Locked

Trigger Examples


Examples of how to use the trigger system.

[Documentation contributed by Paul Tannard]


Info  Backup your database when you open KeePass

  1. Open KeePass and navigate to 'Tools' -> 'Triggers...'.
  2. Add a trigger.
  3. Call it something meaningful, like "Backup database on open".
  4. Tick the 'Enabled' and 'Initially on' boxes.
  5. Navigate to the 'Events' tab and add an event.
  6. Select 'Opened database file'. Don't bother with the comparison or filter.
  7. Navigate to the 'Actions' tab and add an action.
  8. Select 'Execute command line / URL'.
  9. In the 'File/URL' field enter this: %comspec%
  10. In the 'Arguments' field enter this:
    /c copy "{DB_PATH}" "C:\Backup\{DB_BASENAME}.{DT_SIMPLE}"

KeePass will now backup all databases when opening them.

How it works.
KeePass runs the command specified and replaces the placeholders as shown:

If your database was on drive E: and was called MyDB.kdbx, this is what you get as a command line:
%comspec% /c copy "E:\MyDB.kdbx" "C:\Backup\MyDB.20090626"

If you want to save the database to a different location, change the 'C:\Backup' to the correct location. Note: this command will fail if the location you specify does not exist.

USB Key
If you have your database on a USB key and use it on many machines, you don't want to leave a back up on the hard disk. You need to backup your database to the USB key before you save any changes.

10. In the 'Arguments' field enter this:
/c copy "{DB_PATH}" "{DB_DIR}\{DB_BASENAME}.{DT_SIMPLE}"

How it works.
KeePass runs the command specified and replaces the placeholders as shown:

Keep only the most recent 3 or 5 or 7 backups.
10. In the 'Arguments' field enter this:
/c for /f "skip=7 tokens=*" %X in ('dir "C:\Backup\{DB_BASENAME}.*" /b /o:-d') do del "C:\Backup\%X"

How it works.
This performs a "dir" in reverse date order on the backup files, skips the first 7 items and deletes the rest. The path and file name are quoted in case you have spaces in there. Note: you need to set the the path in 2 places so that it matches your backup location.


Info  Export to a different format when you save

  1. Open KeePass and navigate to 'Tools' -> 'Triggers...'.
  2. Add a trigger.
  3. Call it something meaningful, like "Export database on save".
  4. Tick the 'Enabled' and 'Initially on' boxes.
  5. Navigate to the 'Events' tab and add an event.
  6. Select 'Saved database file'. Don't bother with the comparison or filter.
  7. Navigate to the 'Actions' tab and add an action.
  8. Select 'Export active database'.
  9. In the 'File/URL' field a full path, file name and extension, e.g. C:\Export\Database.txt
  10. In the 'File format' field enter the required format. See format names below.
    Note: format names must be exact.

KeePass will now export the current database after it has been saved.

Format Names.


Info  Auditing KeePass changes

Should the auditors be on your case - aren't they always - you can set up a trigger to log changes to the KeePass database. This will not list the specific changes, but it does show who made the changes and when. If you also save copies of the changed database, you can view the modified time attribute to see what was changed.

  1. Open KeePass and navigate to 'Tools' -> 'Triggers'.
  2. Add a trigger.
  3. Call it something meaningful, like "Auditors do it because it annoys you".
  4. Tick the 'Enabled' and 'Initially on' boxes.
  5. Navigate to the 'Events' tab and add an event.
  6. Select 'Saved database file'. Don't bother with the comparison or filter.
  7. Navigate to the 'Actions' tab and add an action.
  8. Select 'Execute command line / URL'.
  9. In the 'File/URL' field enter this: %comspec%
  10. In the 'Arguments' field enter this:
    /c echo DBS change on %DATE% %TIME% by %USERDNSDOMAIN% %USERDOMAIN% %USERNAME% >> "\\servername\share\directory\KpLogRecord.txt"
  11. Add another action.
  12. Select 'Execute command line / URL'.
  13. In the 'File/URL' field enter this: %comspec%
  14. In the 'Arguments' field enter this:
    /c copy "{DB_PATH}" "\\servername\share\directory\{DB_BASENAME}.{DT_SIMPLE}"

To be sure the audit logs are retained, set up "\\servername\share\directory" with only write permission.

