Support searching by arbitrary fields

KeePass Command Line Interface

Brought to you by: hightowe, perlsaiyan

#32 Support searching by arbitrary fields

Milestone: Next Release

Status: closed

Owner: Lester Hightower

Labels: None

Priority: 9

Updated: 2026-01-07

Created: 2026-01-07

Creator: Ben Boeckel

Private: No

It would be nice to be able to search by arbitrary fields (password, website, description, tags, notes, etc.). I accidentally pasted a password into a website and finding out which one it was so that I could change it out ended up being difficult because it was not possible to search by password (I ended up using KeePassXC which does support it).

Discussion

Lester Hightower - 2026-01-07

status: open --> pending

assigned_to: Lester Hightower

Priority: 5 --> 9
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Lester Hightower - 2026-01-07

The feature that you requested is almost fully implemented today:

KeePass CLI (kpcli-4.1.3) v4.1.3 is ready for operation. Type 'help' for a description of available commands. Type 'help <command>' for details on individual commands. kpcli-4.1.3:/> help find find: Finds entries Searches for entries with the given search term in their title and places matches into "/_found/". Add -a to search data fields beyond just the title: * title, username, comment, url, tags Use -expired to find expired entries.

I think the only gap is your request for "password" to be added to the -a list, and while I understand the "why" of your request, I am not sure that I will implement that because, in both File::KeePass and File::KDBX (the underlying modules that kpcli uses to interact with KeePass files), password information is encrypted when stored in RAM. The intended usage of the passwords in those entries is to access them one-at-a-time, and only the one being requested would be decrypted. To passwords across all entries, all of them would need to be decrypted concurrently. It is a tiny security risk with a potentially small but noticeable performance hit that I am not sure justifies this additional feature.

I am going to leave this ticket open to solicit your thoughts after seeing my followup here, and then decide.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ben Boeckel - 2026-01-07

Ah, I missed that, thanks.

Perhaps it can be a dedicated thing then so that the perf is not such a factor for the more common find command? The idea is for a "I've had a compromise of a password with contents 'warglebargle', please tell me what services I need to reset passwords at" use case.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Lester Hightower - 2026-01-07

status: pending --> closed

Group: Future (undetermined) --> Next Release
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Lester Hightower - 2026-01-07

It'll be in the next release and is in kpcli-DEVELOPMENT.pl on the head of the trunk now:

https://sourceforge.net/p/kpcli/code/HEAD/tree/trunk/

https://sourceforge.net/p/kpcli/code/72/tree//trunk/kpcli-DEVELOPMENT.pl?diff=6570cda74363ae34c51814f1:71

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ben Boeckel - 2026-01-07

Awesome! Thank you!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.