KeePassXC is a password manager, used to save all your username/password combinations in one place and securing them with strong encryption. I won’t be talking here about the advantages of password managers, I will assume that you have heard of them before and know how they are used.
I have been using KeePass for a few years now and I love it. I started using KeePass 2 on Windows, then transitioned over to KeePassX for Linux (which is not developed actively anymore). Now there is KeePassXC, which is a modern community-driven version. It works on Windows, Linux and macOS and I highly recommend it! Also, read the FAQ.
The interesting features of KeePassXC can be seen on the homepage itself, but the most important feature for me was the seamless integration into my Firefox browser. This is how it works: Whenever you open a webpage with a login, Firefox checks if KeePassXC has a saved password for the page. If it finds one, it automatically enters the username and password into the fields on the page.
I will be working with KeePassXC 2.2.1 and Firefox 57+. This version of Firefox starts using WebExtensions, which is just a new type of browser extensions. Older versions of KeePass addons won’t work with new versions of Firefox.
There are two parts which need to be configured for this procedure to work.
Note: This information is mostly outdated. There is an official browser plugin for KeePassXC 2.3.0. Read about it here: New KeePassXC 2.3.0 released
Setting up a database
After downloading and installing KeePassXC, start it and open a database. If you already have a database with passwords and set up URLs for your logins, you can skip this section.
If you have never used KeePass, create a new one. Insert your master password, which should be a strong password. This is the password that will protect all your other passwords, so make it long and difficult to guess. After this step, you can start to create new entries.
When you create a new entry, you need to fill at least three fields: username, password and URL. These should be self-explaining. For the URL, put in the webpage where the login should trigger, for example: “https://facebook.com/login”.
Save the database and you are done! In the next step you will configure KeePassHttp.
Set up KeePassHttp
KeePassHttp is a plugin for KeePass. At the time of writing, it is integrated into KeePassXC. Open the settings under “Tools – Settings” and click on “Browser Integration” on the left sidebar. If the option is not enabled yet, click on “Enable KeePassHttp server”.
Enable the following options (click for full size):
You can hover over the options for more information on what each of them does.
Congratulations, you passed the first part of this tutorial! Next: Firefox!
Is KeePassHttp secure?
Short answer: As long as your computer is safe, yes.
Long answer: Official README and some GitHub Issues
Firefox and the right plugins
You can skip this paragraph, which talks a bit about the history of Firefox plugins for KeePass and the struggles.
In the old days of Firefox, there was KeepassHttp, the plugin for KeePass 2, which needed a lot of configuration. With KeeFox, a Firefox extension, it nearly worked out-of-the-box, but really only on Windows. Let me tell you, it was awful! Later came PassIFox and chromeIPass for Chrome, which also worked with the Linux ports. They did not come without issues, often breaking functionality after a Firefox or KeePass update. The maintainers of the above plugins often did not merge their patches and updates into the Mozilla extension, which led to weeks without working implementation.
Then, some day, you needed a new extension so that KeePass can read the URL from
Finally, Mozilla switched to Web Extensions, which completely broke the extensions for the newest versions of Firefox.
But, the extensions are still actively developed, and some ingenuous developer built and uploaded a working version of PassIFox, called KeePassHttp-Connector.
KeePassHttp-Connector
Download it here: https://addons.mozilla.org/it/firefox/addon/keepasshttp-connector/
Update from 2017-11-14:
The addon was removed from the Mozilla page, but the GitHub repository is still available. The Firefox addon is the .xpi file, for Chrome download the .crx. You can download the latest release here: https://github.com/smorks/keepasshttp-connector/releases.
Update from 2017-11-21:
The addon is available again on the Mozilla webpage and works with Firefox 57+ (named Quantum).
KeepassXC-Browser
Update from 2018-04-08:
Note: This information is mostly outdated. There is an official browser plugin for KeePassXC 2.3.0. Read about it here: New KeePassXC 2.3.0 released
This is the only plugin you need for Firefox 57+. After installing, you can click on the plugin in the Firefox menu bar and click “Connect”.
If the previous steps were correctly executed, KeePassXC will now open a window and ask for confirmation. Enter a name (ex. “Firefox”) and click OK.
Now you are done. Open the web page for one of your logins and the fields should be filled with your credentials!
Not working as described or having problems? Head to GitHub and open an issue or comment below!
[…] Connecting KeePassXC and Firefox for automated logins … […]
I fail to see the purpose of keepassxc-browser. I mean, one has to have the keepassxc application open and accessing the database that one has to use, if keepasxc-browser is going to do anything useful. I guess it provides a degree of convenience, but it does not seem to be all that significant for the most common use cases. Or am I missing something?
You mean the browser plugin? Offers autocomplete for your passwords in a browser, which is convenient and you do not need to jump back and forth between browser and password manager.
Were you able to get the new KeePassXC Browser plugin to work with Firefox Portable? I’m trying to figure out how to get by the “Cannot encrypt message or public key not found. Is native messaging or support for your browser enabled in KeePassXC?” error, but not having much luck.
The devs on the browser plugin review site indicated that some sort of change is required to get Firefox Portable to read the registry, but weren’t specific about what edits need to be made.
Any ideas?
Hello,
I just tried it on a Windows machine with Firefox Portable 64 and the latest KeePassXC version. In the settings, you need to disable “Use a proxy application between KeePassXC and browser extension” and then you should be able to connect from the plugin.
Also thanks to KevinMok (see comment below) for pointing this out. I am going to update the article.
Unable to add database, so it’s useless. Edit: I was able to connect my database. I’m using Firefox Portable, which doesn’t work with the default proxy. Make sure the “Use a proxy application between KeePassXC and browser extension” is unchecked, and it should connect.
By the way! The best essay writing service – https://[redacted]/
In the meantime ther is a better, more secure, way for Keepass Http . KeepassXC-Browser is now the best extensions for Firefox , Chrome, n
And Chromium. I have installed this and I noticed that it is very usefull. It’s development is still active and this extensions is recommended by the KeepassXC project.
Maybe it’s time to update your article, because there is a need for this awesome explanations.
Hello and thanks for your comment. You are right, there is an official browser plugin now, so I’ll update the post!
[…] already wrote about KeePassXC before, you can read about it here and stop using bad passwords […]
Thank you very much for this! D
Thank you for this excellent article. I am switching to Linux after 30 years of being a Dos/Windows programmer. It’s not that I’ve become a died in the wool open source advocate or anything like that. I am just so tired of Google/Apple/Microsoft/Amazon/Government/Intel/My ISP tracking everything that I do. It’s got to the point that it is just creepy.
Keepass has long been a staple in my repertoire, and I was afraid I might not find a replacement for it in Linux. KeePassXC more than fits the bill. As of this week, I will be full bore Linux Mint Mate, with Windows 7 on KVM for the 3 programs I have no replacement for. They are not used much, but it’s easy enough to keep a VM around for when I need it.
The addon is available again on the Mozilla addon page. I think they updated it for the new firefox version and web extensions.
https://addons.mozilla.org/it/firefox/addon/keepasshttp-connector/
Hi
I cannot find this addon, could you send it to me by email?
Thanks
Urs
Oh, I see, the addon was removed from the Mozilla page. You can download the latest release from the official GitHub repository here:
https://github.com/smorks/keepasshttp-connector/releases
I will update the blog post.