Jump to content

Importing from KeePass into Passwordstate

Recommended Posts


The process below will import all of your KeePass data into Passwordstate.  We highly recommend taking a backup of your Passwordstate database prior to performing this import.  You can either use the automatic backup feature within Passwordstate, or possibly use SQL Management Studio Tools instead.


Exporting from KeePass in the Correct Format:

If you would like to migrate your passwords from KeePass to Passwordstate, you will need to export them as a csv file, which Passwordstate reads correctly.  The best version of KeePass to do this in is the Classic version and must be at least Version 1.31.  The Classic version has better options when exporting, allowing you to select which attributes of your passwords you would like to insert into the csv file.  If you are using KeePass Professional, you will need to transfer all of your passwords to the Classic version.  To do this:


1. Open KeePass Professional and click File -> Export

2. Select KeePass KDB (1.x)

3. Select a place on your local disk to save the export to, and click OK

4. If you get an error saying "This file format does not support root groups" click Close

5. Open KeePass Classic

6. Click File -> Import -> KeePass Database...

7. Open the .kdb file you generated in the export process above

8. Enter in the Master Password for your exported database and click OK

9. Click File -> Export -> CSV File...

10. Save the .csv to somewhere local like D:\KeePass-Import\Passwords.csv

11. Under the fields to export, ensure you also tick "Group" and click OK



**Important** Once you have exported this .csv file, DO NOT modify and save in Excel in any way.  This can make the .csv file unreadable for the purpose of this exercise.



Preparing Passwordstate for the import


1. In Passwordstate, under the Passwords menu, create a Password List Template.  This process will be copying the settings and permissions from this template when setting up your data.

2. On the Template, ensure you deselect the "Prevent saving of Password Record is 'Bad' password is detected":



3. Also on the same Template, ensure you select the URL field as follows, and save it:



4. Apply appropriate permissions to the template via the Actions Menu.  Any user you give access to on this screen will get access to all passwords you import from KeePass.  If need be, you can easily modify permissions after you've completed this import process:



5. Press the Toggle ID Column Visibility and take note of the TemplateID



6. Download the Import-Keepass.zip file from the Click Studios web site, and extract the contents into the same folder as your exported KeePass .csv file.


7. Take note of your System Wide API key in Passwordstate, which can be found under Administration -> System Settings -> API Keys.  If you need to, you can generate a new one:



8. Open the extracted import-keepass.ps1 file in your favorite Powershell scripting tool, and modify the top 4 variables to reflect the correct information about your environment. You will need to enter your Passwordstate URL, the exact path your exported .csv file, your system wide API key, and your Template ID:



9. If you now run your Powershell script, you should notice a KeePass Import folder in Passwordstate, along with Multiple Password Lists which are named the same as all your groups and sub-groups from KeePass.  They will also contain all the relevant passwords:



10. If you like, you can create some Folders in Passwordstate and begin dragging and dropping your new Password Lists as appropriate.



If you have any questions about this, please contact Click Studios on support@clickstudios.com.au



Share this post

Link to post
Share on other sites



I made two PowerShell-Scripts to import your personal data into Passwordstate. One is for importing from KeePass and one for importing from Passwordsafe.

Because Clickstudios is a great company with an amazing product and support, I like to share my scripts with the community.

Terms: These scripts are free to use, it's not allowed to resell my scripts or making business with it! There's absolutely no warranty about what the scripts are doing, you use them on your own risk.


I made these scripts, because the script above from Clickstudios has two disadvantages:

  1. It doesn't import the folder structure (everything is in one folder after importing).
  2. First you need to export to KeePass 1.3.2 and than export it from KeePass 1.3.2 into a CSV-File


  • ID of a Template with URL-Field enabled (see manual from Clickstudios above)
  • Systemwide API Key (see manual from Clickstudios above)
  • ID of the folder in which you like to import to (for importing in Root, the ID is 0)


Using my PowerShell-Scripts


My scripts are built to import a users personal KeePass/Passwordsafe data, so you need to specify a Username (e.g. domain\username), which you like to give access to the imported datas.


If you first like to checkout, what whould happen if you would run the script, you can change "$global:PasswordstateWhatIf = $False" to "$global:PasswordstateWhatIf = $True".



Export your data from KeePass (tested with Version 2.35) as XML-File.

Start KeePassImporter.ps1 with PowerShell, enter requested datas and choose the XML-File.



Export your data from Passwordsafe (tested with Version 3.42.01) as "Plain Text (tab separated)". As Delimiter use the default-value "»"

Start PasswordsafeImporter.ps1 with PowerShell, enter requested datas and choose the Plain Text-File.


Best regards & good luck with these scripts,






Share this post

Link to post
Share on other sites

Just wanted to say thanks.  I've tested Fabian's script on the version 8 beta and it worked perfectly once I realised what user creds it was asking for.





Share this post

Link to post
Share on other sites

Hi Matt


Thanks for your feedback!

I just updated my post above with a little example for the username. (domain\username)


Hopefully I'll find some time next week to make a new version, which uses the new WinAPI. Then you will not need to specify an username if you like to use your own account.


Best regards,



Share this post

Link to post
Share on other sites

I had to convert from KeePassX on macOS (not KeePass) recently and unfortunately for various reasons none of the above worked for me.


As such, I wrote a ruby script to deal with the issue. It simply takes a KeePassX CSV export and creates a CSV import for a single Password List via the PasswordState WebUI (I was happy to sort passwords from there and delete the list).


Here's the code on github:



Share this post

Link to post
Share on other sites

As a follow up, is there a way to correctly invoke-webrequest using SSL.  I'm getting an error "Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel."


I think its because of an older version of TLS.  Is it possible to update the script with something like this?


[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Invoke-WebRequest


I would do it myself, but my PS skills are rubbish.

Share this post

Link to post
Share on other sites

Hi Matt,

Can you try adding the following line just below the variables at the top of the script, and let us know if it helps at all:


[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12



Click Studios

Share this post

Link to post
Share on other sites

Hi ,


I just started to build  a new portal to see if we can be useful for us and was fiddling with importing passwords from Keepass.

I checked multiple times and also used the powerShell scripts from Fabian, but the same error returns:

Invoke-Restmethod : [{"errors":[{"message":"Invalid API Call"},{"phrase":"Error = Object reference not set to an instance of an object.}]}]
At ..\import-keepass\KeePassImporter.ps1:52 char:23
+             $result = Invoke-Restmethod -Method POST -Uri $PasswordstateURLFull  ...

Share this post

Link to post
Share on other sites

Hi Fabian


Thank you for your very nice script!


One thing I didn't get to work was an entry that had no password, but has a private key in the notes.


Is there any way you could maybe get that to work? It seems to skip it because the password is empty


I can't copy/paste from that environment, but it fails at :258 char: 138



Also, could you see the script also uploading attachments?


I know that you're doing this on your own time, so I'm already very grateful for your script. This is very much appreciated, and any issues/comments I have are just ideas for improvements :)

Share this post

Link to post
Share on other sites

Hi Lukas,


I've updated the following script for you so that you can have blank password values - https://www.clickstudios.com.au/downloads/import-keepass.zip


You will need to modify the Password field on your Template, and uncheck the option which says this field is Mandatory - then it should work for you.


I must have missed it, but I can't see anything in the thread about uploading attachments - which I think you are referring to documents here. Are you having issues with this?


Click Studios

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now