No credentials found error
Closed this issue · 5 comments
After installing and activating KeePassXC in Cryptomator settings, I was asked to name the KeePassXC connection. Everything fine so far.
But now when I create a vault or want to open one, I only see those errors. Do I have to manually create entries in KeePassXC or is this a bug?
13:05:03.708 [App Background Thread 004] INFO o.c.u.a.CreateNewVaultPasswordController - Created vault at /Users/test/xxxx
13:05:03.724 [JavaFX Application Thread] INFO org.purejava.KeepassProxyAccess - org.purejava.KeepassProxyAccessException: ErrorCode: 15, No credentials found
13:05:03.724 [JavaFX Application Thread] INFO o.p.i.keychain.KeePassXCAccess - No password found for vault X-k5I9Smym5B
As I don't see any "Failed to store password." in the logs, I would also expect to see at least the groups or entries in my password safe. But I can't see any changes there. I'm on macOS.
After installing and activating KeePassXC in Cryptomator settings, I was asked to name the KeePassXC connection. Everything fine so far.
But now when I create a vault or want to open one, I only see those errors. Do I have to manually create entries in KeePassXC or is this a bug?
13:05:03.708 [App Background Thread 004] INFO o.c.u.a.CreateNewVaultPasswordController - Created vault at /Users/test/xxxx 13:05:03.724 [JavaFX Application Thread] INFO org.purejava.KeepassProxyAccess - org.purejava.KeepassProxyAccessException: ErrorCode: 15, No credentials found 13:05:03.724 [JavaFX Application Thread] INFO o.p.i.keychain.KeePassXCAccess - No password found for vault X-k5I9Smym5B
These log messages appear every time in the log file, when an new vault got created. As soon as the vault got added to the list of vaults, Cryptomator tries to load the according password from KeePassXC, which does not exist and therefore can not be found.
Cryptomator does not do that with another password back end configured, e.g. the Mac System Keychain. So I consider this to be a minor bug that should be fixed in Cryptomator. I'll open an according issue there.
You do not need to create entries manually in KeePassXC, Cryptomator does this for you. As soon as you unlock a vault and enter the password for that vault, when you checked the "Remember password" checkbox, the password gets saved in the password back end that was choosen in the Cryptomator preferences before.
And a log message is written, when the password got stored in the password back end. Failures of storing the password in the password back end are logged as well.
As I don't see any "Failed to store password." in the logs, I would also expect to see at least the groups or entries in my password safe. But I can't see any changes there. I'm on macOS.
In your case Cryptomator can access KeePassXC, otherwise it would not be able to search for passwords in KeePassXC and find none.
Cryptomator vault passwords get stored in a group named "Cryptomator" within KeePasXC and the group gets created, if it does not exist and KeePasXC prompts you to allow to create the new group.
It would help if you could provide the full Crytomator log file.
Oh, I see the critical part: "Remember password" checkbox.
I created dozens of vaults, unlocked them etc, but I couldn't see any automatism nor some entries in the password safe. Unless I read the logs I didn't even notice that the plugin is running. I had the idea the tool would autogenerate the passwords on creation, then autofill the password prompt etc. That's also why I would especially not have clicked "remember password" as I have a password manager that can fill in on request and I therefore don't need to store them separately. But thinking of this integration as a normal keyring, this makes absolutely sense.
To be clear and avoid further misunderstandings, you could write a few words about checking this "remember box" during unlock. Anyway, thanks a lot for this awesome integration :)
Cryptomator does not do that with another password back end configured, e.g. the Mac System Keychain. So I consider this to be a minor bug that should be fixed in Cryptomator. I'll open an according issue there.
For the record: I looked into this. Other back ends do it as well - there is no difference between the back ends.
The only difference is, that the code, that accesses the Mac System Keychain, does not log it's failed attempt to retrieve a password.