For the past six years or so, my go-to password manager has been KeePassXC. In that time, KeePassXC has been nothing short of fantastic. Even better, combining KeePass with Syncthing allows me to have all of my passwords on all of the devices that need them. This includes my phone, on which I use KeePassDX.
Sounds great, right? Well it is! Why the change, then? Other than genuine curiosity, I've found that KeePass no longer integrates as well into my workflow as it used to. Over the years, my computing habits have not only trended more towards UNIX-like operating systems, but have also become more command line focused. In fact, the only GUI applications that I use with any sort of frequency are Firefox and Darktable. KeePassXC is from a more graphical time in my life. As such, needing to fire up an entire GUI application in order to grab a password is becoming to feel a bit inelegant.
Enter pass - the standard password manager. I'm aware that there exists cli programs for KeePass, but I'm drawn towards the file system oriented nature of pass. Also, having credentials stored in individual files allows me to access them independent of any password manager, should I ever want to do that.
First we'll need our current password database. Easy enough, we've got a couple options. KeePassXC allows you to export your database.
Take caution, as the database will be exported to an unencrypted .csv file. If the thought of your passwords being in an unprotected file makes you squeamish, there is another option. pass has a number of extensions, one of which being [pass-import](https://github.com/roddhjav/pass-import). This extension allows us to import straight from KeePass' database, without the need for the csv middle man. This is the method I used.
Substituting your package manager of choice, run sudo apt install pass
On Debian / Ubuntu based distros, pass-import lives in its own repository. Execute the following commands to add the repo and install pass-import. Instructions for other distributions can be found at pass-import's github.
wget -qO - https://pkg.pujol.io/debian/gpgkey | sudo apt-key add -
echo 'deb [arch=amd64] https://pkg.pujol.io/debian/repo all main' | sudo tee etc/apt/sources.list.d/pkg.pujol.io.list
sudo apt update
sudo apt install pass-extension-import
I also needed to install pykeepass. - sudo apt install python3-pykeepass
Now you'll need to set up a gpg key if you haven't already. gpg --gen-key and follow the on screen steps. Afterwards, gpg --list-keys should show you your newly created gpg key. This will be used to create our pass store.
With a newly generated gpg key in hand, we can create a new password store. pass init [8-digit gpg key OR email that you provided]. With that created, the KeePass database can now be imported. Navigate to the location of your .kdbx file and run pass import keepassxc file.kdbx. You should be prompted with your KeePass database password, and the import process should begin. Running pass show should present you with all of the entries in your KeePass database. KeePass's folder structure is also retained.
I'm liking what I'm seeing so far. Grabbing a password from pass integrates much better into my setup than KeePass. The next steps are to set pass up on my phone, and synchronize my pass store with my other devices.