keepass-shell

kpsh

kpsh, or KeePass Shell, is an interactive shell for working directly with KeePass database files.

Features

• open, lock and unlock databases
• list contents of database
• show contents of database entries and filter them by fields
• autotype usernames and passwords or any sequences of entry fields.
• access all commands non-interactively via -c switch or by piping commands directly to kpsh
• tab-completion in interactive mode
• several built-in ways to obtain a password, which can be passed by argument, typed directly to kpsh or through pinentry program program or fetched from a provided command output
• ships with highly customizable kpsh-menu script which performs any kpsh command on entries selected by dmenu/rofi/fzf (e.g. autotype passwords selected in dmenu/rofi)

Usage examples

Typical session:

$ kpsh passwords.kdbx

passwords.kdbx> ls
Password: ********
personal/bank
personal/login
personal/website
work/login

passwords.kdbx> show work/login
path: work/login
username: John Doe
password: jsdf7y8h8349yhj3h42

Get a password from gpg-encrypted file (trailing newline, which isn’t a part of password is trimmed):

$ gpg --encrypt -o masterpass.gpg -r mymail@example.com
<type type type>
^D
$ kpsh passwords.kdbx --pw-cmd "gpg --decrypt masterpass.gpg | tr -d '\n'"

… or from a keyring:

$ secret-tool store --label='keepass' database passwords.kdbx
$ kpsh passwords.kdbx --pw-cmd "secret-tool lookup database passwords.kdbx"

Autotype a user/password sequence:

kpsh passwords.kdbx --pw-cmd "secret-tool lookup database passwords.kdbx"
                    -c autotype

… or just a password, but a little faster:

kpsh passwords.kdbx --pw-cmd "secret-tool lookup database passwords.kdbx"
                    -c "autotype -s {PASSWORD} -D 12"

Installation

$ pip install --user kpsh