A non-featureful KeePassXC-proxy command line client.
Same as browser extension, it retrieves passwords from an unlocked DB. Unlike secret-tool, it doesn't require you to set KeePassXC to be your secret service (there can only be one).
If you have Go set up, you can do
go install gitlab.com/nwwdles/kpxcpc@latestObviously, you may want to review the code first :^)
There's also a PKGBUILD for Arch-based systems.
Usage of kpxcpc:
-associate
associate and print association info to stdout in json format
-fmt string
format string for entry fields: name - %n, login - %l, pass - %p,
uuid - %u, custom fields - %F:fieldname
(default "%p")
-identity string
set identity file (default "~/.local/share/kpxcpc/identity.json")
-json
print json
-nounlock
do not trigger DB unlock prompt
-socket string
path to keepassxc-proxy socket
-totp
get TOTPTo delimit entries with null-character, use \x00 instead of \0.
Custom entry fields need to have a name in the following format: KPH: myfield (with a space between prefix and field name) to be available through keepassxc-proxy. To refer to them in kpxcpc format string, use %F:myfield (without a space).
Example:
$ kpxcpc 'http://google.com'
pwAJWsXs2HcDvz5HM4mk3ub@7rdP7473n7y5i9
$ kpxcpc -fmt 'pass: %p\n' 'http://google.com'
pass: pwAJWsXs2HcDvz5HM4mk3ub@7rdP7473n7y5i9
$ kpxcpc -fmt 'pass: %p\nmyfield: %F:myfieldname\n' 'http://google.com'
pass: pwAJWsXs2HcDvz5HM4mk3ub@7rdP7473n7y5i9
myfield: hello world
$ kpxcpc -json 'http://google.com'
[{"login":"elon","name":"google","password":"pwAJWsXs2HcDvz5HM4mk3ub@7rdP7473n7y5i9","uuid":"d1e6cba53ad04e8fb23f2991c160ce5a","stringFields":[{"KPH: myfieldname":"hello world"}]}]
$ kpxcpc -totp 0851580ae78549e3be60949e908a040e
C2PHRAssociation info is stored in plaintext in ~/.local/share/kpxcpc/identity.json. If you want, you can manage the storage of association info manually:
- use
-associateto associate once and print identity json to stdout, - use
-identity -to read identity json from stdin.
Still, if you use the browser extension, it's probably not too hard to retrieve association info from your browser profile.
$ kpxcpc -associate
{"id":"example","idKey":"tli3pJmrVwLEyfGcf29LzAKvNyAJaigu"}
$ echo '{"id":"example","idKey":"tli3pJmrVwLEyfGcf29LzAKvNyAJaigu"}' | kpxcpc -identity - 'https://google.com'
pwAJWsXs2HcDvz5HM4mk3ub@7rdP7473n7y5i9