Differences
This shows you the differences between the selected revisions of the page.
| integration_keepass 2023-01-10 | integration_keepass 2026-06-02 (current) | ||
| Line 8: | Line 8: | ||
| ===== Defining Site ===== | ===== Defining Site ===== | ||
| - | Each KeePass password entry has a //[[https://keepass.info/help/base/autourl.html|URL]]// field, in addition to //Password// and //User name// fields. You can use the //%%URL%%// field to store other session data, particularly a hostname and a protocol, optionally also a port number (when using non-standard port). For example: ''%%sftp://example.com/%%''. | + | Each KeePass password entry has a //[[https://keepass.info/help/base/autourl.html|URL]]// field, in addition to //Password// and //Username// fields. You can use the //%%URL%%// field to store other session data, particularly a hostname and a protocol, optionally also a port number (when using non-standard port). For example: ''%%sftp://example.com/%%''. |
| &screenshotpict(keepass_entry) | &screenshotpict(keepass_entry) | ||
| Line 21: | Line 21: | ||
| <code> | <code> | ||
| - | cmd://"{ENV_PROGRAMFILES_X86}\WinSCP\WinSCP.exe" {BASE:SCM}://{USERNAME}:{PASSWORD}@{BASE:HOST}:{T-REPLACE-RX:/{BASE:PORT}/-1//}{BASE:PATH} {T-CONV:`{T-REPLACE-RX:|{BASE:QUERY}|^\?||}`Uri-Dec`} | + | cmd://"{ENV_PROGRAMFILES_X86}\WinSCP\WinSCP.exe" {BASE:SCM}://{USERNAME}:{PASSWORD}@{BASE:HOST}:{T-REPLACE-RX:/{BASE:PORT}/-1//}{BASE:PATH} |
| </code> | </code> | ||
| The ''%%{T-REPLACE-RX:/{BASE:PORT}/-1//}%%'' is a workaround for KeePass resolving the ''{BASE:PORT}'' placeholder to ''-1'', when a password entry //%%URL%%// field does not specify the port explicitly and KeePass does not know the protocol (such as ''sftp'') to substitute a standard port. | The ''%%{T-REPLACE-RX:/{BASE:PORT}/-1//}%%'' is a workaround for KeePass resolving the ''{BASE:PORT}'' placeholder to ''-1'', when a password entry //%%URL%%// field does not specify the port explicitly and KeePass does not know the protocol (such as ''sftp'') to substitute a standard port. | ||
| - | |||
| - | The ''%%{T-CONV:`{T-REPLACE-RX:|{BASE:QUERY}|^\?||}`Uri-Dec`}%%'' to pass ''{BASE:QUERY}'' to WinSCP.exe as parameters. | ||
| See KeePass documentation for [[https://keepass.info/help/base/placeholders.html|placeholders]]. | See KeePass documentation for [[https://keepass.info/help/base/placeholders.html|placeholders]]. | ||
| Repeat override definition for each protocol you want to use with WinSCP (''sftp'', ''ftp'', ''ftps'', ''ftpes'', ''scp'', ''http'', ''https''). If you want to use [[webdav|WebDAV]] sessions, but you want to keep ''http'' protocol reserved for a web browser, you can use [[integration_url#winscp|WinSCP-specific protocol]] ''winscp-http''. | Repeat override definition for each protocol you want to use with WinSCP (''sftp'', ''ftp'', ''ftps'', ''ftpes'', ''scp'', ''http'', ''https''). If you want to use [[webdav|WebDAV]] sessions, but you want to keep ''http'' protocol reserved for a web browser, you can use [[integration_url#winscp|WinSCP-specific protocol]] ''winscp-http''. | ||
| + | |||
| + | //For improvements that allow passing additional parameters to WinSCP, see [[https://github.com/abakum/KeePassURLOverride|KeePassURLOverride project]].// | ||
| ===== Opening URL/Site ===== | ===== Opening URL/Site ===== | ||
| Line 38: | Line 38: | ||
| KeePass %%URL%% override rules pass the passwords to WinSCP via [[commandline|command-line]]. Command-line used to run any process is not secured in memory, thus it may be read by malicious processes on your machine. | KeePass %%URL%% override rules pass the passwords to WinSCP via [[commandline|command-line]]. Command-line used to run any process is not secured in memory, thus it may be read by malicious processes on your machine. | ||
| - | Alternative solution is to use KeePass to manage host name and username information only and use private key authentication using [[ui_pageant|Pageant]], instead of password. To implement this, remove a reference to password from //%%URL%% Override// field (''%%:{PASSWORD}%%''). | + | Alternative solution is to use KeePass to manage hostname and username information only and use private key authentication using [[ui_pageant|Pageant]], instead of password. To implement this, remove a reference to password from //%%URL%% Override// field (''%%:{PASSWORD}%%''). |
| For more direct integration with KeePass, see the KeePass plugin [[https://keepass.info/plugins.html#keeagent|KeeAgent]]. | For more direct integration with KeePass, see the KeePass plugin [[https://keepass.info/plugins.html#keeagent|KeeAgent]]. | ||
| For best security, it is good practice to limit how many processes you trust to securely handle your sensitive data. For this reason, we recommend you manage your sites on WinSCP [[ui_login|Login window]] and use a strong WinSCP [[master_password|master password]] to protect them. | For best security, it is good practice to limit how many processes you trust to securely handle your sensitive data. For this reason, we recommend you manage your sites on WinSCP [[ui_login|Login window]] and use a strong WinSCP [[master_password|master password]] to protect them. | ||
| - | |||
| - | For this on %%URL%% Override window, to //Scheme// field, enter ''winscp''. In //%%URL%% Override// field, enter: | ||
| - | |||
| - | <code> | ||
| - | cmd://"{ENV_PROGRAMFILES_X86}\WinSCP\WinSCP.exe" {USERNAME}@{BASE:HOST}{BASE:PATH} {T-CONV:`{T-REPLACE-RX:|{BASE:QUERY}|^\?||}`Uri-Dec`} | ||
| - | </code> | ||
| - | |||
| - | The ''%%{USERNAME}@{BASE:HOST}%%'' to pass to WinSCP.exe not as URL, but as previously configured Site. | ||