While there is no shortage of commercial solutions that will work on OSX I found open source solutions to be wanting. KeePassX while popular (at least is appears that way) works best under Linux. So the goal with this project was to get KeePassX and OSX working well together. To get KeePassX and OSX working well together requires a bit of coding.
I came late to using Password Managers. I’ve had a history of creating a couple of really strong passwords that I use in multiple places. This has actually served me well however when I heard that LinkedIn had there password database leaked I decided it was time to review this. This was largely due to the realisation that I had the same password for Facebook.
The main reason I haven’t tried this in the past is largely due to trust. I don’t tend to trust other people with storing my passwords, especially closed source systems. I then did some research and came across KeePassX as probably the best alternative to a commercial solution. There was however a small issue with this. The auto-populated feature doesn’t work on OSX/MacOS. This is a bit of a deal breaker since it is my preferred platform.
After a bit more research into resolving this problem I came across a script written in AppleScript that solves the problem. Well at least it was supposed to. I download it and found that it didn’t work on El Capitan. The plus side being a script I was able to debug it myself.
What I found by going through the script is that it was configured to work with iTerm2, which is a replacement to Terminal. I’m still using Terminal so I have reverted back to using that instead of iTerm2. The next issue I found was that some websites didn’t work properly. They would open up to the login screen however the password would end up in the username box and nothing in the password box.
After looking at the non working pages I discovered that they don’t active the first element in the form. If you go to these pages you have to put your mouse pointer into the box and click before you can enter your username/password combination. To rectify this issue I added an option to activate the first input box on a login form. This resolved the issue. Using the Script
All you need to do to get the script working is add the following commands into the URL box.
For sites that auto select the username field
kpx://https?{USERNAME}:{PASSWORD}:url
For sites that do no
kpx://https??{USERNAME}:{PASSWORD}:url
For example to use this with CloudFlare use the following:
kpx://https?{USERNAME}:{PASSWORD}:www.cloudflare.com:443/a/login
Or with DigitalOcean use the following:
kpx://https??{USERNAME}:{PASSWORD}:cloud.digitalocean.com:443/login
To download the source go to https://github.com/bhutton/keepassx-autotyping-macosx.git or type the following into a Terminal session:
git clone https://github.com/bhutton/keepassx-autotyping-macosx.git
Installing the script
Note: These instruction were copied and modified from http://blog.miconda.eu/2015/03/update-of-keepassx-autotyping-on-mac-os.html. Download the kpx.as file from the GitHub repository using the above command
Open Script Editor from Applications => Utilities, paste the content of kpx.as into it and export it as ‘Application’, save it as kpx.app somewhere on your disk.
With a text editor like ‘vim’, edit kpx.app/Contents/PkgInfo and set the content to “APPLokpx” (no double quotes). Edit kpx.app/Contents/Info.plist and set the bundle signature to the last 4 letters of the value in PkgInfo file and add details about ‘kpx’ URL handling, you should get to something like this:
<key>CFBundleSignature</key>
<string>okpx</string>
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLName</key>
<string>KeePassX</string>
<key>CFBundleURLSchemes</key>
<array>
<string>kpx</string>
<string>kpx-ssh</string>
<string>kpx-http</string>
<string>kpx-https</string>
</array>
</dict>
</array>
Note: CFBundleSignature should be there already, just update the string value. CFBundleURLTypes (and the array value) must be added.
Save the files you edited and the execute kpx.app from Finder. This operation is registering the kpx URL handlers. The execution is practically exiting immediately, but afterwards Keepassx will be able to launch it for its registered URL schemes.
Copyright © 2020 | Ben Hutton