Read passwords for keepass database files
Project description
MimiKeePass
Main features:
- password-based SSH authentication with OpenSSH with the password stored in KeepPass (
.kdbx) files.
Other features:
- can serve password from multiple KeePass files;
- automatically reloads the
.kdbxfile on change; - support for socket-activation;
- support for exiting after some idle duration;
- support for KeePass field references;
- some support for bastions.
Basic usage
Running the KeePass daemon
Running the MimiKeePass daemon:
mimikeepass serve ./secrets.kdbx
This will prompt for the KeePass file(s) password(s) and will provide passwords to client applications.
CLI interface
mimikeepass password --url http://www.example.com --username john
OpenSSH client
In your KeePass file, add an entry for your SSH server:
- URL of the form
ssh://server1.example.com; - login
johndoe; - password.
The OpenSSH integration supports password-based authentication.
You might need to disable keyboard interactive authentication
for this server in you OpenSSH client configuration (~/.ssh/ssh_config):
Host server1.example.com
User johndoe
PreferredAuthentications publickey,password
Run OpenSSH with MimiKeePass integration:
miikeepass-run ssh server1.example.com
OpenSSH client with SSH bastion
If you have a bestion server which accepts connections of the form:
Host bastion.example.com
User johndoe@idp.example.com
PreferredAuthentications publickey,password
Host server1.example.com
Hostname bastion.example.com
User root@XXXX@server1:SSH:XXXX:johndoe@idp.example.com
PreferredAuthentications publickey,password
Host server1.example.com
Hostname bastion.example.com
User root@XXXX@server2:SSH:XXXX:johndoe@idp.example.com
PreferredAuthentications publickey,password
You can use a shared KeePass entry:
- URL of the form
ssh://bastion.example.com; - login
johndoe@idp.example.com; - password.
Stability
CLI interface is probably going to be quite stable.
Python API is not stable (for now).
Protocol (varlink) interface is not stable (for now).
Potential impovements
- logging
- support for OpenVPN (using the management interface)
- notifications using OSC 777, OSC 99, OSC 9
- notifications using BEL
- FreeDesktop notifications
- optional integration with FreeDesktop Secret Service?
Questions
OpenSSH integration
Why using password based authentication when you can use public key authentication?
If you can use public key authentication authentication, you probably should. However sometimes, you need to connect to SSH servers which do not support public key authentication for some reason.
Misc.
Why not using Secret Service (possibly with KeePassXC support for the Secret Service interface)?
You can only have a single Secret Service daemon running in your session at the same time. However, you might want to have some secrets stored in your system Secret Service and other password stored in a KeePass file. Using a dedicated daemon which is not using the Secret Service API makes it possible to run a Mimikeepass independently of your system Secret Service daemon.
You can even launch several independant MimiKeePass daemons (using different sockets).
This is achieved using the MIMIKEEPASS_SOCKET environment variable.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for mimikeepass-0.0.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 81b347ae2315e5eec92ac16c962fad1db3d381066ad633d49fe8a1b2599385ff |
|
| MD5 | af39d808f39139627e7f4b9ead497bcc |
|
| BLAKE2b-256 | 67c18ee754c484cef6ac072694f6e36e654ecbba67f9fa748a1cb0f27f323e9e |
