#1973 Keepass shows the path of my key

[alexay]

Hello
one thing bothers me enormously in keepass 2 :

If someone is next to me in front of my computer screen,he sees the path of the key which is displayed ! see my screen
and one day when i am away for 5 minutes
he just has to go to the path, plug in a usb stick and copy paste my key in its usb key
he starts his keepass at his home with my key and he will have all my passwords ! :(

can you make an option to hide the path please? thank you in advance for this very important detail

[wellread1]

This is not a bug. KeePass provides for three master key components that can be used to protect your database. The user is responsible for picking master key components that are appropriate for a particular environment.

A key file is a specialized master key component that contains a secret that protects the database. The path to the key file is not a secret and it is not practical to keep it secret. See the KeePass Composite Master Key documentation. It is the user's responsibility to make sure the key file is always safe and secure, for example by not leaving it unattended. A key file is not appropriate if your operational practices or other aspects of the environment preclude you from keeping the key file safe and secure.

If you would like to be reminded not to open your database when " someone is next to me in front of my computer screen" then you can uncheck "Remember key sources" in Tools>Options>Advanced(tab)>Advanced(section). Your key file path won't be automatically displayed on the 'Enter Master Key' dialog. You will need to navigate to your key file each time you open your database. That extra step should suffice to remind you not to open your database when others can view your screen.

[wellread1]

It appears from your screenshot that you might have been referring to the password database (kdbx file) path, not a key file which is a database master key component. In either case, it is not a bug to show a password database file path or a key file path.

The same logic that applies to a key file path applies to the password database file path. It is not a secret, and it is not practical to hide its path. In any event, a password database file is protected by your database master key. If the master key is strong and you don't reveal it, then a copy of the password database is useless. However, if you leave your open database unattended, then data contained in it is vulnerable.

If you don't want to display the Enter Master Key dialog on KeePass startup you can uncheck Remember and automatically open last used database on startup in Tools>Options>Advanced(tab)>Start and Exit(section). You will need to manually navigate to your database when KeePass starts up or use the File>Open Recent menu. This menu can also be disabled if desired in Tools>Options>Intergration(tab) set Remember recently used files to 0.

[alexay]

hello thanks for your reply
yes i made a mistake, i should have written my post in tab :
tickets>feature requests and no " bugs " i apologize

I tried your 2 procedures but that's not what i'm looking for at all
It's the password database (kdbx file) path that i don't want that keepass shows (like on my screen surrounded in red)
how to do? :( thanks in advance

[Paul]

You can't prevent it showing on the master key window - you need to know which database you are opening if you have more than one.

As wellread said, the database path is not a secret, your master key contents is.

cheers, Paul