Differences
This shows you the differences between the selected revisions of the page.
| integration_keepass 2017-10-09 | integration_keepass 2026-06-02 (current) | ||
| Line 8: | Line 8: | ||
| ===== Defining Site ===== | ===== Defining Site ===== | ||
| - | Each KeePass password entry has a //[[https://keepass.info/help/base/autourl.html|URL]]// field, in addition to //Password// and //User name// fields. You can use the //%%URL%%// field to store other session data, particularly a hostname and a protocol, optionally also a port number (when using non-standard port). For example: ''%%sftp://example.com/%%''. | + | Each KeePass password entry has a //[[https://keepass.info/help/base/autourl.html|URL]]// field, in addition to //Password// and //Username// fields. You can use the //%%URL%%// field to store other session data, particularly a hostname and a protocol, optionally also a port number (when using non-standard port). For example: ''%%sftp://example.com/%%''. |
| &screenshotpict(keepass_entry) | &screenshotpict(keepass_entry) | ||
| Line 16: | Line 16: | ||
| To make the URLs in password entries working, define a [[https://keepass.info/help/base/autourl.html#override|URL override rule]] in KeePass Options. | To make the URLs in password entries working, define a [[https://keepass.info/help/base/autourl.html#override|URL override rule]] in KeePass Options. | ||
| - | In KeePass 2.x ((See [[https://keepass.info/help/base/autourl.html#override|KeePass documentation]] for instructions for KeePass 1.x)) main window go to menu //Tools > Options//. Go to //Integration// tab and press //%%URL%% Overrides// button. On %%URL%% Overrides window press //Add// button. | + | In KeePass 2.x ((See [[https://keepass.info/help/base/autourl.html#override|KeePass documentation]] for instructions for KeePass 1.x.)) main window go to menu //Tools > Options//. Go to //Integration// tab and press //%%URL%% Overrides// button. On %%URL%% Overrides window press //Add// button. |
| On %%URL%% Override window, to //Scheme// field, enter protocol you want to handle with WinSCP, e.g. ''sftp'' or ''ftp''. In //%%URL%% Override// field, enter: | On %%URL%% Override window, to //Scheme// field, enter protocol you want to handle with WinSCP, e.g. ''sftp'' or ''ftp''. In //%%URL%% Override// field, enter: | ||
| <code> | <code> | ||
| - | cmd://"{ENV_PROGRAMFILES_X86}\WinSCP\WinSCP.exe" {BASE:SCM}://{USERNAME}:{PASSWORD}@{BASE:HOST}:{T-REPLACE-RX:/{BASE:PORT}/-1//} | + | cmd://"{ENV_PROGRAMFILES_X86}\WinSCP\WinSCP.exe" {BASE:SCM}://{USERNAME}:{PASSWORD}@{BASE:HOST}:{T-REPLACE-RX:/{BASE:PORT}/-1//}{BASE:PATH} |
| </code> | </code> | ||
| Line 29: | Line 29: | ||
| Repeat override definition for each protocol you want to use with WinSCP (''sftp'', ''ftp'', ''ftps'', ''ftpes'', ''scp'', ''http'', ''https''). If you want to use [[webdav|WebDAV]] sessions, but you want to keep ''http'' protocol reserved for a web browser, you can use [[integration_url#winscp|WinSCP-specific protocol]] ''winscp-http''. | Repeat override definition for each protocol you want to use with WinSCP (''sftp'', ''ftp'', ''ftps'', ''ftpes'', ''scp'', ''http'', ''https''). If you want to use [[webdav|WebDAV]] sessions, but you want to keep ''http'' protocol reserved for a web browser, you can use [[integration_url#winscp|WinSCP-specific protocol]] ''winscp-http''. | ||
| + | |||
| + | //For improvements that allow passing additional parameters to WinSCP, see [[https://github.com/abakum/KeePassURLOverride|KeePassURLOverride project]].// | ||
| ===== Opening URL/Site ===== | ===== Opening URL/Site ===== | ||
| Line 36: | Line 38: | ||
| KeePass %%URL%% override rules pass the passwords to WinSCP via [[commandline|command-line]]. Command-line used to run any process is not secured in memory, thus it may be read by malicious processes on your machine. | KeePass %%URL%% override rules pass the passwords to WinSCP via [[commandline|command-line]]. Command-line used to run any process is not secured in memory, thus it may be read by malicious processes on your machine. | ||
| - | Alternative solution is to use KeePass to manage host name and username information only and use private key authentication using [[ui_pageant|Pageant]], instead of password. To implement this, remove a reference to password from //%%URL%% Override// field (''%%:{PASSWORD}%%''). | + | Alternative solution is to use KeePass to manage hostname and username information only and use private key authentication using [[ui_pageant|Pageant]], instead of password. To implement this, remove a reference to password from //%%URL%% Override// field (''%%:{PASSWORD}%%''). |
| For more direct integration with KeePass, see the KeePass plugin [[https://keepass.info/plugins.html#keeagent|KeeAgent]]. | For more direct integration with KeePass, see the KeePass plugin [[https://keepass.info/plugins.html#keeagent|KeeAgent]]. | ||
| For best security, it is good practice to limit how many processes you trust to securely handle your sensitive data. For this reason, we recommend you manage your sites on WinSCP [[ui_login|Login window]] and use a strong WinSCP [[master_password|master password]] to protect them. | For best security, it is good practice to limit how many processes you trust to securely handle your sensitive data. For this reason, we recommend you manage your sites on WinSCP [[ui_login|Login window]] and use a strong WinSCP [[master_password|master password]] to protect them. | ||