How it works.
KeePass runs the command specified and replaces the placeholders as shown:

This information is appended to the log file KpLogRecord.txt. The second action copies the saved database to the audit location and appends the date and time.


Info  Preventing infinite loops

KeePass can fall into an infinite loop if an action re-triggers itself, e.g. a save triggering a sync event will loop because the sync is classed as a save. To prevent this you need to disable the trigger whilst your event is running, then re-enable the trigger.

  1. Open KeePass and navigate to 'Tools' -> 'Triggers...'.
  2. Edit your existing trigger.
  3. Navigate to the 'Action' tab and add a new action.
  4. Select 'Change trigger on/off state'.
  5. Leave the 'Trigger name' field empty (this way the action applies to the currently running trigger).
  6. In the 'New state' field change the state to 'off'.
  7. Click 'OK' to save the action.
  8. Highlight the new action and move it to the top of the 'Actions' list by clicking on the 'up arrow' on the right.
  9. Add a new action.
  10. Select 'Change trigger on/off state'.
  11. Leave the 'Trigger name' field empty.
  12. In the 'New state' field change the state to 'on'.
  13. Click 'OK' to save the action.
  14. Make sure the action is at the bottom of the 'Actions' list.
  15. Save the event.

KeePass will now disable the trigger whilst the actions are performed.


Info  Synchronizing with DropBox

DropBox will sunchronize files between computers but it can't determine what changes KeePass has made, only that the database has changed. To ensure that KeePass changes are not lost by DropBox you need to use a second copy of the database that is just for the DropBox synchronization. Then use a KeePass trigger to move changes between KeePass and DropBox.

  1. Create a new directory to use for the DropBox synchronization. e.g. C:\Documents and Settings\Tom\My Documents\DropBoxSync
    Note: Do not use the current database location, you must have 2 copies of the database..
  2. Copy (do not move) the KeePass database you want to sync to the new directory..
  3. Open KeePass and navigate to 'Tools' -> 'Triggers...'.
  4. Add a trigger.
  5. Call it something meaningful, like "Prevent data loss by DropBox".
  6. Navigate to the 'Events' tab and add an event.
  7. Select 'Saved database file'.
  8. If you only want to sync a certain database set the 'File/URL comparison' to 'Equals' and the 'File/URL comparison' field to the required database name. Otherwise don't change the fields.
  9. Navigate to the 'Action' tab and add a new action.
  10. Select 'Change trigger on/off state'.
  11. Leave the 'Trigger name' field empty.
  12. In the 'New state' field change the state to 'off'.
  13. Click 'OK' to save the action.
  14. Add a new action.
  15. Select 'Synchronize the active database with a file/URL'.
  16. Enter the full path and name of your copy of the KeePass database in the 'File/URL' field. e.g. C:\Documents and Settings\Tom\My Documents\DropBoxSync\Mydatabase.kdbx
  17. Click 'OK' to save the action.
  18. Add a new action.
  19. Select 'Change trigger on/off state'.
  20. Leave the 'Trigger name' field empty.
  21. In the 'New state' field change the state to 'on'.
  22. Click 'OK' to save the action.
  23. Save the event.
  24. Set DropBox to synchronize the database in the DropBox sync directory.
  25. Perform these steps on all PCs that you will sync with DropBox.

How it works.
KeePass will always have the latest data created on the local PC master database and this cannot be overwritten by DropBox. When KeePass synchronizes the local databases Dropbox will migrate the changes to the other PCs local copies. KeePass on the other PCs will pick up these changes. Unless the databases on mulitple PCs change very often, Dropbox will eventually catch up.
The only way to lose data is if the same entry is changed on multiple databases before a Dropbox sync has occurred. This is a KeePass problem, not a Dropbox one.