1KEEPASSXC-CLI(1) General Commands Manual KEEPASSXC-CLI(1)
2
6 keepassxc-cli - command line interface for the KeePassXC password
7 manager
8
10 keepassxc-cli command [options]
11
13 keepassxc-cli is the command line interface for the KeePassXC password
14 manager. It provides the ability to query and modify the entries of a
15 KeePass database, directly from the command line.
16
18 add [options] <database> <entry>
19 Adds a new entry to a database. A password can be generated (-g
20 option), or a prompt can be displayed to input the password (-p
21 option). The same password generation options as documented for the
22 generate command can be used when the -g option is set.
23 analyze [options] <database>
25 Analyzes passwords in a database for weaknesses.
26 clip [options] <database> <entry> [timeout]
28 Copies an attribute or the current TOTP (if the -t option is
29 specified) of a database entry to the clipboard. If no attribute
30 name is specified using the -a option, the password is copied. If
31 multiple entries with the same name exist in different groups, only
32 the attribute for the first one is copied. For copying the
33 attribute of an entry in a specific group, the group path to the
34 entry should be specified as well, instead of just the name.
35 Optionally, a timeout in seconds can be specified to automatically
36 clear the clipboard.
37 close
39 In interactive mode, closes the currently opened database (see
40 open).
41 db-create [options] <database>
43 Creates a new database with a password and/or a key file. The key
44 file will be created if the file that is referred to does not
45 exist. If both the key file and password are empty, no database
46 will be created.
47 db-info [options] <database>
49 Show a database’s information.
50 diceware [options]
52 Generates a random diceware passphrase.
53 edit [options] <database> <entry>
55 Edits a database entry. A password can be generated (-g option), or
56 a prompt can be displayed to input the password (-p option). The
57 same password generation options as documented for the generate
58 command can be used when the -g option is set.
59 estimate [options] [password]
61 Estimates the entropy of a password. The password to estimate can
62 be provided as a positional argument, or using the standard input.
63 exit
65 Exits interactive mode. Synonymous with quit.
66 export [options] <database>
68 Exports the content of a database to standard output in the
69 specified format (defaults to XML).
70 generate [options]
72 Generates a random password.
73 help [command]
75 Displays a list of available commands, or detailed information
76 about the specified command.
77 import [options] <xml> <database>
79 Imports the contents of an XML database to the target database.
80 locate [options] <database> <term>
82 Locates all the entries that match a specific search term in a
83 database.
84 ls [options] <database> [group]
86 Lists the contents of a group in a database. If no group is
87 specified, it will default to the root group.
88 merge [options] <database1> <database2>
90 Merges two databases together. The first database file is going to
91 be replaced by the result of the merge, for that reason it is
92 advisable to keep a backup of the two database files before
93 attempting a merge. In the case that both databases make use of the
94 same credentials, the --same-credentials or -s option can be used.
95 mkdir [options] <database> <group>
97 Adds a new group to a database.
98 mv [options] <database> <entry> <group>
100 Moves an entry to a new group.
101 open [options] <database>
103 Opens the given database in a shell-style interactive mode. This is
104 useful for performing multiple operations on a single database
105 (e.g. ls followed by show).
106 quit
108 Exits interactive mode. Synonymous with exit.
109 rm [options] <database> <entry>
111 Removes an entry from a database. If the database has a recycle
112 bin, the entry will be moved there. If the entry is already in the
113 recycle bin, it will be removed permanently.
114 rmdir [options] <database> <group>
116 Removes a group from a database. If the database has a recycle bin,
117 the group will be moved there. If the group is already in the
118 recycle bin, it will be removed permanently.
119 show [options] <database> <entry>
121 Shows the title, username, password, URL and notes of a database
122 entry. Can also show the current TOTP. Regarding the occurrence of
123 multiple entries with the same name in different groups, everything
124 stated in the clip command section also applies here.
125
127 General options
128 --debug-info
129 Displays debugging information.
130 -k, --key-file <path>
132 Specifies a path to a key file for unlocking the database. In a
133 merge operation this option, is used to specify the key file path
134 for the first database.
135 --no-password
137 Deactivates the password key for the database.
138 -y, --yubikey <slot>
140 Specifies a yubikey slot for unlocking the database. In a merge
141 operation this option is used to specify the YubiKey slot for the
142 first database.
143 -q, --quiet <path>
145 Silences password prompt and other secondary outputs.
146 -h, --help
148 Displays help information.
149 -v, --version
151 Displays the program version.
152 Merge options
154 -d, --dry-run <path>
155 Prints the changes detected by the merge operation without making
156 any changes to the database.
