Home
keepassxc-cryptomator is a plugin that extends the functionality of Cryptomator. With this plugin configured, Cryptomator can use a KeePassXC database as a backend to store and retrieve passwords for vaults:
The plugin is feature complete.
Updated versions of keepassxc-cryptomator are published as releases in this same GitHub repository.
Below each release, in the Assets section, there is a jar-file called keepassxc-cryptomator-RELEASE_TAG.jar that is the ready-to-use plugin.
The plugin is implemented as an uber-jar that consists of a couple of jar files - its dependencies:
[INFO] Replacing /home/runner/work/keepassxc-cryptomator/keepassxc-cryptomator/target/keepassxc-cryptomator-1.2.5.jar with /home/runner/work/keepassxc-cryptomator/keepassxc-cryptomator/target/keepassxc-cryptomator-1.2.5-shaded.jarThe jar-file keepassxc-cryptomator-RELEASE_TAG.jar just needs to be copied to Cryptomator which enables and configures the plugin for Cryptomator. The steps for different environments are described below.
With PR 1759 Cryptomator introduces a configurable pluginDir, where the plugin can be copied into.
This functionality can be used since Cryptomator release 1.6.0 Beta 2.
The default values for the pluginDir on an unchanged Crytomator installation on the different operating systems are:
| OS | Default Dir |
|---|---|
| Mac | ~/Library/Application Support/Cryptomator/Plugins |
| Linux | ~/.local/share/Cryptomator/plugins |
| Windows | %homepath%\AppData\Roaming\Cryptomator\Plugins |
Copy the plugin file into the appropriate directory and start Cryptomator. That's all. The new password backend can be choosen on the General tab of the Cryptomator preferences as shown in the screenshot above.
A note on how Cryptomator enables password backends (the keepasxc-cryptomator plugin is one of them) on statup: Cryptomator checks on startup, what backends are available. Every available backend gets configured and will show up in the prefs dialog. If it's not there, Cryptomator hadn't configured it and won't be able to use it.
Therefore KeePassXC needs to be running when Cryptomator starts and the browser integration needs to be enabled in the KeePassXC preferences. Checking "Request to unlock the database if it is locked" is good enough. Otherwise using the plugin will not work. If the plugin jar is found by Cryptomator on startup, but KeePassXC is not running, the error message ERROR org.keepassxc.WindowsConnection - Cannot connect to proxy. Is KeepassXC started? is written to the logs, but the plugin is not configured in this case and Cryptomator won't be able to use it.
When Cryptomator has been compiled via the CLI with mvn clean install, a target/libs folder gets created.
The plugin file just needs to be copied to the target/libs folder and your are good to go.
Just start the according launcher-script that is right for your operating system.
Update - this does not work at the moment due to PR 1744, as there is no working launcher-script at the moment.
Plugin releases are signed. It is wise and more secure to check out for their integrity.
You can check that the version of the keepassxc-cryptomator plugin that you want to install is original and unmodified by verifying the file's signature.
For example, to check the signature of the file keepassxc-cryptomator-1.2.5.jar, you can use this command:
$ gpg --verify keepassxc-cryptomator-1.2.5.jar.sig keepassxc-cryptomator-1.2.5.jar
You should sees something like the following output:
gpg: Signature made Fri Mar 22 17:30:58 2024 CET
gpg: using RSA key 54CF8E1F55CE7E977A0E41895BFB2076ABC48776
gpg: Good signature from "Ralph Plawetzki <[email protected]>" [unknown]
If you are missing the signing key to verify the download, you can get it from a keyserver or on the CLI: gpg --keyserver keys.openpgp.org --search-keys 54CF8E1F55CE7E977A0E41895BFB2076ABC48776.