keepassxc-cli

KEEPASSXC-CLI(1)             General Commands Manual            KEEPASSXC-CLI(1)



NAME
       keepassxc-cli - command line interface for the KeePassXC password manager

SYNOPSIS
       keepassxc-cli command [options]

DESCRIPTION
       keepassxc-cli is the command line interface for the KeePassXC password
       manager. It provides the ability to query and modify the entries of a
       KeePass database, directly from the command line.

COMMANDS
       add [options] <database> <entry>
           Adds a new entry to a database. A password can be generated (-g
           option), or a prompt can be displayed to input the password (-p
           option). The same password generation options as documented for the
           generate command can be used when the -g option is set.

       analyze [options] <database>
           Analyzes passwords in a database for weaknesses.

       clip [options] <database> <entry> [timeout]
           Copies an attribute or the current TOTP (if the -t option is
           specified) of a database entry to the clipboard. If no attribute name
           is specified using the -a option, the password is copied. If multiple
           entries with the same name exist in different groups, only the
           attribute for the first one is copied. For copying the attribute of
           an entry in a specific group, the group path to the entry should be
           specified as well, instead of just the name. Optionally, a timeout in
           seconds can be specified to automatically clear the clipboard.

       close
           In interactive mode, closes the currently opened database (see open).

       db-create [options] <database>
           Creates a new database with a password and/or a key file. The key
           file will be created if the file that is referred to does not exist.
           If both the key file and password are empty, no database will be
           created.

       db-info [options] <database>
           Show a database’s information.

       diceware [options]
           Generates a random diceware passphrase.

       edit [options] <database> <entry>
           Edits a database entry. A password can be generated (-g option), or a
           prompt can be displayed to input the password (-p option). The same
           password generation options as documented for the generate command
           can be used when the -g option is set.

       estimate [options] [password]
           Estimates the entropy of a password. The password to estimate can be
           provided as a positional argument, or using the standard input.

       exit
           Exits interactive mode. Synonymous with quit.

       export [options] <database>
           Exports the content of a database to standard output in the specified
           format (defaults to XML).

       generate [options]
           Generates a random password.

       help [command]
           Displays a list of available commands, or detailed information about
           the specified command.

       import [options] <xml> <database>
           Imports the contents of an XML database to the target database.

       locate [options] <database> <term>
           Locates all the entries that match a specific search term in a
           database.

       ls [options] <database> [group]
           Lists the contents of a group in a database. If no group is
           specified, it will default to the root group.

       merge [options] <database1> <database2>
           Merges two databases together. The first database file is going to be
           replaced by the result of the merge, for that reason it is advisable
           to keep a backup of the two database files before attempting a merge.
           In the case that both databases make use of the same credentials, the
           --same-credentials or -s option can be used.

       mkdir [options] <database> <group>
           Adds a new group to a database.

       mv [options] <database> <entry> <group>
           Moves an entry to a new group.

       open [options] <database>
           Opens the given database in a shell-style interactive mode. This is
           useful for performing multiple operations on a single database (e.g.
           ls followed by show).

       quit
           Exits interactive mode. Synonymous with exit.

       rm [options] <database> <entry>
           Removes an entry from a database. If the database has a recycle bin,
           the entry will be moved there. If the entry is already in the recycle
           bin, it will be removed permanently.

       rmdir [options] <database> <group>
           Removes a group from a database. If the database has a recycle bin,
           the group will be moved there. If the group is already in the recycle
           bin, it will be removed permanently.

       show [options] <database> <entry>
           Shows the title, username, password, URL and notes of a database
           entry. Can also show the current TOTP. Regarding the occurrence of
           multiple entries with the same name in different groups, everything
           stated in the clip command section also applies here.

OPTIONS
   General options
       --debug-info
           Displays debugging information.

       -k, --key-file <path>
           Specifies a path to a key file for unlocking the database. In a merge
           operation this option, is used to specify the key file path for the
           first database.

       --no-password
           Deactivates the password key for the database.

       -y, --yubikey <slot>
           Specifies a yubikey slot for unlocking the database. In a merge
           operation this option is used to specify the YubiKey slot for the
           first database.

       -q, --quiet <path>
           Silences password prompt and other secondary outputs.

       -h, --help
           Displays help information.

       -v, --version
           Displays the program version.

   Merge options
       -d, --dry-run <path>
           Prints the changes detected by the merge operation without making any
           changes to the database.

