keepassxc-cli.1.adoc 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320
  1. // Copyright (C) 2017 Manolis Agkopian <m.agkopian@gmail.com>
  2. // Copyright (C) 2020 KeePassXC Team <team@keepassxc.org>
  3. //
  4. // This program is free software: you can redistribute it and/or modify
  5. // it under the terms of the GNU General Public License as published by
  6. // the Free Software Foundation, either version 2 or (at your option)
  7. // version 3 of the License.
  8. //
  9. // This program is distributed in the hope that it will be useful,
  10. // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. // GNU General Public License for more details.
  13. //
  14. // You should have received a copy of the GNU General Public License
  15. // along with this program. If not, see <http://www.gnu.org/licenses/>.
  16. = keepassxc-cli(1)
  17. KeePassXC Team <team@keepassxc.org>
  18. :docdate: 2020-08-31
  19. :doctype: manpage
  20. :mansource: KeePassXC {revnumber}
  21. :manmanual: General Commands Manual
  22. == NAME
  23. keepassxc-cli - command line interface for the KeePassXC password manager
  24. == SYNOPSIS
  25. *keepassxc-cli* _command_ [_options_]
  26. == DESCRIPTION
  27. *keepassxc-cli* is the command line interface for the *KeePassXC* password manager.
  28. It provides the ability to query and modify the entries of a KeePass database, directly from the command line.
  29. == COMMANDS
  30. *add* [_options_] <__database__> <__entry__>::
  31. Adds a new entry to a database.
  32. A password can be generated (*-g* option), or a prompt can be displayed to input the password (*-p* option).
  33. The same password generation options as documented for the generate command can be used when the *-g* option is set.
  34. *analyze* [_options_] <__database__>::
  35. Analyzes passwords in a database for weaknesses using offline HIBP SHA-1 hash lookup.
  36. *clip* [_options_] <__database__> <__entry__> [_timeout_]::
  37. Copies an attribute or the current TOTP (if the *-t* option is specified) of a database entry to the clipboard.
  38. If no attribute name is specified using the *-a* option, the password is copied.
  39. If multiple entries with the same name exist in different groups, only the attribute for the first one is copied.
  40. For copying the attribute of an entry in a specific group, the group path to the entry should be specified as well, instead of just the name.
  41. Optionally, a timeout in seconds can be specified to automatically clear the clipboard, the default timeout is 10 seconds, set to 0 to disable.
  42. *close*::
  43. In interactive mode, closes the currently opened database (see *open*).
  44. *db-create* [_options_] <__database__>::
  45. Creates a new database with a password and/or a key file.
  46. The key file will be created if the file that is referred to does not exist.
  47. If both the key file and password are empty, no database will be created.
  48. *db-info* [_options_] <__database__>::
  49. Show a database's information.
  50. *diceware* [_options_]::
  51. Generates a random diceware passphrase.
  52. *edit* [_options_] <__database__> <__entry__>::
  53. Edits a database entry.
  54. A password can be generated (*-g* option), or a prompt can be displayed to input the password (*-p* option).
  55. The same password generation options as documented for the generate command can be used when the *-g* option is set.
  56. *estimate* [_options_] [_password_]::
  57. Estimates the entropy of a password.
  58. The password to estimate can be provided as a positional argument, or using the standard input.
  59. *exit*::
  60. Exits interactive mode.
  61. Synonymous with *quit*.
  62. *export* [_options_] <__database__>::
  63. Exports the content of a database to standard output in the specified format (defaults to XML).
  64. *generate* [_options_]::
  65. Generates a random password.
  66. *help* [_command_]::
  67. Displays a list of available commands, or detailed information about the specified command.
  68. *import* [_options_] <__xml__> <__database__>::
  69. Imports the contents of an XML exported database to a new created database
  70. with a password and/or key file.
