Home

Awesome

KeePass-Node

Node.js with AngularJS implementation of a KeePass2 editor.

Build Status Coverage Status

What?

You should probably know about KeePass as a tool to manage your passwords or other secrets in an encrypted file. Since the default tool to edit and view your passwords is based on .NET you might not be able to use your keys everytime you need them due to missing libraries or a wrong platform (Mono needs to be installed on Linux systems).

KeePass-Node is based on the idea of BrowsePass, which helps you to open a file from your current filesystem or from a URL by using only browser based libraries.

While it's a great step forward to use a browser based KeePass reader, I don't want to save my keepass file in any cloud (I guess I changed my mind - see below for Google Drive sync) or keep it with me on a USB stick all the time. I expect to mostly have internet access, so what about saving my keepass file on my private server and access it by a tool like BrowserPass? For the typical usage of only reading from my keepass file, that would be enough.

To make BrowserPass more convenient, I didn't want to always upload a keepass file. I just wanted to enter a password to see my entries, so I searched for an improved solution. Long story short: I didn't find any, so I build it myself. KeePass-Node was born.

Installation

First, you need Node.js running on your server of choice and navigate to a suitable folder. Then:

~$ git clone https://github.com/gesellix/keepass-node.git
~$ cd keepass-node

You'll find a config template keepass-node-config.template.js which shows you how to configure port (default 8443), an optional context path (also known as base path), https (optional), basic authentication (optional), and Google Drive sync (optional). Optional features are disabled by default.

To give KeePass-Node a minimal config you need to create a file keepass-node-config.js in the project's root folder and paste at least something like this:

module.exports = {
  "port": 8443
};

After changing its content to fit your needs, you can finish the installation and start the KeePass-Node server:

~/keepass-node$ npm install
~/keepass-node$ npm start

NPM should download a small part of the internet for you and start the KeePass-Node server on the configured port. You may now enter the URL into your browser like follows, just replace "localhost" with your hostname: http://localhost:8443/.

KeePass-Node comes with an example.kdbx which should be the already selected database. You have to enter the keepass file password now, the default is password. After a click on load, you should see the familiar tree structure of keepass groups.

How to provide your personal KeePass2 file

Local copy

Then you need to provide your keepass file. KeePass-Node expects any keepass files in the subfolder ./local/. You should find the mentioned example.kdbx there. You can copy your keepass file to that folder or create a symbolic link (Windows users may ignore that hint). Hit CTRL-C if KeePass-Node is still running or use another shell.

~/keepass-node$ cd local
~/keepass-node/local$ ln -s ~/path/to/my/keepass.kdbx keepass.kdbx

Now start the server again (if not still running):

~/keepass-node/local$ cd ..
~/keepass-node$ npm start

Refresh your browser window and you should see your keepass.kdbx in the database dropdown list.

Download from Google Drive

In case you also keep your keepass.kdbx file on Google Drive, you can make KeePass-Node update the local copy by downloading it from Google Drive. I didn't want to publicly share my keepass file, so I configured a web application client for Google Drive at the Google Developers Console. If this is completely new for you, you can find a very short introduction at the Google Drive SDK Quickstart. Essentially, you'll need to go through the setup of a project and application in the Developers Console.

After your application setup, KeePass-Node need the following properties:

"client_id": "123456789012-abcdefghijklmnopqrstuvwxyz123456.apps.googleusercontent.com",
"client_secret": "aBcDeFgHiJkL987456_01234",
"redirect_uris": ["https://www.example.com:8843/update/oauth2callback"]

Please make sure that the first element in redirect_uris has a path equalling /update/oauth2callback, due to the current implementation. The properties need to be pasted into the config file keepass-node-config.js under googleDrive.clientSecret. Please also provide a googleDrive.fileTitle and change the property googleDrive.enabled to true.

After restarting KeePass-Node, you can enter the following uri in your browser: https://www.example.com:8843/update. It should redirect you to a Google page asking you for permission to make KeePass-Node use your Google Drive in readonly mode. When you accept the permission, you'll be redirected back to KeePass-Node, and it will download the file named like you have configured as fileTitle and save it at .../local/google-drive.kdbx.

A browser refresh later, and you can choose the updated google-drive.kdbx from the KeePass-Node database dropdown.

Next

There already are some ideas on improving this little tool:

Technical details

As mentioned above I wanted to use the BrowserPass concept to read .kdbx files. Well, I tried to use its code and converted it to a little node module. That wasn't much fun and the result wasn't beautiful (you may find it in the commit history), so I searched for an existing node module and found a working one named keepass.io.

The frontend uses AngularJS as application framework, Angular Treeview for the keepass entry navigation, clipboard.js for convenient "copy password", and the Angular Material for the ui and interaction stuff.

Contributing and Contact

Issues and pull requests can be submitted via GitHub. You may contact me via Twitter: @gesellix.

License

See Apache 2 License.