Sometimes I get asked why I still stick to KeePass2 instead of switching to KeePassXC: well, it does not support triggers. And triggers allow you to achieve a lot of things.
This is our scenario:
- You have a personal KeePass database
- You have a second database that is shared with others
- You do NOT want to enter multiple passwords when starting KeePass2
- You do want reliable synchronization between devices
Download example database
Follow this tutorial by downloading the example databases. Place both files in the same directory:
The password for personal.kdbx is "correct horse battery staple".
Mount a shared storage
Let any tool take care of synchronizing files between different devices. I like to use simple sshfs:
mkdir ~/shared_storage
sshfs myserver: ~/shared_storage
Keepass2Android supports ssh, too!
Place a copy of shared.kdbx at ~/shared_storage/shared.kdbx.
Never open files in the shared storage directly!
We will use the synchronization feature of KeePass2 to handle conflicts properly.
Import triggers
The following XML document describes the triggers. Copy it to your clipboard:
<?xml version="1.0" encoding="utf-8"?>
<TriggerCollection xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Triggers>
<Trigger>
<Guid>Fydplzl0QEyZnMJCI6LgNg==</Guid>
<Name>Open other databases from personal.kdbx</Name>
<Events>
<Event>
<TypeGuid>5f8TBoW4QYm5BvaeKztApw==</TypeGuid>
<Parameters>
<Parameter>3</Parameter>
<Parameter>personal.kdbx</Parameter>
</Parameters>
</Event>
</Events>
<Conditions />
<Actions>
<Action>
<TypeGuid>/UFV1XmPRPqrifL4cO+UuA==</TypeGuid>
<Parameters>
<Parameter>{DB_DIR}/shared.kdbx</Parameter>
<Parameter />
<Parameter />
<Parameter>{REF:P@I:B2BEA12CA9A51B41A8B6C47AC4FD0389}</Parameter>
<Parameter />
<Parameter>False</Parameter>
</Parameters>
</Action>
<Action>
<TypeGuid>P7gzLdYWToeZBWTbFkzWJg==</TypeGuid>
<Parameters>
<Parameter>personal.kdbx</Parameter>
<Parameter>0</Parameter>
</Parameters>
</Action>
</Actions>
</Trigger>
<Trigger>
<Guid>I/1X1vS+akicNYt9+CJG3A==</Guid>
<Name>Sync shared.kdbx on close</Name>
<TurnOffAfterAction>true</TurnOffAfterAction>
<Events>
<Event>
<TypeGuid>lPpw5bE/QSamTgZP2MNslQ==</TypeGuid>
<Parameters>
<Parameter>3</Parameter>
<Parameter>shared.kdbx</Parameter>
</Parameters>
</Event>
</Events>
<Conditions>
<Condition>
<TypeGuid>y0qeNFaMTJWtZ00coQQZvA==</TypeGuid>
<Parameters>
<Parameter>%HOME%/shared_storage/shared.kdbx</Parameter>
</Parameters>
<Negate>false</Negate>
</Condition>
</Conditions>
<Actions>
<Action>
<TypeGuid>P7gzLdYWToeZBWTbFkzWJg==</TypeGuid>
<Parameters>
<Parameter>shared.kdbx</Parameter>
<Parameter>0</Parameter>
</Parameters>
</Action>
<Action>
<TypeGuid>Iq135Bd4Tu2ZtFcdArOtTQ==</TypeGuid>
<Parameters>
<Parameter>%HOME%/shared_storage/shared.kdbx</Parameter>
<Parameter />
<Parameter />
</Parameters>
</Action>
</Actions>
</Trigger>
</Triggers>
</TriggerCollection>
Import the triggers via "Tools -> Triggers...", click on the lower left button "Tools" and select "Paste Triggers from Clipboard".
Try it!
Open personal.kdbx with the password "correct horse battery staple". It will automatically open shared.kdbx in a second tab.
Activate the first tab (personal.kdbx). Close KeePass.
It will automatically sync shared.kdbx with $HOME/shared_storage/shared.kdbx.
When you open it again, it will ask for the password of personal.kdbx.
Tweaking it to your needs
To use it for your own databases, you need to change a couple of things:
Opening a database other than shared.kdbx
- Create an entry in your personal database which contains the password of your shared database
- After saving the entry, copy it's UUID. You can find it in the "Properties" tab
- Edit the trigger "Open other databases from personal.kdbx"
- Select the tab "Actions"
- Edit "Open database file"
- File/URL must contain the correct path
- Password must contain a reference to the password field in your personal.kdbx database. Replace B2B...389 with the UUID of your password entry.
Syncing a database other than ~/shared_storage/shared.kdbx
- Edit or copy the trigger "Sync shared.kdbx on close"
- In all three tabs (Events, Conditions, Actions) you must change
shared.kdbxto the name of your database file
Using a database name other than personal.kdbx
This isn't necessary, but you may prefer to call your database something else. If you do, follow these steps:
- Edit the trigger "Open other databases from personal.kdbx"
- Select the tab "Events"
- Change the File/URL comparison to fit your needs
- Select the tab "Actions"
- Change "Activate database (select tab)" to the name of your database
Caveats
- Before closing KeePass, always select your personal database first. The next time you open KeePass, it will ask for the password of your personal database.
- When opening multiple databases, make sure to use "Activate database (select tab)" after you have opened a database to switch back to your personal database. Otherwise, the newly opened database will be active. References always refer to the active database!
- When syncing with multiple databases on close, you may also need to switch back to the personal database after you synced another one. The behaviour which tab gets selected is a bit clunky.