Recently, we have been getting more and more requests from new Passwordstate customers asking how to import their data from KeePass. Because of these requests, we’ve now created a Powershell script which can be used in conjunction with our API. Our goal with this is to not only import the passwords from KeePass, but to also replicate the structure of the KeePass Groups in Passwordstate.
For customers not familiar with Passwordstate, the equivalent of a “Group” in KeePass is a “Password List” in Passwordstate. We also have the concept of “Folders” which allow you to logically group Password Lists together. If you follow the process below, it will create a Folder called KeePass Import in the root of Passwords Home, and will contain one Password List for every Group you have in KeePass. It will then import the relevant passwords inside each Password List.
We highly recommend taking a backup of your Passwordstate database prior to performing this import. You can either use the automatic backup feature within Passwordstate, or possibly use SQL Management Studio Tools instead.
Exporting from KeePass in the Correct Format:
If you would like to migrate your passwords from KeePass to Passwordstate, you will need to export them as a csv file, which Passwordstate reads correctly. The best version of KeePass to do this in is the Classic version and must be at least Version 1.31. The Classic version has better options when exporting, allowing you to select which attributes of your passwords you would like to insert into the csv file. If you are using KeePass Professional, you will need to transfer all of your passwords to the Classic version. To do this:
- Open KeePass Professional and click File -> Export
- Select KeePass KDB (1.x)
- Select a place on your local disk to save the export to, and click OK
- If you get an error saying “This file format does not support root groups” click Close
- Open KeePass Classic
- Click File -> Import -> KeePass Database…
- Open the .kdb file you generated in the export process above
- Enter in the Master Password for your exported database and click OK
- Click File -> Export -> CSV File…
- Save the .csv to somewhere local like D:\KeePass-Import\Passwords.csv
- Under the fields to export, ensure you also tick “Group” and click OK
**Important** Once you have exported this .csv file, DO NOT modify and save in Excel in any way. This can make the .csv file unreadable for the purpose of this exercise.
Preparing Passwordstate for the import
1. In Passwordstate, under the Passwords menu, create a new Password List Template. This process will be copying the settings and permissions from this template when setting up your data.
2. On the Template, ensure you deselect the “Prevent saving of Password Record is ‘Bad’ password is detected“:
3. Also on the same Template, ensure you select the URL field as follows, and save it:
4. Apply appropriate permissions to the template via the Actions Menu. Any user you give access to on this screen will get access to all passwords you import from KeePass. If need be, you can easily modify permissions after you’ve completed this import process:
5. Press the Toggle ID Column Visibility and take note of the TemplateID:
6. Download the Import-Keepass.zip file from the Click Studios web site, and extract the contents into the same folder as your exported KeePass .csv file.
7. Take note of your System Wide API key in Passwordstate, which can be found under Administration -> System Settings -> API Keys. If you need to, you can generate a new one:
8. Open the extracted import-keepass.ps1 file in your favorite Powershell scripting tool, and modify the top 4 variables to reflect the correct information about your environment. You will need to enter your Passwordstate URL, the exact path your exported .csv file, your system wide API key, and your Template ID:
9. If you now run your Powershell script, you should notice a KeePass Import folder in Passwordstate, along with Multiple Password Lists which are named the same as all your groups and sub-groups from KeePass. They will also contain all the relevant passwords:
10. If you like, you can create some Folders in Passwordstate and begin dragging and dropping your new Password Lists as appropriate.
If you need any help with this at all, you are welcome to contact us on email@example.com.