Jump to content

Recommended Posts

Description 

 

Workflow for fetching KeepassXC entries and their attributes.

 

Demo

 

demo.gif

 

Workflow page

 

https://github.com/lxbrvr/alfred-keepassxc-workflow

 

Features

  • search KeepassXC entries
  • copy different entry attributes. It includes title, username, password, url, notes
  • comfortable configuration using Alfred's UI and MacOS modal windows
  • there are different settings for displaying KeepassXC data in Alfred. For example, you can show KeepassXC attributes which you want. Or you can hide values displaying for KeepassXC attributes etc.
  • it works with KeepassXC key files
  • it saves your KeepassXC master password to OSX Keychain
  • no dependencies. Only Alfred and KeepassXC.

 

Download

 

https://github.com/lxbrvr/alfred-keepassxc-workflow/releases/download/1.1.0/keepassxc-1.1.0.alfredworkflow

 

Usage

 

Initialization

There are some ways to configure the workflow.

 

The first and fastest way:

Call Alfred, type kp or type kp:init and select "Express initialization". It'll ask you about KeepassXC database, KeepassXC key file and KeepassXC master password.

 

The second way:

Call Alfred, type kp or type kp:settings and select "Settings". There are all parameters of the workflow. Just change them to desired. The settings described below.

 

Search KeepassXC entries

  1. Call Alfred and type kp <desired KeepassXC entry name>. For example kp google. It'll show found entries.
  2. Select some entry. It'll show entry attribute names. For example title, username, password etc.
  3. Select the attribute name. An attribute value will be copied to clipboard.

 

Changelog

 

1.1.0 - 2021-09-25

 

Added

  • Add the ability to manually remove the master password from a keychain.
  • Add automatic removal of the master password from a keychain after using "reset" and "init" commands.
  • Show an error message when trying to configure a master password without configured a keychain service or keychain account.
  • Remove an existing keychain record if the keychain name or the keychain service name has been changed in the settings.

Changed

  • Change the names of the settings to be more informative
  • Improve informativeness in dialog boxes.

 

1.0.0 - 2021-08-16

 

Added

  • First release
Edited by lxbrvr
Link to comment
  • 2 weeks later...
  • 2 weeks later...

Thank you for posting this workflow. 

 

Could you perhaps describe how the master password is stored, and comment on the security? I am sorry I'm not enough of a programmer to figure it out myself. 

 

Currently, if someone obtained both my computer and the admin user password, they could not access my database, since the password is not stored in any way. 

Edited by xxyxxyxyx1
Link to comment
12 hours ago, xxyxxyxyx1 said:

Could you perhaps describe how the master password is stored, and comment on the security?

 

It says right there in the description that the master password is stored in your Keychain.

 

This is not particularly secure, as the password is stored by – and therefore accessible to – the /usr/bin/security command-line program, which can be run by just about anything that isn’t sandboxed. I can't find any code in the workflow for removing the master password from Keychain. That's a serious omission, imo, but unless you're prepared to enter your master password every time you access a password, a workflow can't avoid storing a master password (or session key if your vault supports them) somewhere because it can't keep it in memory the way an application can. Keychain is the next best option.

 

AFAIK, the only way a workflow can avoid storing any secrets is if it asks a desktop application to do all the actual password handling (the way Alfred's built-in 1Password support works).

 

12 hours ago, xxyxxyxyx1 said:

Currently, if someone obtained both my computer and the admin user password, they could not access my database, since the password is not stored in any way.

 

You're pretty much screwed in that case, anyway.

Edited by deanishe
Link to comment

@deanishe thank for your reply!

 

22 minutes ago, deanishe said:

I can't find any code in the workflow for removing the master password from Keychain. That's a serious omission, imo

 

There is a workaround for that. You can replace the current password in keychain with a new value: 

 

1. open the workflow settings (by default kp:settings)

2. choose "KeepassXC master password"

3. type any value or leave the text field blank.

4. Press "Continue"

 

But this is still not a removing. I think it's a great idea to let users remove a workflow data from their keychain. Thank you @deanishe!

 

@xxyxxyxyx1 deanishe told you everything right.

 

Link to comment

New version!

 

Download

 

https://github.com/lxbrvr/alfred-keepassxc-workflow/releases/download/1.1.0/keepassxc-1.1.0.alfredworkflow

 

Changes

 

Added

  • Add the ability to manually remove the master password from a keychain.
  • Add automatic removal of the master password from a keychain after using "reset" and "init" commands.
  • Show an error message when trying to configure a master password without configured a keychain service or keychain account.
  • Remove an existing keychain record if the keychain name or the keychain service name has been changed in the settings.

Changed

  • Change the names of the settings to be more informative
  • Improve informativeness in dialog boxes.
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...