search

rebkwok / kpcli

Command line interface for keepass database
GNU General Public License v3.0
67 stars 5 forks source link

Needs password for every single operation? #4

Closed pmorch closed 1 year ago

pmorch commented 2 years ago

Hi,

I don't use a key file but a password for my kbdx file.

It seems that every ls, every get and every cp requires me to retype my (complicated) password. Is there no way to interactively run this somehow?

So lets say I need to log in to sitex. That requires me to type my password 3 times:

  1. find the entry (that could be more than once if I don't find it on the first try)
  2. get the entry to see the username and put it on the clipboard
  3. cp the entry to get the password on the clipboard

Yes, cp also shows the username, but if I need the username on the clipboard first then I need both get and cp - or cp twice. I guess I can get -s and have both shown, but then I'm not using the cool feature only putting the password on the clipboard and not showing it anywhere.

Have fun, Peter

pmorch commented 2 years ago

And also, even things like get --help need the password for no reason:

base@~» ./work/kpcli/bin/kpcli get --help                                 
ERROR:kpcli.utils:Missing config variable: KEEPASSDB

base@~» KEEPASSDB=/home/peter/peter.kdbx ./work/kpcli/bin/kpcli get --help
Database: /home/peter/peter.kdbx
Database password: 
Usage: kpcli get [OPTIONS] NAME

  Fetch details for a single entry

Arguments:
  NAME  Name (or partial name) of item to fetch.  Specify group with / e.g.
        root/my_item  [required]

Options:
  -s, --show-password  Show password  [default: False]
  --help               Show this message and exit.
rebkwok commented 1 year ago

Hello @pmorch Sorry for the silence on this project; it was a tiny utility I made for my personal use and never occurred to me there were actual users for it :)

The latest release lets you copy both username and password (kpcli cp <name> both). It'll copy the username first, wait for a prompt, then copy the password.

The issue with needing the password for subcommand --help is also fixed now. If you want to avoid having to type the password each time (and no-one else is using your laptop, etc etc), you can set STORE_ENCRYPTED_PASSWORD in your config file. I also use a password and no keyfile, and my config.ini looks like:

[default]
KEEPASSDB=/path/to/mypassworddb.kdbx
STORE_ENCRYPTED_PASSWORD=True

It will still ask for the password again every 24 hrs.

If you're not storing the password anywhere, it will ask for the password each time. That's deliberate, because the database is closed after every use to avoid conflicts. I keep my kdbx file on dropbox and access it from multiple machines; my main motivation for this tool (apart from the fact that I spend all day in a terminal) was so I don't have to manage those conflicts.