Keepass Edge

[Raymond Freedman]

Oneof my primary work responsibilities is to handle the Linux environments not related to our ecommerce platform (although, as one of few devs, one of my primary responsibilities is basically everything). We're a big fan of the RHEL pipeline, so I use CentOS as my work environment. It bites occasionally, but, by and large, we don't run bleeding-edge stacks because they're, well, unsupported bleeding-edge stacks. I can find most of the software I need with older versions of Fedora or by just manually building things.

The rest of our network, like most of the offices I've ever worked in, runs on Windows. Until Microsoft releases Office for Linux, that means I'm stuck RDPing into terminal servers for things like Excel and Word. I've spent a serious chunk of time researching RDP clients. One of these days, I'd like to use Remmina, but their support for not-Ubuntu is pretty lacking. Instead, I settled on FreeRDP, the tool behind Remmina. Unlike Remmina, it actually works on CentOS (and all of the other flavors of Linux I've tried it on so far).

I use xfreerdp, the CLI for FreeRDP. There are two exposed APIs at the moment, one of which is deprecated and will be removed at some point. Of course, using an older, more stable version of Linux means that I'm stuck on the old API (I could rebuild from source or I could keep using the thing that works). A typical session looks like this for me:

On a given day, I'm in our financial VM, our SQL VM, an Office VM to work on TPS reports, our Windows testing VM, and maybe one or two others for various reasons. That's a lot of typing, especially since my work straddles two domains. I could alias all the commands using the password option, e.g.

I'm not actually sure how that works, and I couldn't find it in the docs. Point is it's not a great idea and storing your credentials in plaintext (either accidentally in your history or on purpose in a (chmod 400) secret file) is an even worse idea. Anyone with su access to you (you or root) can see it, and if you don't know what you're doing, you might expose it to more than those two groups.

Notice the custom string fields for each of the CLI options. To make sure I don't have enter/update those for every RDP entry, I next duplicate the account with references to the original fields and make a template:

Duplicating with references means all entries made from this template reference the original Windows user, so when I regularly change my password, I change it in one place. Same with a new domain, whatever. Next I make a subgroup of my Windows group and create a new auto-type:

The auto-type requires some explanation. I'm using KeePass to automatically type everything not in brackets. Everything in brackets is also typed by KeePass, but it's a variable. USERNAME, URL, and PASSWORD are all default KeePass variables (I haven't set the URL yet, in case you were about to point that out). S:Variable signifies a String Field. From the screenshots, I'm sure you can figure out what those were. The keystroke wizard (hit the star wand next to the text area) is a great resource and shows you everything you need to know, including other useful variables (like the URL: variables). If you're familiar with tools like AutoHotkey, this will be a breeze.

As much as I'd like to show you a video of it in action, I don't actually like Windows enough to set up a dummy environment to demo and I'm not going to put work credentials/addresses online for the same reasons I don't store my credentials in my history. Pretend I did, and be amazed that managing multiple CLI RDP sessions on Linux is as simple as clicking a button (or using global hotkeys!).

I've begun taking my online identity a bit more seriously and I'm building a collection of keys for everything. It's safe, but it's insanely annoying to have to re-enter all those passphrases more than once, say, a month.

But this of course could be something completely different, like different web services from the same provider like YouTube and Gmail by Google. Very much like SE where you have several websites but only use one user name and password.

I imagine something along the lines of having multiple entries for one and the same website, where KeePass would actually prompt you to choose which one you want to use. So you have several user names and passwords that use the same URL. But is it possible to have several URLs using the same user name and password, so that KeePass asks me "to which of the following three URLs do you want to auto-log into with this password"?

The new Browser Integration entry settings page has a list view with any additional URL's. These URL's are added to the entry attributes with KP2A_URL_, which means those are directly compatible with Keepass2Android.

If you use KeePass as a sort of bookmark manager for login pages, so you open URLs from KeePass and then login, rather than browsing to the login page in your browser and use KeePass's auto-type, then indeed creating multiple entries is what you want. (Your usage of full URL =en&continue= rather than just seems to suggest this.) Otherwise, this answer, with one entry per account matching multiple URLs might be a cleaner solution.

