Manage and distribute your KeePass database with Git

This tutorial describes how to store your keepass db on the SDF in Git and access it from everywhere. It is based on KeePassX on Windows Vista, Debian Squeeze and NetBSD 4 but should work with any other OS supporting Git and KeePassX, KeePass or KeePass2.

Installation of Git

  • On Debian
    • apt-get install git
  • On Windows
    • Download and install msysgit
    • add c:\program files\keepassx\keepassx.exe to $PATH

Create server repository (e.g. on sdfeu.org)

cd ~
mkdir .git
cd .git
mkdir keepass
cd keepass
git –bare init

Create your local repository

cd ~
mkdir keepass
cd keepass
git init

Now copy the keepass.sh and your keepass db (here: keepass.kdb) to ~/keepass

git add keepass.sh keepass.kdb
git commit
git remote add origin user@odin.sdfeu.org:.git/keepass
git push origin master

Usage

  • Linux/Unix
    • cd ~/keepass
    • ./keepass.sh
  • Windows
    • Right-Click on the folder that contains the script and database
    • Click “Git BASH here”
    • ./keepass.sh

When you start the script, it will try to get the latest version of your keepass db. If there was no successful connection to the server, it will open a read-only version of keepass for you. If the Git pull was successful, the script generates a lock file globally and opens keepass. This prevents that you have opened keepass in write-mode on two or more locations simultanously. When you close keepass, all changes will be commited and pushed to your git server again.

The Script

#!/bin/bash
 
DB_FILE=keepass.kdb
 
# Check if KeePass has already been started
if [ -f ${DB_FILE}.lock ]; then
	echo "===================================="
	echo "KeePass seems to be already started "
	echo "===================================="
	exit
fi
 
# get latest version from Git server
git pull origin master
 
# Check if pull was unsuccessfull
if [ $? -gt 0 ]; then
	echo "===================================="
	echo "Can't connect to Git server"
	echo "Keepass db will be READONLY"
	echo "===================================="
	touch ${DB_FILE}.lock
	keepassx ${DB_FILE}
	rm ${DB_FILE}.lock
	exit
fi
# Check if keepass is already running somewhere else
if [ -f ${DB_FILE}.scriptlock ]; then
	echo "=========================================="
	echo "Keepass is already running somewhere else"
	echo "=========================================="
	exit
fi
 
# Create lock file
touch ${DB_FILE}.scriptlock
git add ${DB_FILE}.scriptlock
git commit -am "created lock file"
git push
 
# open Keepass
keepassx ${DB_FILE}
 
# delete lock file
rm ${DB_FILE}.scriptlock
git rm ${DB_FILE}.scriptlock
git commit -am "deleted lock file"
git push