons accessing the computer then this should be just fine. This option remains significantly less secure than supplying the password yourself while using KeepPassXC, but the well informed user should have the freedom to make the balance between security and convenience. Next to a label, you are providing an attribute (here we choose "keepass") and a value (you can use the name of your database () or another string that should not contain spaces).Īfter login, you can then launch and unlock KeePassXC with the command secret-tool lookup keepass | keepassxc -pw-stdin. You can do this with the "Passwords and Keys" tool or with the command: secret-tool store -label="KeePass " keepass
Keepassx ubuntu install#
You will need to install libsecret-tools for this to work.įirst you need to store the KeePassXC password in the Gnome keyring. Your password is stored in an unreadable form, and one needs to be logged in as your user to be able to open KeePassXC or read the password. This compromises security quite seriously compared to entering the password on opening directly, because your password is stored unencrypted in a file on your system.Ī more secure option is to use another password vault, such as Gnome Keyring ( Source). Thus, in a most simple way, you can automatically open a KeePassXC database with a command like: echo | keepassxc -pw-stdin. You can give a password to KeePassXC through standard input on the command line with the option -pw-stdin.
0 kommentar(er)
