keepass2

Start KeePass 2, opening the most recently opened password database

$ keepass2

$ keepass2 [path/to/database.kbdx]

$ keepass2 [path/to/database.kbdx] -keyfile:[path/to/key_file.key]

keepass2 [options] [database.kdbx]

-h, --help
    Display help summary and exit

-v, --version
    Print version and copyright info, then exit

-file:path
    Open specified database file

-keyfile:path
    Load specified key file

-pw:password
    Master password (visible in process list, insecure)

-useraccount:name
    User account name for login

-userpw:password
    User account password

-min
    Minimize main window after startup

-max
    Maximize main window after startup

-tray
    Minimize to tray after startup

-lock
    Lock database immediately after startup

-exit
    Exit after startup (if no DB opened)

-auto-submit
    Enable auto-submit logins

-auto-type
    Enable auto-type keystroke simulation

-debug
    Enable debug mode

keepass2 launches KeePass 2, a free open-source password manager for Linux via Mono. It encrypts passwords, usernames, notes, and attachments in a single .kdbx database using AES-256, protected by a master password, key file, or Windows user account.

The intuitive GUI supports hierarchical groups, custom fields, password history, strong password generator, search, auto-type (simulates keystrokes for secure form filling), TOTP/HOTP one-time passwords, and drag-and-drop. Entries can include URLs for browser launch, expiry dates, and attachments like files or images.

Key features: portable mode (no install traces), plugins for extensions (e.g., browser integration, SSH keys), triggers for automation, and multi-platform compatibility (Windows, macOS via ports). Command-line options enable scripted access like opening specific databases or auto-submitting logins.

Ideal for secure credential storage, avoiding browser password risks. Databases are portable across KeePass 2.x versions. On Linux, it's lightweight but Mono-dependent; native alternatives like KeePassXC offer better performance.

Uses Mono, causing higher resource use; passwords on CLI visible via ps(1); GUI-only (no full CLI editing); .kdbx v4 requires KeePass 2.34+. Avoid if preferring native apps.

.kdbx (XML or binary serialized, AES/Chacha20 encrypted). Backward-compatible v1-v4.

Zero-knowledge: only master key decrypts. Key files add protection. Audit plugins available.

KeePass 2.0 released November 2008 by Dominik Reichl; Linux Mono port circa 2009 via community packages (Debian/Ubuntu). Active development through 2.57 (2024), focusing security, UX, cross-platform.

keepassxc(1), mono(1), pwgen(1), gpg(1)