KdbxWeb: KeePass KDBX Database Reader/Writer
KdbxWeb is a high-performance JavaScript library for reading and writing KeePass v2 databases, specifically supporting Kdbx3 and Kdbx4 file formats. It functions seamlessly in both Node.js environments and modern web browsers, maintaining a compact size of approximately 130kB including its internal dependencies. Key features include fast encryption powered by WebCrypto, secure in-memory handling of protected values using XORing, and robust capabilities for conflict-free merging of database states. While offering comprehensive Kdbx feature support, it's crucial to note that the library does not support older KeePass v1 `.kdb` files. For Kdbx4 files utilizing Argon2, users are required to provide their own Argon2 implementation, as it's not bundled to allow for optimal platform-specific performance choices. The current stable version is 2.1.1, with releases typically following development needs rather than a fixed cadence.
Common errors
-
Error: Argon2 is not implemented. Set it via CryptoEngine.setArgon2Impl
cause Attempting to load a KDBX4 database file that uses Argon2 as its Key Derivation Function (KDF) without providing a custom Argon2 implementation to kdbxweb.fixYou must provide a JavaScript implementation of Argon2 to `kdbxweb.CryptoEngine.setArgon2Impl()`. This often involves integrating a dedicated Argon2 library for your environment (e.g., `argon2-browser` for web or an `argon2` package for Node.js). -
Error: Cannot read properties of undefined (reading 'length')
cause This error can occur if you try to load an unsupported Kdbx v1 (`.kdb`) file. The library expects a Kdbx v2 (`.kdbx`) file format.fixVerify that the database file you are attempting to load is a Kdbx v2 or v4 `.kdbx` file. Older `.kdb` files are not supported. If you have a `.kdb` file, you need to convert it to `.kdbx` using the KeePass desktop application.
Warnings
- breaking For KeePass KDBX4 files that utilize Argon2 as their Key Derivation Function (KDF), KdbxWeb requires developers to provide their own Argon2 implementation. The library does not bundle Argon2 due to the complexity of providing a universally fast and efficient solution across various JavaScript environments (Node.js, browser, Web Workers). Failing to set an Argon2 implementation will prevent opening KDBX4 files encrypted with Argon2.
- gotcha KdbxWeb explicitly does not support older KeePass v1 database files (those with a `.kdb` extension). It is designed exclusively for KeePass v2 and later, which use the `.kdbx` format (Kdbx3 and Kdbx4). Attempts to load a `.kdb` file will result in an error.
- gotcha While KdbxWeb supports conflict-free merging of entries, groups, and metadata, merging of entry history and certain non-critical meta fields in a peer-to-peer fashion can lead to 'phantom records' or unintentional deletions. Correct entry history merging is primarily supported with one central replica.
Install
-
npm install kdbxweb -
yarn add kdbxweb -
pnpm add kdbxweb
Imports
- Kdbx
const Kdbx = require('kdbxweb').Kdbx;import { Kdbx } from 'kdbxweb'; - Credentials
const Credentials = require('kdbxweb').Credentials;import { Credentials } from 'kdbxweb'; - ProtectedValue
const ProtectedValue = require('kdbxweb').ProtectedValue;import { ProtectedValue } from 'kdbxweb'; - CryptoEngine
const CryptoEngine = require('kdbxweb').CryptoEngine;import { CryptoEngine } from 'kdbxweb';
Quickstart
import { Kdbx, Credentials, ProtectedValue, Consts, CryptoEngine } from 'kdbxweb';
// Dummy Argon2 implementation for KDBX4 support (required for real-world use)
CryptoEngine.setArgon2Impl((password, salt, memory, iterations, length, parallelism, type, version) => {
// In a real application, you'd use a robust Argon2 library here (e.g., argon2-browser).
// This is a placeholder for demonstration purposes and will not actually hash.
console.warn('Using dummy Argon2 implementation. Provide a real one for KDBX4 support.');
const dummyHash = new Uint8Array(length).fill(0xAA);
return Promise.resolve(dummyHash);
});
async function manageKeePassDatabase() {
const masterPassword = ProtectedValue.fromString('mySuperSecretPassword');
const credentials = new Credentials(masterPassword);
// 1. Create a new database
console.log('Creating a new database...');
let newDb = Kdbx.create(credentials, 'My New KeePass Database');
newDb.setKdf(Consts.KdfId.Aes); // Set KDF to AES
const defaultGroup = newDb.getDefaultGroup();
const subgroup = newDb.createGroup(defaultGroup, 'Web Logins');
const entry = newDb.createEntry(subgroup);
entry.fields.Title = 'Example Website';
entry.fields.UserName = 'demo';
entry.fields.Password = ProtectedValue.fromString('demoPass123');
entry.fields.URL = 'https://example.com';
// 2. Save the new database
const newDbBuffer = await newDb.save();
console.log(`New database saved. Size: ${newDbBuffer.byteLength} bytes`);
// 3. Load the database back (simulating opening an existing file)
console.log('Loading database from buffer...');
const loadedDb = await Kdbx.load(newDbBuffer, credentials);
const loadedEntry = loadedDb.getDefaultGroup().groups[0].entries[0];
console.log(`Loaded entry title: ${loadedEntry.fields.Title}`);
console.log(`Loaded entry username: ${loadedEntry.fields.UserName}`);
console.log(`Loaded entry password: ${loadedEntry.fields.Password.getText()}`);
// 4. Update credentials and save again
console.log('Changing master password and saving...');
const newMasterPassword = ProtectedValue.fromString('evenMoreSecurePassword');
loadedDb.credentials.setPassword(newMasterPassword);
const updatedDbBuffer = await loadedDb.save();
console.log(`Database updated and saved. New size: ${updatedDbBuffer.byteLength} bytes`);
console.log('Database operations complete.');
}
manageKeePassDatabase().catch(console.error);