PoShKeePass is a PowerShell module that combines the ease of the PowerShell cli and the extensibility of the KeePassLib API to provide a powerful and easy to use management and automating platform for KeePass databases.
- Database Configuration Profiles - Supports mutliple databases and authentication options.
- Getting, Creating, Updating, and Removing KeePass Entries and Groups - All of these perform as much automatic database authentication as possible using the database configuration profile. For databases that use a masterkey (password) it will prompt for it.
- Generating KeePass Passwords - Supports most character sets and advanced keepass options. Also supports creating password profiles that can be specified to create a new password with the same rule set.
Install-Module -Name PoShKeePass
Please check out our Getting Started documentation on our wiki.
- Please always keep up to date backups of your KeePass database files .kdbx and .key files.
- The module uses the KeePassLib 2.39.1 which is included in the module.
- This module was built and tested in PowerShell 5.1 on Windows 10 but should work in PowerShell 4 and Windows 8.1 and Server 2012 R2 and up. It may work in some earlier versions but is currently untested and not supported. If you come across issues create an issue and I will look into fixing it or create a pull request.
Please review the changelog document for a full history.
-
Added #160 - Default Database Configuration Profile.
- When set, the
-DatabaseProfileName
parameter is optional, and if not passed it will grab the default profile from the config. - To Set it up on an existing profile simply use the update command:
Update-KeePassDatabaseConfigurationProfile -DatabaseProfileName 'name' -Default
- To Create a new profile as default use the new command:
New-KeePassDatabaseConfigurationProfile -DatabaseProfileName 'name' -Default -DatabasePath '' other options
- This allows for calls to the main module functions without the
-DatabaseProfileName
parameter such as:
Get-KeePassEntry -UserName 'aUser'
- When set, the
-
Added - #84 - Manage Notes properties on KPGroup Objects.
-
v.2.1.2.6 - Added - #158 - Added Update-KeePassDatabaseConfiguration function and tests.
-
v.2.1.2.5 - Fix - #157 - Set New-KPConnection function back to internal function and no longer exports.
-
Added Feature #29 - Can now manage the Expiration Time/Enabled State of groups and entry.
-
v.2.1.2.3 - Fix #64 - Review Message for grammar, clarified some messages as well.
-
v.2.1.2.2 - Fix #156 - New-KeePassDatabase will now error out if kdbx file already exists, instead of silently overwriting an existing file.
-
v.2.1.2.1 - Fix #149 - Breaking Change New-KeePassGroup and Update-KeePassGroup now return a KeePass PSObject via the ConvertTo-KPPsObject function.
- Fix #148 - Can now update an entry multiple times, while retaining history and not through internal lib exception
- Changes to build script
- Fix #129 - Can now pass Credential Object to
-MasterKey
Parameter - Fix/Implemented #69 - All primary Functions return a Powershell object rather than a KeePass Object This Includes Breaking changes!.
- Breaking:
- Since a powershell object is now returned, in order to access the keepass object a child property has been added to the ps object,
.KPEntry
and.KPGroup
. - Deprecated the
-AsPlainText
parameter on theGet-KeePassGroup
function, the call will still work but it will present a warning message. This is being removed as it is no longer necessary.
- Since a powershell object is now returned, in order to access the keepass object a child property has been added to the ps object,
- Non-Breaking:
- Moved how database profile name was being added to the ps object for better performance on conversion.
- Breaking:
- Implemented #93 -
Get-KeePassEntry
Now supports-Title
and-UserName
parameters also via pipeline. - Normalized Error handling to remove repetitive code
- Converted extraneous logic to parameter splatting
- Code formatting and removed explict parameter attributes where not necessary.
- Updated Object creation to use the
hashtable
method for performance over theNew-Object
+Add-Memeber
. - Fix #44 - Pipeline now Works for
Remove-KeePassDatabaseConfiguration
. - Implemented #141 - Much stronger Pipeline support.
-DatabaseProfileName
no longer needs to be specified to a KPPSObject pipeline recieving function.- Example:
Get-KeePassEntry -Title 'test' -DatabaseProfileName 'profile' | Remove-KeePassEntry
- Example:
- All parent and object paths now are recieved by the pipeline which of course can be overridden by specifing the parameter.
- Fixed #140 and #138 - by removing the
EncodeKeePassLib.ps1
script file as it is no longer in use. - Fixed #144 - Removed Faultly logic which allowed for the KeePass Icon to get set to blank while updating an object.
- Implemented #143 There are no more dynamic parameters! So all of the gitches have left with them. They still support tab completion by using
Register-ArgumentCompleter
.- Breaking Change as this is only supported in powershell v5 and up, auto complete will not work in older versions.
- Implemented #118 - by adding support for keepasslib version
2.39.1
- The new file format version between the previous version of
2.34
and the latest apears to be much slower on some operations. - Testing the new Lib version against the previously suported version
2.34
all worked and appears to be backwards compatible. Also it does not upgrade the file format version. - Version can easily flipped back by modifying the global variable in the
.psm1
file. - This fixes #131.
- The new file format version between the previous version of
- Fix #145 - Updating a KeePass Entry now updates the modification time in UTC.
- Breaking Change - Renamed the
LastAccessTime
andLastModificationTime
properties toLastAccessTimeUtc
andLastModificationTimeUtc
to reflect that they are in UTC.
- Breaking Change - Renamed the
- Addressed #88 -
Get-KeePassEntry
- Since a Ps object is now always returned, all fields but the password are in plaintext. Now specifying the
-AsPlainText
will decode the password to plaintext.- This gives the user better control over when they expose the password as plaintext if need be.
- Another improvement is there is now a
-WithCredential
parameter which adds a.Credential
property to the return Entry PS Object.- This is not done by default as it has overhead.
- This gives the user better options and does not require manual creation of the credential.
- Breaking Change Since this has been implemeneted the
-AsPsCredential
parameter has been removed. The new method is better as it allows for multiple entries to be returned with thier cred objects instead of limiting it to 1 entry.
- Since a Ps object is now always returned, all fields but the password are in plaintext. Now specifying the
- Breaking Change -
ConvertTo-KPPSObject
and all returned objects the.FullPath
property now returns the true full path of the object. TheParentGroup
property still exists and can be used as an alteranative data source for any lost functionality.
See the Known-Issue tag to get a list of known issues and their status.
- If you are insterested in fixing issues and contributing directly to the code base, please see the documentation on How to Contribute.
- If you come across a bug or have a feature request feel free to create an issue with the appropriate label.
- PSKeePass would like to thank Jason Fossen for his initial work with KeePass in PowerShell.
- PSKeePass would like to thank Christian Lehrer for his powershell keepass work and contributions.
- PSKeePass would like to thank Ninjigen for his powershell keepass work and contributions.
- PSKeePass would like to thank Andrzej Pilacik (aka @cypisek77) for his review and feedback on documentation and over all rubber ducking.
Copyright (c) 2019 John Klann. All rights reserved.
Licensed under the MIT License.