Scripts2026年4月13日·1 分钟阅读

KeePassXC — Cross-Platform Offline Password Manager

KeePassXC is a free, open-source, cross-platform password manager that keeps your passwords in an encrypted local database. No cloud sync, no subscription, no telemetry — just a secure, audited vault protected by a master password and optional key file.

SC
Script Depot · Community
快速使用

先拿来用,再决定要不要深挖

这里应该同时让用户和 Agent 知道第一步该复制什么、安装什么、落到哪里。

# Install KeePassXC
# macOS
brew install --cask keepassxc

# Linux
sudo apt install keepassxc
# Or Flatpak: flatpak install flathub org.keepassxc.KeePassXC

# Windows: download from keepassxc.org

# CLI usage
keepassxc-cli open ~/passwords.kdbx
keepassxc-cli show ~/passwords.kdbx "Email/Gmail"
keepassxc-cli generate -L 24 -slUn

Introduction

KeePassXC is a community-driven fork of KeePassX that stores all your passwords in a single, encrypted database file (.kdbx). Unlike cloud-based password managers (1Password, LastPass, Bitwarden), KeePassXC keeps everything local — your passwords never leave your machine unless you choose to sync the file yourself.

With over 27,000 GitHub stars, KeePassXC is the most popular desktop-first, offline password manager. It appeals to privacy-conscious users, security professionals, and organizations that require local-only credential storage for compliance.

What KeePassXC Does

KeePassXC stores credentials in an AES-256 or ChaCha20 encrypted database file. You unlock it with a master password, optional key file, or hardware key (YubiKey). The application provides auto-type (fills credentials into any application), browser integration, TOTP support, SSH agent integration, and a powerful password generator.

Architecture Overview

[KeePassXC Application]
C++ / Qt (native performance)
        |
   [Encrypted Database (.kdbx)]
   AES-256 or ChaCha20
   Argon2 key derivation
   Single file, portable
        |
+-------+-------+-------+
|       |       |       |
[Auto-Type] [Browser   [SSH Agent]
Fills into  Extension] Serve SSH
any app     Chrome,    keys from
via keyboard Firefox    the database
        |
   [Optional Sync]
   Syncthing, Dropbox,
   Google Drive, NAS
   (you control it)

Self-Hosting & Configuration

# CLI operations

# Create a new database
keepassxc-cli db-create ~/passwords.kdbx

# Add an entry
keepassxc-cli add ~/passwords.kdbx "Email/Gmail" \
  -u "user@gmail.com" --url "https://mail.google.com"

# Generate a strong password
keepassxc-cli generate -L 32 -slUn
# Output: xK9#mP2$vR7@nL4&bQ8*cT5!wF3^hJ6

# Search entries
keepassxc-cli locate ~/passwords.kdbx "gmail"

# Export to CSV (for migration)
keepassxc-cli export ~/passwords.kdbx --format csv > export.csv

# Merge databases
keepassxc-cli merge ~/passwords.kdbx ~/backup.kdbx

# Sync strategy: use Syncthing for encrypted .kdbx sync
# across devices — KeePassXC handles merge conflicts

Key Features

  • Offline First — all data stored locally in an encrypted file
  • Strong Encryption — AES-256 / ChaCha20 with Argon2 key derivation
  • Auto-Type — fills credentials into any application via keyboard simulation
  • Browser Integration — Chrome and Firefox extensions for web auto-fill
  • TOTP — built-in authenticator (2FA) code generation
  • SSH Agent — serve SSH keys directly from the password database
  • YubiKey — hardware key as additional authentication factor
  • Password Generator — customizable strong password generation

Comparison with Similar Tools

Feature KeePassXC Bitwarden 1Password LastPass
Storage Local file Cloud Cloud Cloud
Open Source Yes Yes (clients) No No
Cost Free Free + paid Paid Free + paid
Offline Access Full (default) Cached Cached Cached
Browser Extension Yes Yes Yes Yes
Mobile App KeePassDX/Strongbox Yes Yes Yes
TOTP Yes Yes (paid) Yes Yes
SSH Agent Yes No Yes No
Sync Manual (your choice) Cloud built-in Cloud built-in Cloud built-in

FAQ

Q: How do I sync KeePassXC across devices? A: Sync the .kdbx file using Syncthing (peer-to-peer), cloud storage (Dropbox, Google Drive), or a NAS. On mobile, use KeePassDX (Android) or Strongbox (iOS) to open the same file.

Q: Is local storage less secure than cloud? A: Local storage eliminates cloud breach risk but requires you to manage backups. The .kdbx file is strongly encrypted — even if someone gets the file, they cannot read it without your master password.

Q: Can I migrate from Bitwarden/1Password/LastPass? A: Yes. Export from your current manager as CSV, then import into KeePassXC via Database > Import. KeePassXC supports multiple import formats.

Q: What if I forget my master password? A: There is no recovery mechanism. If you forget the master password and do not have a key file backup, your data is permanently lost. This is by design for maximum security.

Sources

讨论

登录后参与讨论。
还没有评论,来写第一条吧。

相关资产

GoReleaser — Release Engineering for Go Projects

GoReleaser automates the entire Go release process: cross-compilation for all platforms, Docker image building, Homebrew formula generation, changelog creation, and publishing to GitHub/GitLab releases — all from a single YAML config.

Script Depot

VHS — Record Terminal Sessions as GIFs and Videos

VHS by Charmbracelet lets you write terminal recordings as code. Define commands in a .tape file, and VHS generates beautiful GIFs, MP4s, or WebMs — perfect for documentation, README demos, and project showcases.

Script Depot

Air — Live Reload for Go Applications

Air provides live reload for Go development. It watches your source files, automatically rebuilds on changes, and restarts the binary — giving you a hot-reload experience similar to nodemon for Node.js or Flask debug mode for Python.

Script Depot
首页🔍搜索👤我的