Keepassxc: Copy KeePassXC settings to individual db settings
Expected Behavior
Feature request to make some settings, e.g. locking db if session locked, configurable at the db level rather than or in addition to KeePassXC installation.
Current Behavior
Currently db settings are limited to crypto and basic metadata and do not include KeePassXC behaviour.
Context
I manage multiple KeepPassXC databases on multiple machines. In that context, the threat model is different for each db and for each machine. Applying the strictest settings, e.g. lock the db if session is locked, makes sense for some db's on some machines and so I have such setting on all KeePassXC installations.
As an example, at work I often need access to several accounts for a short period of time which will then either cease to exist or become inaccessible again. I use these accounts on a machine I trust less than my personal machines but also use for some personal stuff. I thus keep two dbs in this scenario, one for the current job and the other for personal. I lock my screen frequently which thus locks my personal db (great) but also the work db (not so great).
kalegrill
All 16 comments
I like this idea, just need to make sure we remain compatible with keepass and others. This will require heavy work on the ui front.
droidmonkey
on 24 Aug 2017
Those settings could either be saved inside the DB or in the config file. DB ensures that no extra meta data leak and it works across devices, but global config is probably easier and doesn't mess up your DB with automatic config entries.
phoerious
on 24 Aug 2017
(personally, I would not use it, but I see a few ways to achieve something like this while also maintaining compatibility)
As mentioned above, storing extra settings outside the database might leak metadata. This could be mitigated a little bit perhaps. Instead of storing super-private.kdbx locks with session, one could store salted-peppered-hash-of-something-specific-to-that-file locks with session. I'm not sure if there's something like a database-wide UUID or something, but this would not leak to much information for most use cases IMO.
Or one could create a meta password somewhere in the database where some extra-settings are stored in the notes field or something.
ccoenen
on 25 Aug 2017
I really like the idea of a meta password to store all the settings using the attributes fields
droidmonkey
on 25 Aug 2017
I'm curious of what other uses this may have as well
kalegrill
on 28 Aug 2017
I have a use case for this ... it a uses sets DB to lock after a period of inactivity, and assumes it so, if anyone (say a family member) can come along and un-check that setting, then the database can be left open unlocked. Not pointing fingers, but im pretty sure my kids have done this get into my microsoft account and alter their screen-time settings!
piggz
on 7 Jan 2019
Man, I used to just use a Red Hat 3 boot disk to get around parental protections!
droidmonkey
on 7 Jan 2019
Theyve also been known to do a password reset ... but I fixed that with 2fa!
piggz
on 7 Jan 2019
I would also like to export all settings of KeePassXC to a external file and also import the settings from this external file.
I have two use-cases for this suggestion:
- I have multiple computers (PC, Laptop, VM, Laptop at work) and with this feature I can have the same settings on all clients
- I have KeePassXC 2.5.4 installed and tested the portable snapshot build. This messed up the settings of KeePassXC (installed) so with this feature I could easily restore my settings with some mouse clicks
This feature would really help me a lot and I really hope it is implemented....
OLLI-S
on 16 May 2020
You find the settings in %LocalAppData%\KeePassXC on Windows, ~/.config/keepassxc on Linux, or ~/Library/Application Support/KeePassXC on macOS.
Starting with 2.6, the Windows settings have migrated to %AppData%\KeePassXC and %LocalAppData% only contains things like the window geometry etc. On Linux, this will be in ~/.cache/KeePassXC, on macOS it's ~/Library/Caches/KeePassXC.
phoerious
on 16 May 2020
And this is exactly the problem: it is not very user friendly (a bad usability) because the user needs to know where the settings are located on the system.
Two buttons "Export Settings" and "Import Settings" in the settings would be much more user friendly.
OLLI-S
on 16 May 2020
If the portable snapshot messed up your installed settings then there is a pre release bug there.
droidmonkey
on 16 May 2020
@droidmonkey I created a pre-release bug issue https://github.com/keepassxreboot/keepassxc/issues/4751
OLLI-S
on 16 May 2020
All of these things are not really related to the original issue, though?
ccoenen
on 16 May 2020
Not related at all
droidmonkey
on 16 May 2020
@droidmonkey It was my fault when I read the comment https://github.com/keepassxreboot/keepassxc/issues/891#issuecomment-324689455.
So can you please take my comment https://github.com/keepassxreboot/keepassxc/issues/891#issuecomment-629623788 and all following comments and move them to a new issue?
OLLI-S
on 17 May 2020
Related issues
MountainX
路
3Comments
guihkx
路
3Comments
813gan
路
3Comments
n1trux
路
3Comments
2tbwXj46BDbdNBRV79DS
路
3Comments
Most helpful comment
Those settings could either be saved inside the DB or in the config file. DB ensures that no extra meta data leak and it works across devices, but global config is probably easier and doesn't mess up your DB with automatic config entries.