Automatically sync KeePass passwords between a PC and Mac (or even Linux)

2010 January 20

For the last few months I’ve been investigating some of the eminent password storage software out there. And encryption is really nice, but honestly, one of the most glaringly obvious uses would be so that I wouldn’t have to use the same passwords over and over again for websites that don’t store “critical data” (banking, identification, etc.) but require accounts to be set up for online use.

While I was enamored with 1Password (and still am) the biggest hurdle to it’s adoption is that I own a PC and a Mac (remember?). Syncing the password database between computers is therefore a necessity, and syncing across operating systems (XP/7 to OS X and vice versa) even moreso. This was certainly doable with KeePass and KeePassX, although KeePassX didn’t support a global auto-type hotkey. A password storage system is rendered virtually useless if every single time I have to log into a different web page I have to bring up the KeePassX window; copy my information to the clipboard, bring the focus back to FireFox, and type it in. Well, good news! An updated (albeit currently unsupported) version of KeePass (based on v0.4.1) adds auto-type functionality!

So now that we have auto-type everywhere, how to sync so we can use our KeePass databases everywhere we go? Well it’s very easy.

1.) If you aren’t using Dropbox yet, start. Go to Dropbox (click this link if you plan on following this tutorial, it’s the balloflightning’s referral!), set up and account, download the software, and set it up so both (or however many you have) machines are synced. Create a folder somewhere in your Dropbox scheme (by default under Documents -> My Dropbox) called “KeePass.”
2.) Download and install KeePassX (Mac) here. Download and install KeePass Classic (Windows) here. Note: We need to download the “classic” version because KeePassX still uses the old .kdb format instead of the new .kdbx. While we can set triggers in the new Windows version to automatically pop out a .kdb version AND a .kdbx every time we edit a password on that computer, we can’t edit .kdb’s on the Mac and automatically import them into KeePass on the Windows box. And that makes syncing unfun.
3.) On the Windows box (you can do it the other direction, too, but I found the Windows KeePass interface to be a bit more intuitive) open KeePass and create a new database. Set a “master password” and repeat. Don’t let this password suck too much; after all, you’ll be MINIMIZING the number of passwords you have to remember– at the very least you can do a good job coming up with a solid password that gives access to– well– everything else. Use a key file, too, if you’d like, but I find it unnecessary; it’s always something you can add later.
4.) Click “save as” and save the .kdb file to the directory you previously created within your dropbox scheme. Temporarily close KeePass on Windows and open KeePassX on the Mac. Browse to the newly created (and synced) database file and click open. Enter password. Try creating a few keys. Save. Close.
5.) Re-open the Windows version. Now you should only be prompted for the password (no browsing needed) and you should see your KeePass passwords in Windows. Congrats; you’ve done the heavy lifting!

A few notes; this will work between a PC/Linux or Linux/Mac as well. The same general steps apply although you will need the KeePass repo for your Linux flavor or you can compile from source. If you are a Linux user, I figure you probably don’t really need directions on how to do that. Second, KeePass (and therefore KeePassX) don’t automatically update the database while the program is running. Therefore, when you are adding keys be careful not to add different keys on different computers while both are still open. Dropbox handles conflicts well but you will lose some keys depending on what was open and what was being edited at the time. As a rule of thumb, when I first started migrating to KeePass I never had it running on more than one computer at a time. Once you have a stable database, it’s fine to have multiple instances going at once (it will typically ask to open in “read-only” anyways).

You can turn auto-type on and off by doing the following:
Windows: Tools -> Options -> Advanced tab -> Auto-Type button (lower right).
Mac: KeePassX -> Preferences -> Advanced

Some final notes to get auto-type running flawlessly on your computer. As a general practice, I had two lines to the comments of every key.

Auto-Type-Window: *balloflightning.com*

This aids KeePass/X in finding the window you want to auto-type in. I’ve found great success with the Firefox add-on “Hostname” which puts the domain name of the current web-site in the title bar. It may add a bit of clutter to your windows, but it provides you a surefire way to make sure KeePass/X is only auto-typing in the proper Firefox window/tab. The ‘*’ are wildcards, signifying KeePass/X will find whatever window has XXXXX balloflightning.com XXXXX in it. Obviously, you change the hostname between the ‘*’ to whatever key you are storing (i.e., paypal.com, ebay.com, etc.)

Auto-Type: {USERNAME}{TAB}{PASSWORD}{ENTER}

This is the custom sequence for the target window. {USERNAME} and {PASSWORD} are the stored username and password, {TAB} is… well… tab and {ENTER} is also self-explanatory. In some cases you may be forced to modify this (for example, I have to add a {TAB} after {USERNAME} every once in a while because the websites have a “click here to remember me” form.

Example Keepass custom sequence and target window

Some people will find that in OS X, tabbing will result in certain portions of forms (checkboxes, radio buttons, dropdowns, etc.) being skipped. This creates a bit of a problem here because the sequences will then not match between Windows and Mac. Solution?

1.) Open System Preferences
2.) Go to Keyboard & Mouse
3.) Select “All controls” for full keyboard access

Setting tabs in Firefox to include all forms

For a Firefox-only solution, you can also add / change the accessibility.tabfocus Firefox option via about:config to one of the following: 3 to be able to tab to form controls or 7 to be able to tab to everything

Find this page useful? Save you a few dollars fixing something?
If you so desire, feel free to kick back a dollar or two to help site upkeep.

5 Responses leave one →
  1. 2010 December 16
    Mark permalink

    Thanks for the post! Don’t for get that mac users also have the option of installing Mono 2.6 or higher, and KeePass 2.13 giving them compatibility to .kdbx database files.

    …I discovered this out of necessity when my wife bought macbook and we needed to access our already very large pw safe.

    cheers!

  2. 2011 January 17
    Colin permalink

    Mark,

    This is very true! Mac users might also be able to use Wine to run Keepass v2, but I only like using Wine/Mono when I have to (otherwise native is the way to go).

    That said, if .kdbx support is a critical feature for existing Keepass users, then either of the two pieces of software above installed in conjunction with Keepass v2 is the way to go.

    -Colin

  3. 2011 February 4

    I had tried using KeePass v2 on my girlfriends mac previously but couldn’t understand how to get the keepass.exe to run with mono. (I’m pretty new to macs) I can run it via the terminal with “mono keepass.exe” but I can’t figure out how to get it to run with mono out of the finder/dock. any ideas? great article!

  4. 2011 February 4
    Colin permalink

    pb,

    You should be able to write an AppleScript (via Script Editor, AppleScript Editor, whatever).

    Open Script Editor– type:

    tell application “Terminal”
    do script “mono /$PATH_TO_KEEPASS.exe”
    end tell

    (This assumes you have mono in your preference file– if you have to move to the mono directory to run it or type out the full path to mono every time to run Keepass, you will also have to do the same here).

    Press “compile.” Save it in the “Applications” folder. Make sure the file format is set to “Application” and leave Startup Screen unchecked.

    Now open your Applications folder in Finder and click and drag to the dock. When you click on this, it should open a terminal window and run Mono/Keepass automatically without need to manually type in mono Keepass.exe or whatever.

  5. 2014 March 2

    Wow, this paragraph is fastidious, my younger sister is analyzing these kinds of things,
    thus I am going to convey her.

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS