So I use KeePass a lot as my password manager. Why you should use a password manager is a little beyond this post, but it’s a great way to securely store individual passwords for every use you have, so you can use more secure passwords that you’ll never remember, and when one password is compromised, the other accounts you have remain secure.
Keepass works good in Ubuntu Linux using the Mono library, and it also works with Android, windows, which I need. There is a KeePassX project for a native port, but the normal version works well enough for me.
So when I logged into KDE4 I would have to type in my Kwallet password (kwallet is the password manager built into KDE – if anyone builds a plugin to read Keepass files, I will send you money) so I could connect to the WIFI, then I would have to type in the master password for KeePass, and then occasionally KOrganizer will ask for my gmail password to sync the calendar.
This sucks, so I wrote a quick little script to store my KeePass master password in Kwallet, and when KDE starts, retrieve it and start KeePass automatically from the file in my Dropbox folder.
#!/bin/bash # startup keepass with a password from KWallet walletkey=$(/usr/bin/kwalletcli -f Passwords \ -e KeePass) #open Keepass mono /opt/KeePass2/KeePass.exe --lock & #give keepass enough time to actually open, otherwise results are inconsistent sleep 3 # Tell keypass to open your password database mono /opt/KeePass2/KeePass.exe \ "/home/user/Dropbox/keepass/passwords.kdbx" \ -pw:$walletkey
Then save this script somewhere (I put it in /usr/local/bin/) and then go into Settings -> startup/shutdown and tag it as a script to start when you log into KDE.
…So now I just log in, type in my Kwallet password, and KeePass opens as well.
EDIT – 2015-04-06
Thanks to everyone who commented below with their ideas on improving this script. As mentioned, there’s a security issue with this script, which can be reduced by not using the password directly on the comment line. There are two methods below, YMMV, but I ended up with this hybrid:
#!/bin/bash # startup keepass with a password from KWallet walletkey=$(/usr/bin/kwalletcli -f Passwords -e KeePass) dbpath="/home/user/Dropbox/keepass/passwords.kdbx" echo "$walletkey" | mono /opt/KeePass2/KeePass.exe $dbpath \ --pw-stdin
This works really well, and the password is only available briefly, really reducing the ease at which it can be sniffed. Still not 100%, but security is always a tradeoff between ease of use and effectiveness. Thanks for everyone’s help!