157 --key-file-from <path>
159 Sets the path of the key file for the second database.
160 --no-password-from
162 Deactivates password key for the database to merge from.
163 --yubikey-from <slot>
165 YubiKey slot for the second database.
166 -s, --same-credentials
168 Uses the same credentials for unlocking both databases.
169 Add and edit options
171 The same password generation options as documented for the generate
172 command can be used with those 2 commands when the -g option is set.
173 -u, --username <username>
175 Specifies the username of the entry.
176 --url <url>
178 Specifies the URL of the entry.
179 -p, --password-prompt
181 Uses a password prompt for the entry’s password.
182 -g, --generate
184 Generates a new password for the entry.
185 Edit options
187 -t, --title <title>
188 Specifies the title of the entry.
189 Estimate options
191 -a, --advanced
192 Performs advanced analysis on the password.
193 Analyze options
195 -H, --hibp <filename>
196 Checks if any passwords have been publicly leaked, by comparing
197 against the given list of password SHA-1 hashes, which must be in
198 "Have I Been Pwned" format. Such files are available from
199 https://haveibeenpwned.com/Passwords; note that they are large, and
200 so this operation typically takes some time (minutes up to an hour
201 or so).
202 Clip options
204 -a, --attribute
205 Copies the specified attribute to the clipboard. If no attribute is
206 specified, the password attribute is the default. For example, "-a
207 username" would copy the username to the clipboard. [Default:
208 password]
209 -t, --totp
211 Copies the current TOTP instead of the specified attribute to the
212 clipboard. Will report an error if no TOTP is configured for the
213 entry.
214 Create options
216 -k, --set-key-file <path>
217 Set the key file for the database.
218 -p, --set-password
220 Set a password for the database.
221 -t, --decryption-time <time>
223 Target decryption time in MS for the database.
224 Show options
226 -a, --attributes <attribute>...
227 Shows the named attributes. This option can be specified more than
228 once, with each attribute shown one-per-line in the given order. If
229 no attributes are specified and -t is not specified, a summary of
230 the default attributes is given. Protected attributes will be
231 displayed in clear text if specified explicitly by this option.
232 -s, --show-protected
234 Shows the protected attributes in clear text.
235 -t, --totp
237 Also shows the current TOTP, reporting an error if no TOTP is
238 configured for the entry.
239 Diceware options
241 -W, --words <count>
242 Sets the desired number of words for the generated passphrase.
243 [Default: 7]
244 -w, --word-list <path>
246 Sets the Path of the wordlist for the diceware generator. The
247 wordlist must have > 1000 words, otherwise the program will fail.
248 If the wordlist has < 4000 words a warning will be printed to
249 STDERR.
250 Export options
252 -f, --format
253 Format to use when exporting. Available choices are xml or csv.
254 Defaults to xml.
255 List options
257 -R, --recursive
258 Recursively lists the elements of the group.
259 -f, --flatten
261 Flattens the output to single lines. When this option is enabled,
262 subgroups and subentries will be displayed with a relative group
263 path instead of indentation.
264 Generate options
266 -L, --length <length>
267 Sets the desired length for the generated password. [Default: 16]
268 -l, --lower
270 Uses lowercase characters for the generated password. [Default:
271 Enabled]
272 -U, --upper
274 Uses uppercase characters for the generated password. [Default:
275 Enabled]
276 -n, --numeric
278 Uses numbers characters for the generated password. [Default:
279 Enabled]
280 -s, --special
282 Uses special characters for the generated password. [Default:
283 Disabled]
284 -e, --extended
286 Uses extended ASCII characters for the generated password.
287 [Default: Disabled]
288 -x, --exclude <chars>
290 Comma-separated list of characters to exclude from the generated
291 password. None is excluded by default.
292 --exclude-similar
294 Exclude similar looking characters. [Default: Disabled]
295 --every-group
297 Include characters from every selected group. [Default: Disabled]
298
300 Project homepage
301 https://keepassxc.org
302 QuickStart Guide
304 https://keepassxc.org/docs/KeePassXC_GettingStarted.html
305 User Guide
307 https://keepassxc.org/docs/KeePassXC_UserGuide.html
308 Git repository
310 https://github.com/keepassxreboot/keepassxc.git
311
313 This manual page was originally written by Manolis Agkopian
314 <m.agkopian@gmail.com>.
315
317 Bugs and feature requests can be reported on GitHub at
318 https://github.com/keepassxreboot/keepassxc/issues.
319
321 Copyright (C) 2016-2020 KeePassXC Team <team@keepassxc.org>
322 KeePassXC code is licensed under GPL-2 or GPL-3.
324KeePassXC 2.6.0 2020-07-10 KEEPASSXC-CLI(1)