kdbx-cli is an interactive command-line interface for the KeePass password database (.kdbx).
- Thin wrapper over the pykeepass library as the only dependency except the standard Python modules and pyotp for one-time passwords
- Runs as a single process to avoid the complexity of securing inter-process communication (unlike passhole which keeps a background process)
- Interoperable with KDBX 4.0, KeePassXC and Keepass2Android Offline
- Clipboard integration (using
xselby default) - Auto-erase clipboard (after
10seconds by default) - Auto-completion using the
tabkey - No destructive operations
- Every change is saved to entry history
- Deleted entries are moved to
Recycle Bin
- Prevent overwriting the database file when its modified time changes (not atomic)
- For file synchronization use e.g. Syncthing with Staggered File Versioning
- Copying entries to another database file
- Print QR codes (using the pipe commands; run e.g. with
--pipe "qrencode -t utf8") - SSH integration (using the included scripts sshgen, sshknown)
- Custom Attributes
- Notes are line-separated and prepended with a label
- Database files can be protected only by a password
- New entries can be created only in the root group
- Entry titles with spaces are not supported in commands with multiple parameters (but can be changed using
rename) - No GPG integration (e.g. by forwarding gpg-agent)
- Not published to PyPI yet
Copy/clone the kdbx-cli script and make it executable.
Install pykeepass:
pip3 install -r requirements.txtMacOS requires additional configuration for GNU readline interface to make tab-completion work:
tee ~/.editrc << EOM
python:bind ^I rl_complete
EOM
brew reinstall readlineMacOS uses pbcopy instead of xsel:
alias kp='kdbx_cli.py --clip "pbcopy" --paste "pbpaste"'On Windows or WSL, win32yank can be used (e.g. installed with neovim by default):
alias kp='kdbx_cli.py --clip "win32yank.exe -i --crlf" --paste "win32yank.exe -o --lf"'Start the interactive CLI with:
kp FILENAMEUse the tab key for auto-completion.
General
helplist all commandsqquit- press
Ctrl+Dto quit andCtrl+Cto interrupt lslist entriesltlist entries by modified timefind STRINGfind entriesdig STRINGfind entries in recycle bins [TITLE]select entry by titleadd TITLEnew entry with titlerename TITLEchange titlerm ENTRY...move entries to recycle binrestore ENTRY...restore entries from recycle bincp FILE ENTRY...copy entries to db filemv FILE ENTRY...copy entries to db file, then move to recycle bindedupnumber duplicate titlespasswdchange db passwordcclear clipboard
Read Entry
dumpdisplay fieldshistorydisplay changesh [TIME]select history itempclip passwordpddisplay passwordpcpipe passwordpspartially display passwordpvverify passworduclip usernameuddisplay usernameucpipe usernamelclip location (URL)lddisplay location (URL)lcpipe location (URL)n LABELclip note by labelnd LABELdisplay note by labelnc LABELpipe note by labelndumpdisplay notesa LABELclip attribute by labelad LABELdisplay attribute by labelac LABELpipe attribute by labelas LABELpartially display attribute by labelssh [TIME]ssh-add private key (from password)sshknownadd to known_hosts (from URL)otpclip TOTPotpddisplay TOTPotpuridisplay OTP uri
Modify Entry
pputchange passwordppastepaste new passworduputchange usernameupastepaste new usernamelputchange location (URL)lpastepaste new locationnput LABELchange note by labelnpaste LABELpaste new note with labelnrm LABELremove note by labelaput LABELchange attribute by labelapaste LABELpaste new attribute by labelarm LABELremove attribute by labelotpputchange TOTP secretotppastepaste new TOTP secret
Generate Entry Passwords
agen LABEL SIZEgenerate new printable attributeagena LABEL SIZEgenerate new alphanumeric attributeagend LABEL SIZEgenerate new digit attributeagenc LABEL SIZEgenerate new crockford attributepgen SIZEgenerate new printable passwordpgena SIZEgenerate new alphanumeric passwordpgend SIZEgenerate new digit passwordpgenc SIZEgenerate new crockford passwordsshgengenerate ssh keys