  71. The key file will be created if the file that is referred to does not exist.
  72. If both the key file and password are empty, no database will be created.
  73. The new database will be in kdbx 4 format.
  74. *locate* [_options_] <__database__> <__term__>::
  75. Locates all the entries that match a specific search term in a database.
  76. *ls* [_options_] <__database__> [_group_]::
  77. Lists the contents of a group in a database.
  78. If no group is specified, it will default to the root group.
  79. *merge* [_options_] <__database1__> <__database2__>::
  80. Merges two databases together.
  81. The first database file is going to be replaced by the result of the merge, for that reason it is advisable to keep a backup of the two database files before attempting a merge.
  82. In the case that both databases make use of the same credentials, the *--same-credentials* or *-s* option can be used.
  83. *mkdir* [_options_] <__database__> <__group__>::
  84. Adds a new group to a database.
  85. *mv* [_options_] <__database__> <__entry__> <__group__>::
  86. Moves an entry to a new group.
  87. *open* [_options_] <__database__>::
  88. Opens the given database in a shell-style interactive mode.
  89. This is useful for performing multiple operations on a single database (e.g. *ls* followed by *show*).
  90. *quit*::
  91. Exits interactive mode.
  92. Synonymous with *exit*.
  93. *rm* [_options_] <__database__> <__entry__>::
  94. Removes an entry from a database.
  95. If the database has a recycle bin, the entry will be moved there.
  96. If the entry is already in the recycle bin, it will be removed permanently.
  97. *rmdir* [_options_] <__database__> <__group__>::
  98. Removes a group from a database.
  99. If the database has a recycle bin, the group will be moved there.
  100. If the group is already in the recycle bin, it will be removed permanently.
  101. *show* [_options_] <__database__> <__entry__>::
  102. Shows the title, username, password, URL and notes of a database entry.
  103. Can also show the current TOTP.
  104. Regarding the occurrence of multiple entries with the same name in different groups, everything stated in the *clip* command section also applies here.
  105. == OPTIONS
  106. === General options
  107. *--debug-info*::
  108. Displays debugging information.
  109. *-k*, *--key-file* <__path__>::
  110. Specifies a path to a key file for unlocking the database.
  111. In a merge operation this option, is used to specify the key file path for the first database.
  112. *--no-password*::
  113. Deactivates the password key for the database.
  114. *-y*, *--yubikey* <__slot__>::
  115. Specifies a yubikey slot for unlocking the database.
  116. In a merge operation this option is used to specify the YubiKey slot for the first database.
  117. *-q*, *--quiet* <__path__>::
  118. Silences password prompt and other secondary outputs.
  119. *-h*, *--help*::
  120. Displays help information.
  121. *-v*, *--version*::
  122. Displays the program version.
  123. === Merge options
  124. *-d*, *--dry-run* <__path__>::
  125. Prints the changes detected by the merge operation without making any changes to the database.
  126. *--key-file-from* <__path__>::
  127. Sets the path of the key file for the second database.
  128. *--no-password-from*::
  129. Deactivates password key for the database to merge from.
  130. *--yubikey-from* <__slot__>::
  131. YubiKey slot for the second database.
  132. *-s*, *--same-credentials*::
  133. Uses the same credentials for unlocking both databases.
  134. === Add and edit options
  135. The same password generation options as documented for the generate command can be used with those 2 commands when the *-g* option is set.
  136. *-u*, *--username* <__username__>::
  137. Specifies the username of the entry.
  138. *--url* <__url__>::
  139. Specifies the URL of the entry.
  140. *--notes* <__notes__>::
  141. Specifies the notes of the entry.
  142. *-p*, *--password-prompt*::
  143. Uses a password prompt for the entry's password.
  144. *-g*, *--generate*::
  145. Generates a new password for the entry.
  146. === Edit options
  147. *-t*, *--title* <__title__>::
  148. Specifies the title of the entry.
  149. === Estimate options
  150. *-a*, *--advanced*::
  151. Performs advanced analysis on the password.
  152. === Analyze options
  153. *-H*, *--hibp* <__filename__>::
  154. Checks if any passwords have been publicly leaked, by comparing against the given list of password SHA-1 hashes, which must be in "Have I Been Pwned" format.
  155. Such files are available from https://haveibeenpwned.com/Passwords;
  156. note that they are large, and so this operation typically takes some time (minutes up to an hour or so).
