29

What's the best way to share certain passwords that are stored in a Keepass database?

For example, I want to share certain Banking Passwords with a family member, but I don't want to share my work passwords (or my personal Keepass database password)

Hennes
  • 65,804
  • 7
  • 115
  • 169
Dan Esparza
  • 1,248

6 Answers6

32

I work voluntarily on various IT related projects, where we are groups of people that share passwords, and the different groups all share their own KeePass databases via Dropbox. All users are then required to have a personal KeePass database wherein the key to the shared databases are stored. This allows us to have a very secure password on our shared databases, but also requires that the different users also use secure passwords for their private databases.

This process is then simplified further by this neat "trick" I found on the KeePass forum (slightly modified/improved):

  1. Create an entry in your personal database with the Password for the shared database
  2. On the advanced tab create a field named DbPath and with the value of where the shared database is located.
  3. Set the Url value to: cmd://"{APPDIR}\KeePass.exe" "{s:DbPath}" -pw-enc:{PASSWORD_ENC}
    Alternatively, if path doesn't fit, @lonstar suggested this edit, where you also set a variable for the KeePass path: cmd://"{s:KeePassPath}" "{s:DbPath}" -pw-enc:{PASSWORD_ENC}
  4. Now, when you want to open the shared database, mark the entry and press CTRL + U.

Hope you find this approach as useful as I did. :)

UPDATE

I do not know your reasoning behind choosing KeePass (I personally prefer it), but it sounds like your needs could be better met using LastPass that has sharing features built in.

Johny Skovdal
  • 1,265
13

I usually just create different database files and share them with a Dropbox link, having two different files with two different random keys. I'm using version 2.09.

I have a "personal.kdbx" database that has all my personal stuff and a "company-name.kdbx". I usually use the "key file" option to open the databases since it's easier to the people I share with to copy it to an old USB drive and say "this drive is needed to open the passwords in the file, DO NOT lose this flash drive".

I don't know if this approach is a good one to your scenario, I think you're looking for some kind of "groups permissions" in a single *.kdbx file. I don't think this is possible. I haven't seen this option on the KeePass website or in the documentation.

Glorfindel
  • 4,158
GmonC
  • 2,402
4

KeePassXC has a dedicated KeeShare feature for this. In short:

  1. Enable the feature under Tools > Settings > KeeShare (allow import and/or export)
  2. Create a new group
  3. Right click the group -> Edit group -> Select KeeShare
  4. Set Type, Path, Password

This will create a new DB under the given path and password. Others can do just the same. The shared container will be auto-imported when opening your DB. In case synchronize is used, entries are automatically exported/imported. Import will just sync with the existing folder contents in your own DB.

ub_marco
  • 41
1

You can also install a plugin in Keepass. I know that a Canadian company, Secure Exchanges, has developed an addin for Keepass that is used to share registration information via secure email. I use it for myself and it works very well.

Your contact will receive a secure email, which you can also protect with a password if you wish, and they will have access to your "password" without you having to share your comic or create a new user.

If you change your password afterwards, they will only receive it if you share it again.

Sylvain Richard
  • 11
  • 1
1

Keep two separate databases (for your Banking passwords and one for your personal passwords).

You can then use use the Windows home sharing feature (in Win7) and share the .kdbx file for your banking passwords with a certain computer at home.

I would usually use a separate (specially created) email account where I would upload my personal .kdbx file as a backup. You can use this method to share your Bank passwords database with a person who knows the username and password for the email service where you uploaded the .kdbx.

Roger Johnson
  • 33
-1

There is a fork. KeepassXC Where you can share a password group with others. https://keepassxc.org/

Richard de Ree
  • 1