Adding AutoFill extension support for Mac OS Big Sur

[lldb3]

Summary

Hi, I was wondering if there are any plans to implement Keepassxc to work with the Autofill extension in Mac OS. This would be a great feature to implement and simplify how to use the app with, for example, Safari, which has been subject to some requests for the app anyway!

Examples

Another keepass db application called Strongbox already implements this, but is not as good as KeepassXC, see here

Context

This would be an awesome feature to implement, for Mac users it would simply remove the need to use any of the browser extensions, which is also nice since they are probably less secure than the Autofill Extensions (don't take my word for it, but many of the last Passwd manager vulns come from there..)

Related Documentation

https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_authentication-services_autofill-credential-provider?language=occ

[droidmonkey]

Yes we have looked into it, especially since native messaging seems to be broken in safari at this time.

[mixman68]

Hello @droidmonkey, it is not the native messaging, but a keychain plugin which use Security Enclave of MacOS (or software implementation for non T1/T2/M1 mac) to provide password

[DuncanHills]

This would be awesome :D

[TheGlorySaint]

I also would Vote for this Feature

[HealsCodes]

Has this gotten anymore interest by the developers? I know it's a very specific thing as it's purely benefitting never macOS versions but autofill is a make or break feature these days. It's also what keeps me sticking to strongbox right now.

[Michael-Zinn]

I'm new to macOS. Does this issue mean that there is absolutely no way to get autotype to work on Monterey right now, or just that it doesn't work right out of the box? Are there any safe tricks to make it work?

[droidmonkey]

Auto-Type works fine on all macOS versions. This is referring to a new feature request.

[Michael-Zinn]

@droidmonkey That's great! Is there some setup instructions somewhere on what you have to do to make it work?

[droidmonkey]

When you try to use it you'll receive a prompt on what to do if you haven't setup the permissions already. Otherwise read our user guide.

[Michael-Zinn]

@droidmonkey Thanks! I don't get any prompts, the hotkey just does nothing. I read the User Guide, but could not find a list of permissions I need to give KeePassXC to make it work. I tried giving it some random permissions. If I choose "Perform Autotype" in KeePassXC it can actually type into another window, but the hotkey does nothing and I can't add any window titles for autotype, since the only window title KeePassXC sees is it's own title.

Where is the list of steps/permissions needed to make autotype work on MacOS Monterey?

[droidmonkey]

You need to make sure KeePassXC.app is in both screen recording and accessibility. Recommend totally quit keepassxc, removing the permissions if already there, save the settings, then re add them. Start keepassxc and test. You might need to reboot.

[Michael-Zinn]

@droidmonkey Thank you for your help!

What I did:

1. Quit KeePassXC
2. Remove all permissions
3. Reboot
4. Add those two permissions
5. Reboot
6. Start KeePassXC

What works now:

• KeePassXC can now see other window titles
• I can initiate autotype in KeePassXC and have it type into the window that had focus previously

What does not work:

• Focus a different window and initiate autotype via hotkey (Where on Linux it opens a window with all matching window title inputs). I tried different hotkey settings, like cmd shift v, ctrl shift v, cmd shift g etc., but none of them work.

When you say "Autotype works fine", do you only mean autotype when initiated with the KeePassXC window focused, or is it also possible to initiate autotype with, say, the browser window focussed? On MacOS Monterey?

[droidmonkey]

I am on Monteray 12.2.1 and the global shortcut I use worked perfectly fine in all windows. Cmd+Shift+D

[Michael-Zinn]

@droidmonkey

I figured it out: When you define the shortcut in KeePassXC, you define it with your normal keyboard layout, but when you try to use it, it seems to use an US QWERTY layout.

So I got it working like this:

1. Find out which letter key is on a US layout at the position of the letter I would like to use in my hotkey
2. Set the hotkey in KeePassXC to that letter using my local layout
3. Trigger autotype with the combination I would like.

E.g., for Cmd+Shift+D, I set the hotkey to Cmd+Shift+J and then trigger it with Cmd+Shift+D.

I do think that this is a bug, since my MacOS is set up to use the layout's letters, not their position on a US layout, e.g. I can copy with Cmd+C, even though my C is not where it is on an US layout.

[gagarine]

For references, the AutoFill Credential Provider Extensions feature is demoed in this video: https://developer.apple.com/videos/play/wwdc2018/721/

ASCredentialProviderViewController need to be implemented, it's a view controller that a password manager app uses to extend Password AutoFill.

https://developer.apple.com/documentation/authenticationservices/ascredentialproviderviewcontroller

Their is also ASCredentialIdentityStore, a container that extension fills to provide credentials through the QuickType bar.

[jorpilo]

+1 MacOS Ventura beta 13 the keepassXC integrated autofill works fine but adding the OS extension would be the way to go, specially to support browsers like safari and remove unnecessary permissions. Overall to get a more integrated version for MacOS. Maybe both options could be available.

[gagarine]

I had to switch to https://bitwarden.com because of this (it import KeepassXC database csv export fine).

Big thanks to KeepassXC teams, their soft is great otherwise <3 . I may probably come back when this is fixed.

[HealsCodes]

I had to switch to https://bitwarden.com because of this (it import KeepassXC database csv export fine).

Big thanks to KeepassXC teams, their soft is great otherwise <3 . I may probably come back when this is fixed.

Can we not advertise a subscription service with an incompatible, cloud stored database format please?

If all you wanted is autofill for macOS you could have gotten that from using something compatible like StrongBox which allows you to use the same database together with KeePass on Linux or Windows while also offering autofill, touch-id and not requiring you to import your keystores into a third party cloud store in their own format.

[gagarine]

I'm sorry but not having the same format do not make it evil. Everything they do is open-source (client and server). That's ok to also host the cloud service for money? I think so.

https://bitwarden.com/open-source/

Anyway, admin feel free to delete my message.

[clemlesne]

I strongly vote for this feature :)

[DuncanHills]

Is this on anyone's radar?