19
15
What's the best way to share certain passwords that are stored in a Keepass database?
For example, I want to share certain Banking Passwords with a family member, but I don't want to share my work passwords (or my personal Keepass database password)
Dan Esparza
Posted 2009-09-20T04:15:45.443
Reputation: 1 148
11
I usually just create different database files and share them with a Dropbox link, having two different files with two different random keys. I'm using version 2.09.
I have a "personal.kdbx" database that has all my personal stuff and a "company-name.kdbx". I usually use the "key file" option to open the databases since it's easier to the people I share with to copy it to an old USB drive and say "this drive is needed to open the passwords in the file, DO NOT lose this flash drive".
I don't know if this approach is a good one to your scenario, I think you're looking for some kind of "groups permissions" in a single *.kdbx file. I don't think this is possible. I haven't seen this option on the KeePass website or in the documentation.
GmonC
Posted 2009-09-20T04:15:45.443
Reputation: 2 322
24
I work voluntarily on various IT related projects, where we are groups of people that share passwords, and the different groups all share their own KeePass databases via Dropbox. All users are then required to have a personal KeePass database wherein the key to the shared databases are stored. This allows us to have a very secure password on our shared databases, but also requires that the different users also use secure passwords for their private databases.
This process is then simplified further by this neat "trick" I found on the KeePass forum (slightly modified/improved):
DbPath and with the value of where the shared database is located.cmd://"{APPDIR}\KeePass.exe" "{s:DbPath}" -pw-enc:{PASSWORD_ENC}CTRL + U.Hope you find this approach as useful as I did. :)
UPDATE
I do not know your reasoning behind choosing KeePass (I personally prefer it), but it sounds like your needs could be better met using LastPass that has sharing features built in.
Johny Skovdal
Posted 2009-09-20T04:15:45.443
Reputation: 1 155
1
You can also install a plugin in Keepass. I know that a Canadian company, Secure Exchanges, has developed an addin for Keepass that is used to share registration information via secure email. I use it for myself and it works very well.
Your contact will receive a secure email, which you can also protect with a password if you wish, and they will have access to your "password" without you having to share your comic or create a new user.
If you change your password afterwards, they will only receive it if you share it again.
Sylvain Richard
Posted 2009-09-20T04:15:45.443
Reputation: 11
1
Keep two separate databases (for your Banking passwords and one for your personal passwords).
You can then use use the Windows home sharing feature (in Win7) and share the .kdbx file for your banking passwords with a certain computer at home.
I would usually use a separate (specially created) email account where I would upload my personal .kdbx file as a backup. You can use this method to share your Bank passwords database with a person who knows the username and password for the email service where you uploaded the .kdbx.
Roger Johnson
Posted 2009-09-20T04:15:45.443
Reputation: 35
4Security note: When passing the password of another DB to to be opened by KeePass it is much better practice to encrypt the password before passing it in plaintext to cmd.exe. You can do this by replacing
-pw:{PASSWORD}with-pw-enc:{PASSWORD_ENC}See http://keepass.info/help/base/placeholders.html#passwordenc – adam – 2015-10-27T18:48:29.5531@Kiquenet: I'm not exactly sure what you're after. Having a bat file open KeePass without entering the password, completely destroys security of the setup. Perhaps you should ask a specific question about it? – Johny Skovdal – 2016-10-13T17:26:52.630
How-to *encrypt the password* to passing in plaintext to cmd, bat script;( script calls Keepass.exe) ? – Kiquenet – 2016-10-13T17:40:33.777
Again, what do you (@Kiquenet) mean by calling KeePass? Please make a complete question out of it instead. :) – Johny Skovdal – 2016-10-13T18:24:28.227