This is a qutebrowser userscript to fill website credentials from a KeepassXC password database.
First, you need to enable KeepassXC-Browser extensions in your KeepassXC config.
Second, you must make sure to have a working private-public-key-pair in your GPG keyring.
Then, simply check out this repository and, if you do not want to configure an explicit path, symlink the
qute-keepassxc
to your ~/.local/share/qutebrowser/userscripts/qute-keepassxc
.
Install the python module pynacl
.
Make sure qute-keepassxc
is executable.
Finally, adapt your qutebrowser config.
You can e.g. add the following lines to your ~/.config/qutebrowser/config.py
Remember to replace ABC1234
with your actual GPG key.
config.bind('<Alt-Shift-u>', 'spawn --userscript qute-keepassxc --key ABC1234', mode='insert')
config.bind('pw', 'spawn --userscript qute-keepassxc --key ABC1234', mode='normal')
If you did not symlink qute-keepassxc
you need to provide the full path here.
N.B. To manage multiple accounts you need the rofi program.
If you are on a webpage with a login form, simply activate one of the configured key-bindings.
The first time you run this script, KeepassXC will ask you for authentication like with any other browser extension. Just provide a name of your choice and accept the request if nothing looks fishy.
This script will talk to KeepassXC using the native KeepassXC-Browser protocol.
This script needs to store the key used to associate with your KeepassXC instance somewhere. Unlike most browser extensions which only use plain local storage, this one attempts to do so in a safe way by storing the key in encrypted form using GPG. Therefore you need to have a public-key-pair readily set up.
GPG might then ask for your private-key passwort whenever you query the database for login credentials.
This script recently received experimental TOTP support.
To use it, you need to have working TOTP authentication within KeepassXC.
Then call qute-keepassxc
with the --totp
flags.
For example, I have the following line in my config.py
:
config.bind('pt', 'spawn --userscript qute-keepassxc --key ABC1234 --totp', mode='normal')
For now this script will simply insert the TOTP-token into the currently selected
input field, since I have not yet found a reliable way to identify the correct field
within all existing login forms.
Thus you need to manually select the TOTP input field, press escape to leave input
mode and then enter pt
to fill in the token (or configure another key-binding for
insert mode if you prefer that).
Tested with:
- KeepassXC 2.6.6
- qutebrowser v2.4.0
- python 3.9.7
- https://keepassxc.org
- https://qutebrowser.org
- https://gnupg.org
- https://github.com/keepassxreboot/keepassxc-browser/blob/develop/keepassxc-protocol.md
- https://github.com/qutebrowser/qutebrowser/blob/master/doc/userscripts.asciidoc
- https://keepassxc.org/docs/keepassxc-browser-migration
Copyright (c) 2018-2021, Markus Blöchl. Released under the MIT License.