How to fully take control of KeePassX through the command line with pykeepass open source python package

Having needs on secure personal data management, KeePassX is the software which I have chosen to solve my own problem. Being open source, many developers have written their own libraries from scratch to fully interact with KeePassX from the command line.

After many hours of research on Github, and a lot of tests on my local environment, pykeepass ended in my toolset. Fully open source and free of charge, this python tool supports interaction with the entire features being integrated on KeePassX; directly from the command line.


The following are the requirements which your system should meet for testing the pykeepass package locally.

  • Python 3.7
  • Virtualenv
  • pip
  • git

Download and setup pykeepass on your local machine

First of all, make sure to clone the repository from Github in your local machine by making use of the following command.
git clone
Then change directory to pykeepass and create a fresh virtual environment by making use of the following commands.
cd pykeepass
virtualenv -p /usr/local/bin/python3.7 env
Once you have managed to create a fresh virtual environment on your machine with the help of the virtualenv utility, activate it with the help of the command shown below.
source env/bin/activate
Once you have managed to setup a completely fresh virtual environment and have activated it on your local machine, make sure to install all the packages pykeepass is dependent on so it can fully function without any errors. 
pip install -r requirements.txt
Having IPython as a package on your virtual environment is always a good idea, so install it too by running the command shown below.
pip install ipython

Take control of KeePassX by making use of the the utilities provided by the pykeepass package

Having studied the code which powers the pykeepass package, we need to import the class PyKeePass which takes the following arguments in its constructor.
filename # a string containing the full path of the encrypted database
password # a string containing the master key to access the encrypted database
keyfile # a string containing the full path of the keyfile to access the encrypted database
Launch the IPython interactive shell and create an instance of class PyKeePass like shown below. Just make sure to provide the full path of the encrypted database according to your own operating system.
from pykeepass import PyKeePass
kp = PyKeePass(filename='/Users/oltjano/Desktop/test.kdbx', password='123456')

Find the encryption algorithm and version of the KeePassX

The pykeepass package has methods which can be used to find the encryption algorithm and the version of KeePassX.
Once executed, the above method is going to return a tuple containing the version of the KeePassX program.
(3, 1)
Now let's find the encryption algorithm which KeePassX is using by making use of the method shown below.
Once the above code got executed in my IPython console, the following output came out.

List the whole entries being stored in the encrypted database

The output produced by the above command should be an empty list since there are no entries yet in the fresh encrypted database.

Create a fresh new entry in the brand new encrypted database

Before adding a new entry in the encrypted database, it is always a good idea to select the group to which the entry will go to.

For the main purpose of this article, I am going to create a new group which is going to be part of the root group. The following command accomplishes this task.
kp.add_group(destination_group=kp.root_group, group_name = 'Internet Accounts')
If everything works like it is supposed to, you should get an output similar to the one shown below.
Group: "Internet Accounts/"
To be sure, list the groups stored in the current encrypted database with the help of the following command.
The above command returns a list object which contains the whole groups stored in the current encrypted database. The following output should come out in your own console.
[Group: "/", Group: "Internet Accounts/"]
The method which helps to create a new entry is called add_entry; it requires four positional arguments.
kp.add_entry(destination_group=kp.groups[1],  title='Facebook Account',
                      username='', password='12345')
The following output should come to your own console.
Entry: "Internet Accounts/Facebook Account ("
List the whole entries with the help of the command shown below.
[Entry: "Internet Accounts/Facebook Account ("]
As you can see from the output shown above, our entry has been added to the encrypted database.

Get information on the new entry

entries = kp.entries
fresh_entry = entries[0]
Find out the group which the entry belongs to.
Group: "Internet Accounts/"
Find out the username of the new entry.
Find out the password of the new entry.
As you can see from the output shown above, the password is printed as a plain string. If any notes available in the entry, they can be accessed with the help of the command shown below.
Other information which can be accessed on an entry has been listed below.

Delete the entry

A method which helps to delete an entry is also available; it is part of the instance Entry.
Save the changes to the encrypted database with the help of the following command.
Once the method shown above has been executed successfully, access to kp.entries should return an empty list since the entry we just deleted was the only one available in our own encrypted database.

Create a new entry with full features 

Earlier we created a very simple entry. According to the official documentation pykeepass supports entry features such as file attachment, icon, url, notes and tags.
from pykeepass import icons
entry = kp.add_entry(destination_group=kp.root_group, username='hackerporn', password='12345',
                      notes='hackerporn website login credentials', url='',
                      icon = icons.GLOBE_PLUG, title='hackerporn', tags='internet')
Once you have managed to create the new entry, save the data to the encrypted database with the help of the following command.            
Then get the list of Entry objects in the encrypted database with the following command.
If everything is done accordingly to the instructions shared above, you should get the following output on your own console.
[Entry: "hackerporn (hackerporn)"]
Access the fresh entry's features with the help of the following commands.
entries = kp.entries
entry = entries[0]
entry.icon # gets the icon, a string
entry.title # title of the entry, a string
entry.tags # list of tags
entry.notes # string with notes of the entry
'hackerporn website login credentials'
entry.url # string with the url of the entry
entry.username # string with username
entry.password # string containing the password

Add attachment to the entry

The instance of type Entry has a method which helps to add attachment to any entry in the encrypted database. The method shown below requires two positional arguments.
id, an int
filename, a string containing the path of the attachment
Make sure to provide the absolute path for the file which you want to attach.
entry.add_attachment(id=1, filename='/Users/oltjano/Desktop/test.png')

Export the encrypted database to xml data

According to the official documentation, pykeepass has a feature which can be used to dump the entire encrypted database to a xml file. The code for performing such task is being shown below.
As you have probably guessed by now, outfile is a required positional argument; it contains the absolute path of the xml file to which pykeepass  should save the data.


Post a Comment