keepassxc-cli : Can not edit/show two entries in the same group with the same title

[NRKWL]

keepassxc-cli : Can not edit/show two entries in the same group with the same title

Using keepassxc-cli I'm attempting to edit multiple entries in my database. These entries are in the same group and have the same title. As demonstrated below, running ls returns both entries. However when running show or edit there is no way I see to specify the entries uniquely. Running extract I am able to determine the UUID for the entries but I cannot utilize the UUID on the command line to select a specific entry.

$ keepassxc-cli ls $keepass_database soundcloud -R
soundcloud.com    # user1
soundcloud.com    # user2

$ keepassxc-cli show $keepass_database soundcloud/soundcloud.com
Title: soundcloud.com
UserName: user1
Password: -----------------------
URL: https://soundcloud.com/signin?ref=top
Notes: 

$ keepassxc-cli show $keepass_database 'BFA60QAcSB2HS0M1t7pUlQ==' 
Could not find entry with path BFA60QAcSB2HS0M1t7pUlQ==.

$ yum list --installed keepassxc
keepassxc.x86_64                 2.4.3-6.fc30                 @updates
$ keepassxc-cli --version
2.4.3

[NRKWL]

Also could you please tell me what encoding 'BFA60QAcSB2HS0M1t7pUlQ==' is. I see that in the GUI it is a standard ASCII string 04503ad1011c481d874b7335b7b99495.

[gwilliam-ucar-edu]

I just ran into the same problem. Our database has quite a few entries with the same title that differ in the username. Since the username is displayed next to the title in the UI, this seems a reasonable way to assign titles.

[louib]

I'm not sure how to handle this one. show could show all the matching entries, as it's been requested in https://github.com/keepassxreboot/keepassxc/issues/1967, but I don't think editing multiple entries with the edit command is the right solution. We could use the entries' UUIDs but it's not as easy to enter UUIDs from the command line. Suggestions very welcome.

[gwilliam-ucar-edu]

Perhaps support search parameters like “ username=foo” to the end of the command line, and allow editing iff there is a single match? In our case, the combination of title and username is always unique, so even just adding an optional username parameter at the end of the command line would work, but I can’t speak for others.

[louib]

@gwilliam-ucar-edu makes sense. In that case implementing a CLI search command, as described in https://github.com/keepassxreboot/keepassxc/issues/3348, could solve the problem of searching for multiple entries with the same name, if we also add an option that shows the content of the found entries, not just their names or paths.

[tim-tx]

+1 for selecting by UUID, my use case doesn't involve manual entry into command line, it will be scripted

[louib]

I think the solution going forward is to fully support the UUIDs from the CLI. This is tracked here and here.

Apparently having multiple entries with the exact same path is a recurring use-case, so maybe we could consider removing the uniqueness constraint when creating a new entry as well. I'm not convinced about that though because we would also have to throw an error if a user tries to show or edit an entry using a path that refers to multiple entries.

[tunaflsh]

I actually would love a way to edit in bulk from command line, as well as bulk edit in the UI as requested here #1314 . Since the only reason I would use command line over GUI is for automation or complex bulk actions.

[sschmid]

Hello, I arrived here through other issues marked as duplicate.

I also currently have the issue with adding, removing and showing entries with the same title but different account with keepassxc-cli.

Szenario:

Adding multiple entries with same name, but different account to a database, e.g. GitHub with Home and Work account.

# this works
$ keepassxc-cli add -u Home ~/Test.kdbx GitHub
Enter password to unlock Test.kdbx: 
Successfully added entry GitHub.

# this won't work, because an entry with same title already exists
# eventhough the account is different
$ keepassxc-cli add -u Work ~/Test.kdbx GitHub
Enter password to unlock Test.kdbx: 
Could not create entry with path GitHub.

This fails using keepassxc-cli but works using the GUI. It even fails when a removed entry from the Recycle Bin matches the title

Once added manually using the GUI, I can't show the entry with title and username using keepassxc-cli:

$ keepassxc-cli show ~/Test.kdbx GitHub

This will show me one of the entries, however I can't specify which one I want to show.

Suggesetion:

One solution could be like the security command from the macOS keychain solves this. When retrieving and entry from the database, it let's you specify either the title, the account, or both.

Example adding entries to macOS keychain using security

-a: account -s: title

$ security add-generic-password -a Home -s GitHub -w password_home ~/Test.keychain-db
$ security add-generic-password -a Work -s GitHub -w password_work ~/Test.keychain-db

Example showing entries from macOS keychain using security

-a: account -s: title

$ security find-generic-password -a Home -s GitHub -w ~/Test.keychain-db
password_home

$ security find-generic-password -a Work -s GitHub -w ~/Test.keychain-db
password_work

If you don't specify the account, it will show you just one of the entries, similar to the current behavior of keepassxc-cli. It would probably better to either fail when it's not a single entry or show a list of entries with the same title.

What do you think, would that make sense to implement this feature in keepassxc-cli? Or is there already a solition or workaround for this that I'm not aware of? It would definitely be very useful for me.

[droidmonkey]

Honestly the easiest solution is to very simply rename one of the entries.

In your case it would be "GitHub - Home" and "GitHub - Work".

[sschmid]

Yes, you are right. That's a simple solution.

But since it is possible to display and edit entries with the same title in the GUI, I thought it would be great (and hopefully not too much effort) to be able to do so in the CLI as well.

If it's too much trouble to add, I'll go with unique titles.

For context: I wrote a "Terminal Password Manager" called pw which basically pipes the list of entries of databases from different password managers like macOS keychain and KeePassXC to fzf and then previews the selected item, e.g. pipe the output of keepassxc-cli ls to fzf and preview it with keepassxc-cli show. This way I can search and view entries from the command line. Since I recently added support for keepassxc-cli I encountered the issue with entries with the same title, which I could handle with the security command and I was hoping to achieve a similar solution with keepassxc-cli.