       --key-file-from <path>
           Sets the path of the key file for the second database.

       --no-password-from
           Deactivates password key for the database to merge from.

       --yubikey-from <slot>
           YubiKey slot for the second database.

       -s, --same-credentials
           Uses the same credentials for unlocking both databases.

   Add and edit options
       The same password generation options as documented for the generate
       command can be used with those 2 commands when the -g option is set.

       -u, --username <username>
           Specifies the username of the entry.

       --url <url>
           Specifies the URL of the entry.

       -p, --password-prompt
           Uses a password prompt for the entry’s password.

       -g, --generate
           Generates a new password for the entry.

   Edit options
       -t, --title <title>
           Specifies the title of the entry.

   Estimate options
       -a, --advanced
           Performs advanced analysis on the password.

   Analyze options
       -H, --hibp <filename>
           Checks if any passwords have been publicly leaked, by comparing
           against the given list of password SHA-1 hashes, which must be in
           "Have I Been Pwned" format. Such files are available from
           https://haveibeenpwned.com/Passwords; note that they are large, and
           so this operation typically takes some time (minutes up to an hour or
           so).

   Clip options
       -a, --attribute
           Copies the specified attribute to the clipboard. If no attribute is
           specified, the password attribute is the default. For example, "-a
           username" would copy the username to the clipboard. [Default:
           password]

       -t, --totp
           Copies the current TOTP instead of the specified attribute to the
           clipboard. Will report an error if no TOTP is configured for the
           entry.

   Create options
       -k, --set-key-file <path>
           Set the key file for the database.

       -p, --set-password
           Set a password for the database.

       -t, --decryption-time <time>
           Target decryption time in MS for the database.

   Show options
       -a, --attributes <attribute>...
           Shows the named attributes. This option can be specified more than
           once, with each attribute shown one-per-line in the given order. If
           no attributes are specified and -t is not specified, a summary of the
           default attributes is given. Protected attributes will be displayed
           in clear text if specified explicitly by this option.

       -s, --show-protected
           Shows the protected attributes in clear text.

       -t, --totp
           Also shows the current TOTP, reporting an error if no TOTP is
           configured for the entry.

   Diceware options
       -W, --words <count>
           Sets the desired number of words for the generated passphrase.
           [Default: 7]

       -w, --word-list <path>
           Sets the Path of the wordlist for the diceware generator. The
           wordlist must have > 1000 words, otherwise the program will fail. If
           the wordlist has < 4000 words a warning will be printed to STDERR.

   Export options
       -f, --format
           Format to use when exporting. Available choices are xml or csv.
           Defaults to xml.

   List options
       -R, --recursive
           Recursively lists the elements of the group.

       -f, --flatten
           Flattens the output to single lines. When this option is enabled,
           subgroups and subentries will be displayed with a relative group path
           instead of indentation.

   Generate options
       -L, --length <length>
           Sets the desired length for the generated password. [Default: 16]

       -l, --lower
           Uses lowercase characters for the generated password. [Default:
           Enabled]

       -U, --upper
           Uses uppercase characters for the generated password. [Default:
           Enabled]

       -n, --numeric
           Uses numbers characters for the generated password. [Default:
           Enabled]

       -s, --special
           Uses special characters for the generated password. [Default:
           Disabled]

       -e, --extended
           Uses extended ASCII characters for the generated password. [Default:
           Disabled]

       -x, --exclude <chars>
           Comma-separated list of characters to exclude from the generated
           password. None is excluded by default.

       --exclude-similar
           Exclude similar looking characters. [Default: Disabled]

       --every-group
           Include characters from every selected group. [Default: Disabled]

NOTES
       Project homepage
           https://keepassxc.org

       QuickStart Guide
           https://keepassxc.org/docs/KeePassXC_GettingStarted.html

       User Guide
           https://keepassxc.org/docs/KeePassXC_UserGuide.html

       Git repository
           https://github.com/keepassxreboot/keepassxc.git

AUTHOR
       This manual page was originally written by Manolis Agkopian
       m.agkopian@gmail.com.

REPORTING BUGS
       Bugs and feature requests can be reported on GitHub at
       https://github.com/keepassxreboot/keepassxc/issues.

COPYRIGHT
       Copyright (C) 2016-2020 KeePassXC Team team@keepassxc.org

       KeePassXC code is licensed under GPL-2 or GPL-3.



KeePassXC 2.6.0                    2020-07-10                   KEEPASSXC-CLI(1)