  157. *--okon* <__okon-cli path__>::
  158. Use the specified okon-cli program to perform offline breach checks. You can obtain okon-cli from https://github.com/stryku/okon.
  159. When using this option, *-H, --hibp* must point to a post-processed okon file (e.g. file.okon).
  160. === Clip options
  161. *-a*, *--attribute*::
  162. Copies the specified attribute to the clipboard.
  163. If no attribute is specified, the password attribute is the default.
  164. For example, "*-a* *username*" would copy the username to the clipboard.
  165. [Default: password]
  166. *-t*, *--totp*::
  167. Copies the current TOTP instead of the specified attribute to the clipboard.
  168. Will report an error if no TOTP is configured for the entry.
  169. *-b*, *--best*::
  170. Try to find and copy to clipboard a unique entry matching the input (similar to *-locate*)
  171. If a unique matching entry is found it will be copied to the clipboard.
  172. If multiple entries are found they will be listed to refine the search. (no clip performed)
  173. === Create and Import options
  174. *-k*, *--set-key-file* <__path__>::
  175. Set the key file for the database.
  176. *-p*, *--set-password*::
  177. Set a password for the database.
  178. *-t*, *--decryption-time* <__time__>::
  179. Target decryption time in MS for the database.
  180. === Show options
  181. *-a*, *--attributes* <__attribute__>...::
  182. Shows the named attributes.
  183. This option can be specified more than once, with each attribute shown one-per-line in the given order.
  184. If no attributes are specified and *-t* is not specified, a summary of the default attributes is given.
  185. Protected attributes will be displayed in clear text if specified explicitly by this option.
  186. *-s*, *--show-protected*::
  187. Shows the protected attributes in clear text.
  188. *-t*, *--totp*::
  189. Also shows the current TOTP, reporting an error if no TOTP is configured for the entry.
  190. === Diceware options
  191. *-W*, *--words* <__count__>::
  192. Sets the desired number of words for the generated passphrase.
  193. [Default: 7]
  194. *-w*, *--word-list* <__path__>::
  195. Sets the Path of the wordlist for the diceware generator.
  196. The wordlist must have > 1000 words, otherwise the program will fail.
  197. If the wordlist has < 4000 words a warning will be printed to STDERR.
  198. === Export options
  199. *-f*, *--format*::
  200. Format to use when exporting.
  201. Available choices are xml or csv.
  202. Defaults to xml.
  203. === List options
  204. *-R*, *--recursive*::
  205. Recursively lists the elements of the group.
  206. *-f*, *--flatten*::
  207. Flattens the output to single lines.
  208. When this option is enabled, subgroups and subentries will be displayed with a relative group path instead of indentation.
  209. === Generate options
  210. *-L*, *--length* <__length__>::
  211. Sets the desired length for the generated password.
  212. [Default: 16]
  213. *-l*, *--lower*::
  214. Uses lowercase characters for the generated password.
  215. [Default: Enabled]
  216. *-U*, *--upper*::
  217. Uses uppercase characters for the generated password.
  218. [Default: Enabled]
  219. *-n*, *--numeric*::
  220. Uses numbers characters for the generated password.
  221. [Default: Enabled]
  222. *-s*, *--special*::
  223. Uses special characters for the generated password.
  224. [Default: Disabled]
  225. *-e*, *--extended*::
  226. Uses extended ASCII characters for the generated password.
  227. [Default: Disabled]
  228. *-x*, *--exclude* <__chars__>::
  229. Comma-separated list of characters to exclude from the generated password.
  230. None is excluded by default.
  231. *--exclude-similar*::
  232. Exclude similar looking characters.
  233. [Default: Disabled]
  234. *--every-group*::
  235. Include characters from every selected group.
  236. [Default: Disabled]
  237. include::includes/section-notes.adoc[]
  238. == AUTHOR
  239. This manual page was originally written by Manolis Agkopian <m.agkopian@gmail.com>.
  240. include::includes/section-reporting-bugs.adoc[]
  241. include::includes/section-copyright.adoc[]