If you use KeePass with no plugins, then you presumably use a plugin/extension on the browser instead, i.e. a URL in Title Bar extension to add the current URL to the browser's window title, with either of these KeePass settings enabled:

In the case where the desired multiple URLs are exactly as described in the question, with the same domain name, the solution is simple, either use the domain ( ) as the URL, or check the second setting above.

But if you don't want to do either of these, or if the different URLs that you want to match are on different domains, then they can be added in the Auto-Type settings. For example, you have an entry with as the URL. You want to use the same account on Then go to the Entry's Auto-Type settings, click "Add" at "Use custom sequences for specific windows:"

Regular expressions are supported, so if you want to match all Stack Exchange sites, you can use //[a-z]*\.?stackexchange\.com/.*// as a third URL, which matches as well as (You could also use *stackexchange.com/* without using regular expressions; but this would also match )

If you don't use a browser extension to add the URL in window title, you use a KeePass plugin to match URLs, like I do, e.g. WebAutoType (Website). Then, the process of adding a second URL is similar, in the Auto-Type settings, but it is added explicitly as a URL:

This time, an asterisk is only needed at the end ( *), as it compares it explicitly to the address in the browser. If you want to match specifically to a single page rather than a domain, no asterisk is needed.

This is specifically for the URL field, not other custom Auto-Type settings you add. So you can just use in the entry's URL field, and * and * as the second and third URLs, thus matching all Stack Exchange sites without needing regular expressions.

A friendly approach with GUI oriented users in mind is using a KeePassRPC Plugin & Kee Browser extension The Kee browser extension is currently available for Firefox and Chrome, I've also tested it successfully on MS-Edge.

Benefit of the approach is, that the setup will work without regex or technical knowledge on the user side. The Functionally becomes available whenever KeePassRPC + Kee browser extension is installed.

KeePass is a legitimate open-source password management application. This is a free app that can be downloaded from its official website, however, since KeePass is open source, cyber criminals have released a number of malicious versions.

The original source code has been modified so that KeePass can track sensitive information and deliver intrusive advertisements. Therefore, in some cases, KeePass is classed as a potentially unwanted program (PUP) and adware.

As mentioned above, modified variants of KeePass deliver various intrusive advertisements, such as coupons, banners, pop-ups, and so on. These are delivered using tools that enable placement of third party graphical content on any site. Therefore, the ads often conceal underlying content, thereby significantly diminishing the browsing experience.

Furthermore, some might lead to malicious websites and run scripts designed to download/install malware or other PUPs. Therefore, even a single click can result in high-risk computer infections. Furthermore, malicious variants of KeePass record sensitive data, such as IP addresses, websites visited, search queries, and so on.

Having malicious variants of KeePass installed can thus lead to serious privacy issues or even identity theft. If this application has infiltrated your system without consent, immediately eliminate it. You are advised to download KeePass only from its official website, using a direct download link.

There are dozens of adware-type applications, all of which are virtually identical, including Ummi Video Downloader, Check And Switch, and Kimetrak - these are just some examples from many. Note that all offer 'useful functionality', however, adware-type applications are designed only to generate revenue for the developers.

Rather than delivering any real value for regular users, these programs deploy intrusive advertisements and gather sensitive information, thereby posing a direct threat to your privacy and Internet browsing safety.

Malicious variants of KeePass are distributed using a deceptive marketing method called "bundling", and the aforementioned intrusive advertisements. "Bundling" is essentially stealth installation of third party software with regular apps. Developers are not honest enough to disclose "bundled" PUP installations properly.

Therefore, they are hidden within "Custom/Advanced" settings of the download or installation processes. Furthermore, many users often skip download/installation steps and click advertisements without understanding the possible consequences.

To prevent system infiltration by PUPs, be very cautious when browsing the Internet and downloading/installing software. Intrusive advertisements typically seem legitimate, since developers invest many resources into their design, however, most redirect to dubious websites (gambling, adult dating, pornography, etc.) They are often delivered by adware-type apps, and thus, if you encounter them, immediately remove all suspicious applications and browser plug-ins.

3a8082e126