Jump to content

Recommended Posts

Hello, 

I created a workflow that allows to list the entries of a KeePassXC database and retrieve the password for an entry. 


You can find it here: https://github.com/Angoll/KPass

 

I've been using Alfred for a while, basic functions without entering into the workflows world, but recently I'm switching to KeePassXC to store my passwords and I created the workflow to help with the change. I saw that there is some demand of a workflow that this one but no one created it.

 

It uses the keepassxc-cli to access password database and Keychain to secure store the password for the keychain.
All code is written in bash and AppleSript (JS) for the configuration setup.

 

Keychain Tip: if you create a new keychain and enable the auto-lock after X time, it will prompt for the password. Or modify the Access Control of the KPass_AlfredWorkflow to ask for key always.

 

Any feedback is welcome ☺️

 

 

- Dependencies:

Apart from Alfred and KeePassXC no external dependencies are required.

 

- Regarding Security:

Security is a big concert for all, so all code of this workflow is plain text, you are welcome to check it. Feel free to reach me if you improve it.

 

- Screenshots:

 

Example of listing entries of a database

1029264121_Screenshot2020-04-05at11_10_01.thumb.png.1b272f2f01c8ff3f697b423cda435881.png

 

 

KPass Configuration Script, this will prompt to select the database, keychain and password to configure the integration.

image.thumb.png.442c2c3032d497d7025af03af9c019a9.png

Edited by angoll
Improvement information
Link to post
  • 2 weeks later...
14 hours ago, woodyc79 said:

Hello!

 

Great stuff, thank you for your effort!

Unfortunately I'm not able to select any kdbx file.. they are greyed out in Catalina...

 

Kind regards,
Chris


Hi Chris, thanks for the feedback,


As a quick fix you can modify the script of the workflow (/usr/bin/osascript) and remove the line: 
  ofType: ["dyn.ah62d4rv4ge8003dcta"] //.kdbx extension type identifier

This won't filter by file type, I checked with two macs and they provide me with the same identifier

 

Let me know how it works, later I will try to upload a version without the check

Link to post
50 minutes ago, angoll said:

I checked with two macs and they provide me with the same identifier


Dynamic UTIs aren't random. They're encoded in base 32 (IIRC) and say "extension == .xyz". So an unknown file with the extension ".kdbx" will always be given the same dyn.* UTI.

Link to post
  • 4 months later...
On 4/5/2020 at 12:52 AM, angoll said:

Hello, 

I created a workflow that allows to list the entries of a KeePassXC database and retrieve the password for an entry. 

...

 

Hey, @angoll!

 

Thanks for heavy lifting. I was looking for such integration for quite some time. There was no time to create it by myself from scratch.

However, I changed a few things and now it suits me better. I did not create pull request because I am not sure my functionality is in accordance of your workflow.

 

My KeePass database is big and contains hundreds of entries. Thus, I cannot afford list all entries. Instead, I change it to use "locate" command instead of "ls" for keepassxc-cli. Also, added some bells and whistles:

  • fixed issue with spaces in entry names
  • filtered out Recycle bin entries
  • removed leading slash for display clarity
  • replaced slashes with arrows to show folder names more clearly

Here's how it looks for me now:

520907670_ScreenShot2020-08-19at21_24_11.thumb.png.0577533de1ded5543050a743456a7e3c.png

Here's modified script:

query="{query}"
IFS=$'\n'

export PATH='/usr/local/bin/:/usr/bin'

if [[ -z ${database} ]] || [[ -z ${keychain} ]];
then
    echo "{\"items\": [{\"title\":\"Not configured, please run: kpassinit\"}]}";
else
    keys=( $(security find-generic-password -a $(id -un) -c 'kpas' -C 'kpas' -s "AlfredWorkflow" -w "${keychain}" |\
           keepassxc-cli locate -q "$database" "$query" | grep -Ev "\/Recycle Bin\/") )

    if [ $? -eq 0 ]; then
        echo -n '{"items": ['
        first=
        for entry in ${keys[@]}; do
            if [ $first ] ; then echo -n ","; fi
            title=${entry/\//}
            title=${title//\// ➜ }
            echo -n "{\"uid\":\"${entry}\",\"title\":\"${title}\",\"arg\":\"${entry}\",\"autocomplete\":\"${entry}\",\"icon\":{\"type\":\"png\",\"path\":\"${PWD}/icon.png\"}}";
            first=false
        done
        echo ']}'

    else
        echo -n "{\"items\": [{\"title\":\"Error listing database, please check config\"}]}"
    fi
fi

 

And there are still two issues:

  • keepassxc-cli was not on PATH and I created symlink to /usr/local/bin folder for it to be visible
  • workflow fails if I enter nothing for time out period or search result is empty. Will try to deal with this later
Edited by Denis The Menace
Link to post
2 hours ago, Denis The Menace said:

I change it to use "locate" command instead of "ls" for keepassxc-cli

 

mdfind might be a better choice than locate (if it finds the files). The locate database isn’t on by default on macOS, and it only updates once a day, so it won’t find recently-created entries.


The optimal way is to run ls or find in a background process and cache the results, then use the cache in your workflow.

Link to post
32 minutes ago, deanishe said:

mdfind might be a better choice than locate (if it finds the files). The locate database isn’t on by default on macOS, and it only updates once a day, so it won’t find recently-created entries.


The optimal way is to run ls or find in a background process and cache the results, then use the cache in your workflow.

 

I'm using KeepassXC v.2.6.0 and there are neither mdfind nor find commands available. I did nothing to enable locate. It worked out of the box.

Link to post
10 minutes ago, Denis The Menace said:

I'm using KeepassXC v.2.6.0 and there are neither mdfind nor find commands available. I did nothing to enable locate. It worked out of the box.

 

Ignore me: I'm being stupid. I thought you were talking about the system commands `ls` and `locate`, not Keypass commands.

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...